red_create(90)
cred_create
[2004/07/13 11:58:41, 4] libsmb/credentials.c:cred_assert(121)
cred_assert
Fetching DOMAIN database
[2004/07/13 11:58:41, 4] libsmb/credentials.c:cred_create(90)
cred_create
Failed to fetch domain database: NT_STATUS_ACCESS_DENIED
[2004/07/13 11:58:41, 1] utils/net_rpc.c:run_rpc_command(141)
rpc command function failed! (NT_STATUS_ACCESS_DENIED)
[2004/07/13 11:58:41, 2] utils/net.c:main(792)
return code = 1
* Also, following the first call to net rpc vampire, the secrets.tdb file is
updated with the randomly generated SID for the local machine.
Relevant pieces from the smb.conf follow:
[global]
security = domain
workgroup = MAB
netbios name = MABSERVE3
preferred master = Yes
domain master = No
Any suggestions would be greatly appreciated! Thanks.
Nathaniel Grier
-Original Message-
From: Craig White [mailto:[EMAIL PROTECTED]
Sent: Tuesday, July 13, 2004 1:48 AM
To: Nathaniel Grier
Cc: [EMAIL PROTECTED]
Subject: Re: [Samba] Migrating from a WinNT 4 PDC to Samba 3 PDC Troubles
On Mon, 2004-07-12 at 21:35, Nathaniel Grier wrote:
> Hi,
>
> I've been in the process of attempting a transition from our current NT
4.0
> PDC to Samba 3.0.4 on linux (Debian running the 2.4.18 kernel). I can get
> the smbd/nmbd up and running just fine and configure them by hand or with
> SWAT and the changes are saved.
>
> I've been following the HOWTO's and get stuck at the net rpc vampire step:
> I am able to join the linux machine, call it SERVER2, successfully to the
> domain, DOM. However, when I call 'net rpc vampire -S SERVER1 -U
> Administrator%secret' I get the error that my current domain and that of
> the server are incompatible:
> Your current domain SERVER2 (SID:) does not match the server's domain
> DOM (SID:xxx).
>
> (Sorry, I'm paraphrasing the error output as I'm at home and don't have it
> in front of me, but it's quite straightforward and contains no more useful
> information than that.)
> So even though it says that I've join the domain DOM, it still thinks I'm
> in some domain with the name of the machine SERVER2. I've checked (as per
> the error message) that the smb.conf has the
> workgroup = DOM
> security = user
>
> Also, if I run pdbedit -Lv it reports that the current domain is SERVER2
> rather than DOM. Running net rpc setsid DOM simply adds the SID of the
> domain to secrets.tdb but doesn't switch its insistence of SERVER2 being
> the domain rather than DOM. A call to net rpc testjoin says things are AOK
> & that I'm in the domain DOM. Running net setlocalsid SERVER2 SID of DOM
> changes the SID of the SERVER2 domain to be the same as the of DOM, but
> just causes authentication errors when running net rpc vampire as it still
> thinks that the domains have different names.
>
> Any suggestions as to how to resolve this problem would be most
> appreciated. I'm guessing a way to simply reset the name of the domain it
> thinks its in would work, but having not worked much with 3.0, I'm not
> sure. (I've used 2.2, but it's been a while since I've set one up and not
> in as large a network environment.)
before running net rpc vampire command you need to set samba up as it
were like a BDC and join the domain.
BDC looks something like this...
security = domain
domain master = yes
preferred master = no
smbpasswd -j DOMAIN -r PDC_OF_DOMAIN -U Administrator%password
net setlocalsid SID
where SID is the SID of the existing NT4 domain but possibly the net rpc
vampire sucks that in (I don't remember)
Hope this helps
Craig
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
