samba - Apr 2004 - Machine account found and not found in 3.0.2

Brad,

I found your posting of 2/20/2004 with the subject line of 
"upgraded to 3.0.2 -> funkyness in machine accounts" while
investigating a
similar problem.

I upgraded to 3.0.2 last week from 3.0.0.

I have a system which I just added to the domain successfully.  However, when I 
attempt to log a domain user onto that machine, I get this error:

	The system cannot log you on to this domain because the system's computer 
	account in its primary domain is missing or the password on that account is 
	incorrect.

and on the server, i get the same log entries you did:

[2004/04/10 13:24:22, 2] passdb/pdb_ldap.c:init_sam_from_ldap(462)
  init_sam_from_ldap: Entry found for user: carme$
[2004/04/10 13:24:22, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
  pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0
[2004/04/10 13:24:22, 0] rpc_server/srv_netlog_nt.c:get_md4pw(218)
  get_md4pw: Workstation CARME$: no account in domain

Have you resolved the problem and if so, how?

As with you, the machine account is in ldap:

[root@Jupiter samba3]# pdbedit3 -v carme$
Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=TRINSICS))]
smbldap_open_connection: connection opened
Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=TRINSICS))]
smbldap_open_connection: connection opened
init_sam_from_ldap: Entry found for user: carme$
Unix username:        carme$
NT username:          carme$
Account Flags:        [U          ]
User SID:             S-1-5-21-904170827-898255731-2295272421-2040
Primary Group SID:    S-1-5-21-904170827-898255731-2295272421-513
Full Name:            Nancy computer
Home Directory:       \\jupiter\carme_
HomeDir Drive:        U:
Logon Script:         login.bat
Profile Path:         \\jupiter\profiles\carme_
Domain:               TRINSICS
Account desc:         
Workstations:         
Munged dial:          
Logon time:           0
Logoff time:          Mon, 18 Jan 2038 21:14:07 GMT
Kickoff time:         Mon, 18 Jan 2038 21:14:07 GMT
Password last set:    0
Password can change:  0
Password must change: Mon, 18 Jan 2038 21:14:07 GMT

If Brad didn't solve this, I hope someone else has a clue for me.

Chris

-- 
Chris Garrigues                 http://www.DeepEddy.Com/~cwg/
Trinsic Solutions		http://www.trinsics.com
1611-B West 6th Street
Austin, TX  78703-5074		512-322-0180

	    If you don't apply what you've learned, you haven't 
	       learned anything.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 235 bytes
Desc: not available
Url :
http://lists.samba.org/archive/samba/attachments/20040410/b6d7be16/attachment.bin

For the record, the clue was in the Account flags.  The account needs to be a 
machine account, not a user account.  Oops.

Chris

> From:  Chris Garrigues <cwg-dated-1082054818.5ed20a@deepeddy.com>
> Date:  Sat, 10 Apr 2004 13:46:56 -0500
>
> Brad,
> 
> I found your posting of 2/20/2004 with the subject line of 
> "upgraded to 3.0.2 -> funkyness in machine accounts" while
investigating a
> similar problem.
> 
> I upgraded to 3.0.2 last week from 3.0.0.
> 
> I have a system which I just added to the domain successfully.  However,
when I
> attempt to log a domain user onto that machine, I get this error:
> 
> 	The system cannot log you on to this domain because the system's
computer
> 	account in its primary domain is missing or the password on that account
is
> 	incorrect.
> 
> and on the server, i get the same log entries you did:
> 
> [2004/04/10 13:24:22, 2] passdb/pdb_ldap.c:init_sam_from_ldap(462)
>   init_sam_from_ldap: Entry found for user: carme$
> [2004/04/10 13:24:22, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
>   pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0
> [2004/04/10 13:24:22, 0] rpc_server/srv_netlog_nt.c:get_md4pw(218)
>   get_md4pw: Workstation CARME$: no account in domain
> 
> Have you resolved the problem and if so, how?
> 
> As with you, the machine account is in ldap:
> 
> [root@Jupiter samba3]# pdbedit3 -v carme$
> Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=TRINSICS))]
> smbldap_open_connection: connection opened
> Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=TRINSICS))]
> smbldap_open_connection: connection opened
> init_sam_from_ldap: Entry found for user: carme$
> Unix username:        carme$
> NT username:          carme$
> Account Flags:        [U          ]
> User SID:             S-1-5-21-904170827-898255731-2295272421-2040
> Primary Group SID:    S-1-5-21-904170827-898255731-2295272421-513
> Full Name:            Nancy computer
> Home Directory:       \\jupiter\carme_
> HomeDir Drive:        U:
> Logon Script:         login.bat
> Profile Path:         \\jupiter\profiles\carme_
> Domain:               TRINSICS
> Account desc:         
> Workstations:         
> Munged dial:          
> Logon time:           0
> Logoff time:          Mon, 18 Jan 2038 21:14:07 GMT
> Kickoff time:         Mon, 18 Jan 2038 21:14:07 GMT
> Password last set:    0
> Password can change:  0
> Password must change: Mon, 18 Jan 2038 21:14:07 GMT
> 
> If Brad didn't solve this, I hope someone else has a clue for me.

-- 
Chris Garrigues                 http://www.DeepEddy.Com/~cwg/
Trinsic Solutions		http://www.trinsics.com
1611-B West 6th Street
Austin, TX  78703-5074		512-322-0180

	    If you don't apply what you've learned, you haven't 
	       learned anything.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 235 bytes
Desc: not available
Url :
http://lists.samba.org/archive/samba/attachments/20040419/805da396/attachment.bin