[Samba] method to simulate domain logon from a node?

David Mathog mathog at caltech.edu
Thu Sep 4 15:31:04 GMT 2008

I recently ran into a situation where a Samba upgrade apparently broke
the machine records in the smbpasswd file, with the resulting symptom
that domain logons on those computers would fail about 95% of the time.
(A very strange symptom, how it worked sometimes is still a mystery to
me.)  Similarly, this would fail:

% smbclient -L saf01 -U 'saf/mathog%(password)'
session setup failed: NT_STATUS_LOGON_FAILURE

Conversely this worked (user domain logon, directly to the
domain master):

% smbclient -L safserver -U 'saf/mathog%(password)'

That told me that the user logon was ok, but there was some issue with
interaction between the two machines.   It is easy enough to pull the
SID off one of the workstations. Is there some command that is the
equivalent of the first command, but along the lines of:

% smbclient -L safserver -test_machine SID

To verify that the smbpasswd record is ok?  Since I knew of no such
command, I ended up futzing around with firewalls and such (which didn't
help) before removing the client from the domain, deleting and readding
the machine record, and adding the machine back to the domain, which
seems to have fixed the problem. 

On a related note:

Is there a .bat script or, better yet, remote method to induce a
Windows machine to  remove itself from a domain, reboot, add itself
back, and reboot?  I had to do that on 8 machines to get them all
working again, and it was a  major pain having to do this manually. 
Rebuilding the machine records in the smbpasswd file is always needed
after cloning, and I can see this as being a major amount of work for a
site with many, many clones machines.


David Mathog
mathog at caltech.edu
Manager, Sequence Analysis Facility, Biology Division, Caltech

More information about the samba mailing list