Craig,
Following your response as well as your response to Eric, I've tried
changing a few things in my config as well as the order of the steps.
Unfortunately I'm still having problems. Clearing my .tdbs (w/o Samba
running) I've done:
* net rpc setsid -S MABSERVE1 -W MAB -UAdministrator%secret (and the SID
shows up in secrets.tdb).
* net rpc join -S MABSERVE1 -W MAB -UAdministrator%secret (and the machine
successfully adds to the domain; looking at secrets.tdb we have a number of
things including the domain SID and the Machine trust account hash)
*If I then run net rpc vampire -S MABSERVE1 -UAdministrator%secret -d 4 I
get the following (clipped following the parsing of the smb.conf) output:
[2004/07/13 11:56:30, 4] param/loadparm.c:lp_load(3917)
pm_process() returned Yes
[2004/07/13 11:56:30, 2] lib/interface.c:add_interface(79)
added interface ip=192.168.1.251 bcast=192.168.1.255 nmask=255.255.255.0
[2004/07/13 11:56:30, 3] libsmb/namequery.c:resolve_lmhosts(857)
resolve_lmhosts: Attempting lmhosts lookup for name MABSERVE1<0x20>
[2004/07/13 11:56:30, 4] libsmb/namequery.c:startlmhosts(547)
startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No
such file or directory
[2004/07/13 11:56:30, 3] libsmb/namequery.c:resolve_wins(755)
resolve_wins: Attempting wins lookup for name MABSERVE1<0x20>
[2004/07/13 11:56:30, 3] libsmb/namequery.c:resolve_wins(758)
resolve_wins: WINS server resolution selected and no WINS servers listed.
[2004/07/13 11:56:30, 3] libsmb/namequery.c:resolve_hosts(902)
resolve_hosts: Attempting host lookup for name MABSERVE1<0x20>
[2004/07/13 11:56:31, 3] libsmb/namequery.c:name_resolve_bcast(697)
name_resolve_bcast: Attempting broadcast lookup for name MABSERVE1<0x20>
[2004/07/13 11:56:31, 4] libsmb/nmblib.c:debug_nmb_packet(109)
nmb packet from 192.168.1.253(137) header: id=30028 opcode=Query(0)
response=Yes
header: flags: bcast=No rec_avail=No rec_des=Yes trunc=No auth=Yes
header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0
answers: nmb_name=MABSERVE1<20> rr_type=32 rr_class=1 ttl=300000
answers 0 char `..... hex 6000C0A801FD
[2004/07/13 11:56:31, 2] libsmb/namequery.c:name_query(491)
Got a positive name query response from 192.168.1.253 ( 192.168.1.253 )
[2004/07/13 11:56:31, 3] libsmb/cliconnect.c:cli_start_connection(1373)
Connecting to host=MABSERVE1
[2004/07/13 11:56:31, 3] lib/util_sock.c:open_socket_out(735)
Connecting to 192.168.1.253 at port 445
[2004/07/13 11:56:31, 2] lib/util_sock.c:open_socket_out(772)
error connecting to 192.168.1.253:445 (Connection refused)
[2004/07/13 11:56:31, 3] lib/util_sock.c:open_socket_out(735)
Connecting to 192.168.1.253 at port 139
[2004/07/13 11:56:31, 4] lib/time.c:get_serverzone(122)
Serverzone is 14400
Cannot import users from MAB at this time, as the current domain:
MABSERVE3: S-1-5-21-763135753-2099275703-424145120
conflicts with the remote domain
MAB: S-1-5-21-1430529950-745024717-1233803906
Perhaps you need to set:
security=user
workgroup=MAB
in your smb.conf?
[2004/07/13 11:56:31, 1] utils/net_rpc.c:run_rpc_command(141)
rpc command function failed! (NT_STATUS_UNSUCCESSFUL)
[2004/07/13 11:56:31, 2] utils/net.c:main(792)
return code = 1
* If I run net setlocalsid S-1-5-21-1430529950-745024717-1233803906 and then
* net rpc vampire -S MABSERVE1 -UAdministrator%secret -d 4 I get the
following output (again starting after processing of smb.conf; also I've x'd
out the challenge/response strings)
[2004/07/13 11:58:41, 4] param/loadparm.c:lp_load(3917)
pm_process() returned Yes
[2004/07/13 11:58:41, 2] lib/interface.c:add_interface(79)
added interface ip=192.168.1.251 bcast=192.168.1.255 nmask=255.255.255.0
[2004/07/13 11:58:41, 3] libsmb/cliconnect.c:cli_start_connection(1373)
Connecting to host=MABSERVE1
[2004/07/13 11:58:41, 3] lib/util_sock.c:open_socket_out(735)
Connecting to 192.168.1.253 at port 445
[2004/07/13 11:58:41, 2] lib/util_sock.c:open_socket_out(772)
error connecting to 192.168.1.253:445 (Connection refused)
[2004/07/13 11:58:41, 3] lib/util_sock.c:open_socket_out(735)
Connecting to 192.168.1.253 at port 139
[2004/07/13 11:58:41, 4] lib/time.c:get_serverzone(122)
Serverzone is 14400
[2004/07/13 11:58:41, 4]
passdb/secrets.c:secrets_fetch_trust_account_password(260)
Using cleartext machine password
[2004/07/13 11:58:41, 4] rpc_client/cli_netlogon.c:cli_net_req_chal(45)
cli_net_req_chal: LSA Request Challenge from MABSERVE3 to MABSERVE1:
XXXXXXXXXXXX
[2004/07/13 11:58:41, 4] libsmb/credentials.c:cred_session_key(59)
cred_session_key
[2004/07/13 11:58:41, 4] libsmb/credentials.c:cred_create(90)
cred_create
[2004/07/13 11:58:41, 4] rpc_client/cli_netlogon.c:cli_net_auth2(102)
cli_net_auth2: srv:\\MABSERVE1 acct:MABSERVE3$ sc:2 mc: MABSERVE3 chal
XXXXXXXXXXXX neg: XXXXXXXX
[2004/07/13 11:58:41, 4] libsmb/credentials.c:cred_create(90)
cred_create
[2004/07/13 11:58:41, 4] libsmb/credentials.c:cred_assert(121)
cred_assert
Fetching DOMAIN database
[2004/07/13 11:58:41, 4] libsmb/credentials.c:cred_create(90)
cred_create
Failed to fetch domain database: NT_STATUS_ACCESS_DENIED
[2004/07/13 11:58:41, 1] utils/net_rpc.c:run_rpc_command(141)
rpc command function failed! (NT_STATUS_ACCESS_DENIED)
[2004/07/13 11:58:41, 2] utils/net.c:main(792)
return code = 1
* Also, following the first call to net rpc vampire, the secrets.tdb file is
updated with the randomly generated SID for the local machine.
Relevant pieces from the smb.conf follow:
[global]
security = domain
workgroup = MAB
netbios name = MABSERVE3
preferred master = Yes
domain master = No
Any suggestions would be greatly appreciated! Thanks.
Nathaniel Grier
-----Original Message-----
From: Craig White [mailto:[EMAIL PROTECTED]
Sent: Tuesday, July 13, 2004 1:48 AM
To: Nathaniel Grier
Cc: [EMAIL PROTECTED]
Subject: Re: [Samba] Migrating from a WinNT 4 PDC to Samba 3 PDC Troubles
On Mon, 2004-07-12 at 21:35, Nathaniel Grier wrote:
> Hi,
>
> I've been in the process of attempting a transition from our current NT
4.0
> PDC to Samba 3.0.4 on linux (Debian running the 2.4.18 kernel). I can get
> the smbd/nmbd up and running just fine and configure them by hand or with
> SWAT and the changes are saved.
>
> I've been following the HOWTO's and get stuck at the net rpc vampire step:
> I am able to join the linux machine, call it SERVER2, successfully to the
> domain, DOM. However, when I call 'net rpc vampire -S SERVER1 -U
> Administrator%secret' I get the error that my current domain and that of
> the server are incompatible:
> Your current domain SERVER2 (SID:xxxx) does not match the server's domain
> DOM (SID:xxx).
>
> (Sorry, I'm paraphrasing the error output as I'm at home and don't have it
> in front of me, but it's quite straightforward and contains no more useful
> information than that.)
> So even though it says that I've join the domain DOM, it still thinks I'm
> in some domain with the name of the machine SERVER2. I've checked (as per
> the error message) that the smb.conf has the
> workgroup = DOM
> security = user
>
> Also, if I run pdbedit -Lv it reports that the current domain is SERVER2
> rather than DOM. Running net rpc setsid DOM simply adds the SID of the
> domain to secrets.tdb but doesn't switch its insistence of SERVER2 being
> the domain rather than DOM. A call to net rpc testjoin says things are AOK
> & that I'm in the domain DOM. Running net setlocalsid SERVER2 SID of DOM
> changes the SID of the SERVER2 domain to be the same as the of DOM, but
> just causes authentication errors when running net rpc vampire as it still
> thinks that the domains have different names.
>
> Any suggestions as to how to resolve this problem would be most
> appreciated. I'm guessing a way to simply reset the name of the domain it
> thinks its in would work, but having not worked much with 3.0, I'm not
> sure. (I've used 2.2, but it's been a while since I've set one up and not
> in as large a network environment.)
----
before running net rpc vampire command you need to set samba up as it
were like a BDC and join the domain.
BDC looks something like this...
security = domain
domain master = yes
preferred master = no
smbpasswd -j DOMAIN -r PDC_OF_DOMAIN -U Administrator%password
net setlocalsid SID
where SID is the SID of the existing NT4 domain but possibly the net rpc
vampire sucks that in (I don't remember)
Hope this helps
Craig
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
