Re: [Samba] Can not add a new NT Workstation to a new (vampired) samba domain
Stephen Vermeulen wrote: I am replacing an old NT4.0 Server with a debian 4.0R1 etch Linux server (samba 3.0.24). This was with a completely fresh install of debian. My smb.conf is pretty simple: [global] workgroup = BUTLER netbios name = STAR3 passdb backend = tdbsam domain master = No domain logons = Yes os level = 33 add user script = /usr/sbin/useradd -m '%u' delete user script = /usr/sbin/userdel -r '%u' add group script = /usr/sbin/groupadd '%g' delete group script = /usr/sbin/groupdel '%g' add user to group script = /usr/sbin/usermod -G '%g' '%u' add machine script = /usr/sbin/useradd -s /bin/false -d /dev/null '%u' # wins server = [IP of wins server] [files] comment = SAMBA File Server path = /home/files read only = No In addition I have the following smbusers file: star3:/etc/samba# cat smbusers root = Administrator testparm tells me this setup will give me a BDC. I first added the samba server (star3) to the old NT4 PDC using the server manager tool and then did a: net rpc join -S nova -UAdministrator%password This worked and I was able to access the machine from the PDC. I then did a vampire: net rpc vampire -S nova -W BUTLER -UAdministrator%password and this worked for most of the user accounts and machine accounts (there were some that had errors, but these were mostly for old users or machines that were long since gone), these errors look like: Creating account: chris [2007/12/08 21:03:36, 0] passdb/pdb_tdb.c:tdb_update_samacct_only(1258) Unable to modify passwd TDB! Error: Record does not exist occured while storing the main record (USER_chris) Creating account: ECLIPSE$ [2007/12/08 21:03:36, 0] passdb/pdb_tdb.c:tdb_update_samacct_only(1258) Unable to modify passwd TDB! Error: Record does not exist occured while storing the main record (USER_eclipse$) Creating account: GALAXY$ [2007/12/08 21:03:36, 0] passdb/pdb_tdb.c:tdb_update_samacct_only(1258) Unable to modify passwd TDB! Error: Record does not exist occured while storing the main record (USER_galaxy$) In the case of GALAXY$, this is a current machine and it did seem to function afterwards, though maybe its using stored credentials still? After the vampiring I shut down the NT4 PDC (nova) and did various login and file sharing tests and the main accounts (including Administrator) all seemed to work. The samba box was still functioning in BDC role. I then decided to try adding a new Windows XP Pro workstation to the domain (it had previously been a member, but I had removed it from the old domain to experiment with moving user profiles between domains). When I told it to join the domain it returned an error telling me that it could not find the domain. So I thought "maybe a BDC cannot join new machines to the domain". (The NT4 PDC was switched off at this time). So then I stopped samba and set: domain master = yes wins support = yes and restarted samba. Then when I tried to add the machine I got a Windows error dialog saying: The following error occurred while attempting to join the domain "Butler": The user name could not be found. I was using the "Administrator" user name, and I was able to log into the BUTLER domain on another Windows box as the Administrator and access the file share on the samba box and create new files in the folder owned by Administrator. I googled this for a bit last night and found quite a few references to this error, but nothing really conclusive. Any suggestions? Thanks Stephen. I believe I have this working now as I have been able to add new machines to my samba-based PDC in a couple of tests. I still need to do another pass through everything to make certain, but it appears that doing the following three commands on the Linux box as root was all that was needed: star4:/etc/samba# net rpc getsid -S nova -UAdministrator%password Storing SID S-1-5-21-1965320917-1955335400-7473742 for Domain BUTLER in secrets.tdb star4:/etc/samba# net setlocalsid S-1-5-21-1965320917-1955335400-7473742 star4:/etc/samba# smbpasswd Now if you review procedure 36.1 (in Chapter 36: Migration of NT4 PDC to Samba-3 PDC in the Official Samba 3.2.x HOWTO and Reference Guide) you'll see that it: 1. does not mention the need to set the "smbpasswd" 2. does not mention the need to copy the NT4 PDC SID into the BDC and to add to the confusion the "net rpc getsid" utility SAYS is is storing the domain's SID into the BDC's secrets.tdb, but when I did a "net getlocalsid" afterwards I found that the BDC's SID has NOT been changed and for this reason I needed to do the "net setlocalsid". Thinking about this I'm guessing that because the smbpasswd for root had not been set (as that was not in the migration guide steps) the "set rpc getsid" actually was not able to write to the secrets.tdb file and it should have written an error instead of the incorrect success message. Perhaps the "net r
Re: [Samba] Can not add a new NT Workstation to a new (vampired) samba domain
Stephen Vermeulen wrote: I am replacing an old NT4.0 Server with a debian 4.0R1 etch Linux server (samba 3.0.24). This was with a completely fresh install of debian. My smb.conf is pretty simple: [global] workgroup = BUTLER netbios name = STAR3 passdb backend = tdbsam domain master = No domain logons = Yes os level = 33 add user script = /usr/sbin/useradd -m '%u' delete user script = /usr/sbin/userdel -r '%u' add group script = /usr/sbin/groupadd '%g' delete group script = /usr/sbin/groupdel '%g' add user to group script = /usr/sbin/usermod -G '%g' '%u' add machine script = /usr/sbin/useradd -s /bin/false -d /dev/null '%u' # wins server = [IP of wins server] [files] comment = SAMBA File Server path = /home/files read only = No In addition I have the following smbusers file: star3:/etc/samba# cat smbusers root = Administrator testparm tells me this setup will give me a BDC. I first added the samba server (star3) to the old NT4 PDC using the server manager tool and then did a: net rpc join -S nova -UAdministrator%password This worked and I was able to access the machine from the PDC. I then did a vampire: net rpc vampire -S nova -W BUTLER -UAdministrator%password and this worked for most of the user accounts and machine accounts (there were some that had errors, but these were mostly for old users or machines that were long since gone), these errors look like: What would be the best way (apart from reinstalling Linux) to clean up the system between tests of this? Deleting all the *.tdb files? What about the unix accounts that the vampire produces? What about the unix groups it creates? Thanks, Stephen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Can not add a new NT Workstation to a new (vampired) samba domain
Stephen Vermeulen wrote: I am replacing an old NT4.0 Server with a debian 4.0R1 etch Linux server (samba 3.0.24). This was with a completely fresh install of debian. ... I then decided to try adding a new Windows XP Pro workstation to the domain (it had previously been a member, but I had removed it from the old domain to experiment with moving user profiles between domains). When I told it to join the domain it returned an error telling me that it could not find the domain. So I thought "maybe a BDC cannot join new machines to the domain". (The NT4 PDC was switched off at this time). So then I stopped samba and set: domain master = yes wins support = yes and restarted samba. Then when I tried to add the machine I got a Windows error dialog saying: The following error occurred while attempting to join the domain "Butler": The user name could not be found. I was using the "Administrator" user name, and I was able to log into the BUTLER domain on another Windows box as the Administrator and access the file share on the samba box and create new files in the folder owned by Administrator. Since the BDC SID was not the same as the PDC's SID I used the net command to fetch the SID from the PDC and write it to the BDC. Now a "net getlocalsid" reports the same SID. Shouldn't net vampire have made the BDC have the same SID as the PDC? After doing this the error changed to "Access is denied" I then redid the net vampire, but this did not change things. I have increased the log level to 2 and the following log file section is what happens when I try to add the new machine. Also, here is the current version of the smb.conf file: star4:/etc/samba# cat smb.conf [global] workgroup = BUTLER netbios name = STAR4 passdb backend = tdbsam domain master = Yes domain logons = Yes wins support = yes os level = 40 log level = 2 add user script = /usr/sbin/useradd -m '%u' delete user script = /usr/sbin/userdel -r '%u' add group script = /usr/sbin/groupadd '%g' delete group script = /usr/sbin/groupdel '%g' add user to group script = /usr/sbin/usermod -G '%g' '%u' add machine script = /usr/sbin/useradd -s /bin/false -d /dev/null '%u' # wins server = [IP of wins server] [files] comment = SAMBA File Server path = /home/files read only = No star4:/etc/samba# And the log.smbd file: [2007/12/10 14:45:44, 2] smbd/reply.c:reply_special(496) netbios connect: name1=STAR4 name2=TULLY [2007/12/10 14:45:44, 2] smbd/reply.c:reply_special(503) netbios connect: local=star4 remote=tully, name type = 0 [2007/12/10 14:45:44, 0] lib/util_sock.c:write_data(562) write_data: write failure in writing to client 192.168.128.103. Error Connection reset by peer [2007/12/10 14:45:44, 0] lib/util_sock.c:send_smb(769) Error writing 4 bytes to client. -1. (Connection reset by peer) [2007/12/10 14:45:44, 2] smbd/sesssetup.c:setup_new_vc_session(799) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2007/12/10 14:45:44, 2] smbd/sesssetup.c:setup_new_vc_session(799) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2007/12/10 14:45:44, 2] auth/auth.c:check_ntlm_password(309) check_ntlm_password: authentication for user [administrator] -> [administrator] -> [Administrator] succeeded [2007/12/10 14:45:44, 2] smbd/reply.c:reply_tcon_and_X(711) Serving IPC$ as a Dfs root [2007/12/10 14:45:45, 2] smbd/reply.c:reply_special(496) netbios connect: name1=STAR4 name2=TULLY [2007/12/10 14:45:45, 2] smbd/reply.c:reply_special(503) netbios connect: local=star4 remote=tully, name type = 0 [2007/12/10 14:45:45, 0] lib/util_sock.c:write_data(562) write_data: write failure in writing to client 192.168.128.103. Error Connection reset by peer [2007/12/10 14:45:45, 0] lib/util_sock.c:send_smb(769) Error writing 4 bytes to client. -1. (Connection reset by peer) [2007/12/10 14:45:45, 2] smbd/sesssetup.c:setup_new_vc_session(799) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2007/12/10 14:45:45, 2] smbd/sesssetup.c:setup_new_vc_session(799) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2007/12/10 14:45:45, 2] auth/auth.c:check_ntlm_password(309) check_ntlm_password: authentication for user [administrator] -> [administrator] -> [Administrator] succeeded [2007/12/10 14:45:45, 2] smbd/reply.c:reply_tcon_and_X(711) Serving IPC$ as a Dfs root [2007/12/10 14:45:45, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2797) Returning domain sid for domain BUTLER -> S-1-5-21-1965320917-1955335400-7473742 [2007/12/10 14:45:45, 0] passdb/pdb_tdb.c:tdbsam_open(818) tdbsam_open: Failed to open/create TDB passwd [/var/lib/samba/passdb.tdb] [2007/12/10 14:45:45, 0] passdb/pdb_tdb.c:tdb_update_sam(1335) tdbsam_getsampwnam: failed to open /var/l
Re: [Samba] Can not add a new NT Workstation to a new (vampired) samba domain
Stephen Vermeulen wrote: I am replacing an old NT4.0 Server with a debian 4.0R1 etch Linux server (samba 3.0.24). This was with a completely fresh install of debian. I first added the samba server (star3) to the old NT4 PDC using the server manager tool and then did a: net rpc join -S nova -UAdministrator%password This worked and I was able to access the machine from the PDC. I then did a vampire: net rpc vampire -S nova -W BUTLER -UAdministrator%password and this worked for most of the user accounts and machine accounts (there were some that had errors, but these were mostly for old users or machines that were long since gone), these errors look like: I checked the SIDs of the original NT4 PDC and the samba BDC (after net vampire had run) and they were different. Could this be causing problems? According to this microsoft article: http://www.microsoft.com/technet/sysinternals/Utilities/NewSid.mspx "... a BDC's relationship to a Domain is identified by it having the same computer SID as the other Domain Controllers (DCs)." Stephen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Can not add a new NT Workstation to a new (vampired) samba domain
On Mon, 2007-12-10 at 07:17 -0700, Stephen Vermeulen wrote: > I was using the "Administrator" user name, and I was able to log into > the BUTLER domain on another Windows box as the Administrator and > access the file share on the samba box and create new files in the > folder > owned by Administrator. > > I googled this for a bit last night and found quite a few references > to this > error, but nothing really conclusive. > > Any suggestions? Raise your log level and make sure your machine add script is indeed working properly (also make sure you do not have nscd running, or make it so that add * script scrripts you have properly tell nscd to refresh their status as nscd do negative caching too). Simo. -- Simo Sorce Samba Team GPL Compliance Officer <[EMAIL PROTECTED]> Senior Software Engineer at Red Hat Inc. <[EMAIL PROTECTED]> -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Can not add a new NT Workstation to a new (vampired) samba domain
I am replacing an old NT4.0 Server with a debian 4.0R1 etch Linux server (samba 3.0.24). This was with a completely fresh install of debian. My smb.conf is pretty simple: [global] workgroup = BUTLER netbios name = STAR3 passdb backend = tdbsam domain master = No domain logons = Yes os level = 33 add user script = /usr/sbin/useradd -m '%u' delete user script = /usr/sbin/userdel -r '%u' add group script = /usr/sbin/groupadd '%g' delete group script = /usr/sbin/groupdel '%g' add user to group script = /usr/sbin/usermod -G '%g' '%u' add machine script = /usr/sbin/useradd -s /bin/false -d /dev/null '%u' # wins server = [IP of wins server] [files] comment = SAMBA File Server path = /home/files read only = No In addition I have the following smbusers file: star3:/etc/samba# cat smbusers root = Administrator testparm tells me this setup will give me a BDC. I first added the samba server (star3) to the old NT4 PDC using the server manager tool and then did a: net rpc join -S nova -UAdministrator%password This worked and I was able to access the machine from the PDC. I then did a vampire: net rpc vampire -S nova -W BUTLER -UAdministrator%password and this worked for most of the user accounts and machine accounts (there were some that had errors, but these were mostly for old users or machines that were long since gone), these errors look like: Creating account: chris [2007/12/08 21:03:36, 0] passdb/pdb_tdb.c:tdb_update_samacct_only(1258) Unable to modify passwd TDB! Error: Record does not exist occured while storing the main record (USER_chris) Creating account: ECLIPSE$ [2007/12/08 21:03:36, 0] passdb/pdb_tdb.c:tdb_update_samacct_only(1258) Unable to modify passwd TDB! Error: Record does not exist occured while storing the main record (USER_eclipse$) Creating account: GALAXY$ [2007/12/08 21:03:36, 0] passdb/pdb_tdb.c:tdb_update_samacct_only(1258) Unable to modify passwd TDB! Error: Record does not exist occured while storing the main record (USER_galaxy$) In the case of GALAXY$, this is a current machine and it did seem to function afterwards, though maybe its using stored credentials still? After the vampiring I shut down the NT4 PDC (nova) and did various login and file sharing tests and the main accounts (including Administrator) all seemed to work. The samba box was still functioning in BDC role. I then decided to try adding a new Windows XP Pro workstation to the domain (it had previously been a member, but I had removed it from the old domain to experiment with moving user profiles between domains). When I told it to join the domain it returned an error telling me that it could not find the domain. So I thought "maybe a BDC cannot join new machines to the domain". (The NT4 PDC was switched off at this time). So then I stopped samba and set: domain master = yes wins support = yes and restarted samba. Then when I tried to add the machine I got a Windows error dialog saying: The following error occurred while attempting to join the domain "Butler": The user name could not be found. I was using the "Administrator" user name, and I was able to log into the BUTLER domain on another Windows box as the Administrator and access the file share on the samba box and create new files in the folder owned by Administrator. I googled this for a bit last night and found quite a few references to this error, but nothing really conclusive. Any suggestions? Thanks Stephen. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
