Chris Garrigues
2004-Apr-10 18:47 UTC
[Samba] Machine account found and not found in 3.0.2
Brad, I found your posting of 2/20/2004 with the subject line of "upgraded to 3.0.2 -> funkyness in machine accounts" while investigating a similar problem. I upgraded to 3.0.2 last week from 3.0.0. I have a system which I just added to the domain successfully. However, when I attempt to log a domain user onto that machine, I get this error: The system cannot log you on to this domain because the system's computer account in its primary domain is missing or the password on that account is incorrect. and on the server, i get the same log entries you did: [2004/04/10 13:24:22, 2] passdb/pdb_ldap.c:init_sam_from_ldap(462) init_sam_from_ldap: Entry found for user: carme$ [2004/04/10 13:24:22, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0 [2004/04/10 13:24:22, 0] rpc_server/srv_netlog_nt.c:get_md4pw(218) get_md4pw: Workstation CARME$: no account in domain Have you resolved the problem and if so, how? As with you, the machine account is in ldap: [root@Jupiter samba3]# pdbedit3 -v carme$ Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=TRINSICS))] smbldap_open_connection: connection opened Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=TRINSICS))] smbldap_open_connection: connection opened init_sam_from_ldap: Entry found for user: carme$ Unix username: carme$ NT username: carme$ Account Flags: [U ] User SID: S-1-5-21-904170827-898255731-2295272421-2040 Primary Group SID: S-1-5-21-904170827-898255731-2295272421-513 Full Name: Nancy computer Home Directory: \\jupiter\carme_ HomeDir Drive: U: Logon Script: login.bat Profile Path: \\jupiter\profiles\carme_ Domain: TRINSICS Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: Mon, 18 Jan 2038 21:14:07 GMT Kickoff time: Mon, 18 Jan 2038 21:14:07 GMT Password last set: 0 Password can change: 0 Password must change: Mon, 18 Jan 2038 21:14:07 GMT If Brad didn't solve this, I hope someone else has a clue for me. Chris -- Chris Garrigues http://www.DeepEddy.Com/~cwg/ Trinsic Solutions http://www.trinsics.com 1611-B West 6th Street Austin, TX 78703-5074 512-322-0180 If you don't apply what you've learned, you haven't learned anything. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 235 bytes Desc: not available Url : http://lists.samba.org/archive/samba/attachments/20040410/b6d7be16/attachment.bin
Chris Garrigues
2004-Apr-19 13:56 UTC
[Samba] Machine account found and not found in 3.0.2
For the record, the clue was in the Account flags. The account needs to be a machine account, not a user account. Oops. Chris> From: Chris Garrigues <cwg-dated-1082054818.5ed20a@deepeddy.com> > Date: Sat, 10 Apr 2004 13:46:56 -0500 > > Brad, > > I found your posting of 2/20/2004 with the subject line of > "upgraded to 3.0.2 -> funkyness in machine accounts" while investigating a > similar problem. > > I upgraded to 3.0.2 last week from 3.0.0. > > I have a system which I just added to the domain successfully. However, when I > attempt to log a domain user onto that machine, I get this error: > > The system cannot log you on to this domain because the system's computer > account in its primary domain is missing or the password on that account is > incorrect. > > and on the server, i get the same log entries you did: > > [2004/04/10 13:24:22, 2] passdb/pdb_ldap.c:init_sam_from_ldap(462) > init_sam_from_ldap: Entry found for user: carme$ > [2004/04/10 13:24:22, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0 > [2004/04/10 13:24:22, 0] rpc_server/srv_netlog_nt.c:get_md4pw(218) > get_md4pw: Workstation CARME$: no account in domain > > Have you resolved the problem and if so, how? > > As with you, the machine account is in ldap: > > [root@Jupiter samba3]# pdbedit3 -v carme$ > Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=TRINSICS))] > smbldap_open_connection: connection opened > Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=TRINSICS))] > smbldap_open_connection: connection opened > init_sam_from_ldap: Entry found for user: carme$ > Unix username: carme$ > NT username: carme$ > Account Flags: [U ] > User SID: S-1-5-21-904170827-898255731-2295272421-2040 > Primary Group SID: S-1-5-21-904170827-898255731-2295272421-513 > Full Name: Nancy computer > Home Directory: \\jupiter\carme_ > HomeDir Drive: U: > Logon Script: login.bat > Profile Path: \\jupiter\profiles\carme_ > Domain: TRINSICS > Account desc: > Workstations: > Munged dial: > Logon time: 0 > Logoff time: Mon, 18 Jan 2038 21:14:07 GMT > Kickoff time: Mon, 18 Jan 2038 21:14:07 GMT > Password last set: 0 > Password can change: 0 > Password must change: Mon, 18 Jan 2038 21:14:07 GMT > > If Brad didn't solve this, I hope someone else has a clue for me.-- Chris Garrigues http://www.DeepEddy.Com/~cwg/ Trinsic Solutions http://www.trinsics.com 1611-B West 6th Street Austin, TX 78703-5074 512-322-0180 If you don't apply what you've learned, you haven't learned anything. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 235 bytes Desc: not available Url : http://lists.samba.org/archive/samba/attachments/20040419/805da396/attachment.bin