samba - May 2002 - Cannot find Primary Domain - Please help, rather urgent

Hello,

I'm getting a persistent error at login (effectively locking me out) on
two Win2k machines that were once assigned to a domain on my windows
network (win2k server was once the PDC, just changed to Samba)

	Cannot log you into the primary because the system's computer account
is missing or the password was incorrect.

The old domain was:
yrbmag.yellowrat.com

and I'd like every just to be in workgroup YRBMAG

My configure file follows. What am I doing wrong? Is there a way to fake
the domain so I can login and switch to the workgroup? Luckily enough,
the previous admin here at the shop forgot the admin passwords for both
machines, rendering my job even harder. Super!



smb.conf:


# This is the main Samba configuration file. You should read the
# smb.conf(5) manual page in order to understand the options listed
# here. Samba has a huge number of configurable options (perhaps too
# many!) most of which are not shown in this example
#
# Any line which starts with a ; (semi-colon) or a # (hash) 
# is a comment and is ignored. In this example we will use a #
# for commentry and a ; for parts of the config file that you
# may wish to enable
#
# NOTE: Whenever you modify this file you should run the command
"testparm"
# to check that you have not made any basic syntactic errors. 
#
#======================= Global Settings
====================================[global]
	smb passwd file = /etc/samba/smbpasswd
	path = /home
	domain master = yes
	printing = cups
	dns proxy = no 
	null passwords = yes
	encrypt passwords = yes
	socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
	printcap name = lpstat
	wins support = true
	max log size = 50
	debug level = 3
	security = user
	domain logons = yes
	workgroup = YRBMAG
	server string = IBM900 Deux
	comment = Home Dirs
	log file = /var/log/samba/log.%m
	netbios name = IBM900
	load printers = yes
	netbios aliases = yrbmag.yellowrat.com YRBMAG
	default = netlogon

[netlogon]
	comment = Network Login Service
	path = /home/netlogon
	guest ok = yes
	writable = no
	share modes = no
[homes]
	path = /home
	writable = yes
	browseable = no
	comment = Home Directories

[Druk]
	path = /var/spool/samba
	printer = Druk
	comment = GCC Elite BW
	printable = yes


[Shared Files]
	path = /home/share
	comment = YRB Shared Files

John Biggs wrote:
> 
> Hello,
> 
> I'm getting a persistent error at login (effectively locking me out) on
> two Win2k machines that were once assigned to a domain on my windows
> network (win2k server was once the PDC, just changed to Samba)
> 
>         Cannot log you into the primary because the system's computer
account
> is missing or the password was incorrect.
> 
> The old domain was:
> yrbmag.yellowrat.com
> 
> and I'd like every just to be in workgroup YRBMAG
> 
> My configure file follows. What am I doing wrong? Is there a way to fake
> the domain so I can login and switch to the workgroup? Luckily enough,
> the previous admin here at the shop forgot the admin passwords for both
> machines, rendering my job even harder. Super!
You cannot just 'swap' and NT domain for a Samba domain.  Currently,
this is only theoreticly possilble with Samba 3.0, and ONLY IF you copy
the domain SID, all the users and their passwords across into LDAP,
including their RIDs.  Groups would also need to be correctly mapped.

This is becouse the machine is attempting to find a domain controller
with both the correct SID, and that knows the same machine account
password.  This only really occurs in a PDC->BDC setup (which is what
Samba would be, a promoted BDC).

The next best option is to add a new domain, and join the machines to
that domain.  This is not an easy option in your case, having lost the
local admin passwords.

Your only options are to either restore the Win2k PDC, or break into the
clients.  

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet@pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet@samba.org
Student Network Administrator, Hawker College   abartlet@hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net