[Samba] Domain logins not working

Gary Dale garydale at rogers.com
Mon Jan 5 05:26:32 GMT 2009

Adam Tauno Williams wrote:
>> ile sharing is working well after I remapped the drives on a running
>> XP/Pro workstation. However, I can't get logins to work. I've set up
>> machine accounts for each XP/Pro workstation and used SWAT to create the
>> new Samba accounts and enable them (with the same password as before)
>> but XP/Pro refuses to allow the logins. I also tried mapping a share on
>> the old server to a directory on the new and I get the same problem -
>> it's having problems finding a DC.
>> Here's my smb.conf (minus most of the shares), if that helps (ps, I will
>> set the log level higher as part of my debugging so don't suggest I do
>> that. However, any suggestions on what may be going wrong are welcome.
>> :)  ):
> Do you have a box handling WINS?  Also make sure the SID of your net
> domain controller is the same as the SID of your old domain controller
> (net getlocalsid/setlocalsid, I think)?

Thanks. I've been through all that. I've been using the SWAT wizard to
tell the new box to be a WINS server after telling the old box to stop
being a WINS server. Also, copied the SID between the two machine
manually after simply setting the new machine up as a (non-master)
domain controller in the old domain failed to work - I had tried the net
rpc vampire route without luck.

I'm not quite sure what's going on but it now seems to have something to
do with the machine accounts.

I've stripped out samba (not easy - Debian seems to keep most of it
around for some reason - even after deleting the .tdb files they can
come back intact) and reinstalled it so that pdbedit -L shows nothing.
However, I can't seem to add machine accounts with either smbpasswd or
pdbedit. I get the messages:
    tdb_update_sam: struct samu (hyperzip$) with no RID!
    Unable to add machine! (does it already exist?)
Interestingly, I can't add machines on either my old or new server
anymore - although I had that ability a couple of days ago - at least on
the new one. However, earlier today I did bring my old server back up as
a PDC and could log in from XP. This was as part of the net rpc vampire
bit. Testing on my old server shows that pdbedit -L should be showing
the machine accounts.

I can do an smbclient -L whenim64 -U% and also an authenticated one
(without the -U%) from my Linux workstation (which doesn't use the
server for account management) but can't map any shares from one of my
XP workstations (I have a couple shares on it to make work transfer
easier - it has more free disk space than my server). Also, I can't log
in to any XP/Pro workstation using a domain account. This latter problem
may (now) be because of the lack of machine accounts.

This is quite frustrating. I've never had this much trouble setting
samba up before. Anyway, my current status is that my new server isn't
allowing network logins or the creation of machine accounts. The old
server has samba shut down but I keep it turned on so I can compare
things on it.

More information about the samba mailing list