samba - May 2004 - NT Samba 3.0 Migration -- Machine Accout Disable

After migrated or vampired PDC to Samba 3.0 on Redhat AS3.0, tried to logon
to samba but got "The trust relationship between this workstation and the
primary domain failed."



I noticed all the transferred computer accounts were marked Disable however
those accounts were shown active in `net rpc samdump`.  I tried to enable it
by using `pdbedit -c="[]" -u xxxx` but failed to modify.  Could anyone
suggest how I can fix this problem?



Thanks

TC



cat smbd.log
rpc_server/srv_netlog_nt.c:get_md4pw(218)
  get_md4pw: Workstation BID20$: no account in domain


Sample of   `pdbedit -Lw`
BID20$:572:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:9BB1D91B689D1E3E105D116E044B5797
:[DW         ]:LCT-4036453B:
BID06$:549:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:1DF107C013DEFFC6DBD5F1E2E96F2DC1
:[DW         ]:LCT-40634FAB:
BID17$:569:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:CE2598FAA333ECA5EBB7C3DDB54BD3DD
:[DW         ]:LCT-3F0E813B:
BID15$:563:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:8B4C80D353F7A34E6F14DBF1AE9B751E
:[DW         ]:LCT-4036832A:
BID07$:540:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:7978F42123D810842CD6EF54A0C63068
:[DW         ]:LCT-3F2CE337:
BID05$:543:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:519C15D2EC512F8F9CB06329E2205D06
:[DW         ]:LCT-40868F65:
BID-VAIO$:573:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:3F8055442D95B798F6D749D673FE8
526:[DW         ]:LCT-407BE3EB:
BID11$:546:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:E47C85B839CB724AC6415A6FDE89A5DB
:[DW         ]:LCT-4046617A:
BID03$:548:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:E24B392E515C16334FF6006FC7FEB9C9
:[DW         ]:LCT-3F5C9E6B:
BID01$:544:5B1BEC790498EEE3182F51880E653D01:19F42777D567CC3D134136497F911715
:[W          ]:LCT-3E480CAD:
BID16$:539:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:35A1872159EFAC6700BBB25B67837FA1
:[DW         ]:LCT-3EB2219F:
BID08$:545:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:3A1A4DB55594384632A9760D262F9D01
:[DW         ]:LCT-4044EDFA:
........

Sample of  `net rpc samdump -S `
BID16$:1055:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:35A1872159EFAC6700BBB25B67837FA
1:[W          ]:LCT-0
BID07$:1059:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:7978F42123D810842CD6EF54A0C6306
8:[W          ]:LCT-0
BID05$:1067:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:519C15D2EC512F8F9CB06329E2205D0
6:[W          ]:LCT-0
BID01$:1069:5B1BEC790498EEE3182F51880E653D01:19F42777D567CC3D134136497F91171
5:[W          ]:LCT-0
BID08$:1071:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:3A1A4DB55594384632A9760D262F9D0
1:[W          ]:LCT-0
BID11$:1073:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:E47C85B839CB724AC6415A6FDE89A5D
B:[W          ]:LCT-0
BID03$:1079:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:E24B392E515C16334FF6006FC7FEB9C
9:[W          ]:LCT-0
BID06$:1081:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:1DF107C013DEFFC6DBD5F1E2E96F2DC
1:[W          ]:LCT-0
BID15$:1107:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:8B4C80D353F7A34E6F14DBF1AE9B751
E:[W          ]:LCT-0
BID17$:1116:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:CE2598FAA333ECA5EBB7C3DDB54BD3D
D:[W          ]:LCT-0
BID20$:1120:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:9BB1D91B689D1E3E105D116E044B579
7:[W          ]:LCT-0
BID-VAIO$:1122:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:3F8055442D95B798F6D749D673FE
8526:[W          ]:LCT-0
..................

I had the same problem, and found that there was a bug fix between
3.0.2 and 3.0.2a that corrected this.  All you need to do is to re-build
pdbedit with the 3.0.2a fix for pdb_interface.c and you should be able
to remove the disabled flag.  If you are running Samba
3.0.2, here is the diff which you need for that file:

[~/samba-3.0.2/source/passdb]$ diff -Nur pdb_interface.c*
--- pdb_interface.c     2004-05-17 18:59:32.000000000 -0400
+++ pdb_interface.c~    2004-02-06 17:40:31.000000000 -0500
@@ -244,7 +244,7 @@
           been allowed by the  ACB_PWNOTREQ bit */
 
        lm_pw = pdb_get_lanman_passwd( sam_acct );
-       nt_pw = pdb_get_nt_passwd( sam_acct );
+       nt_pw = pdb_get_lanman_passwd( sam_acct );
        acb_flags = pdb_get_acct_ctrl( sam_acct );
        if ( !lm_pw && !nt_pw && !(acb_flags&ACB_PWNOTREQ) )
{
                acb_flags |= ACB_DISABLED;
@@ -279,7 +279,7 @@
           been allowed by the  ACB_PWNOTREQ bit */
 
        lm_pw = pdb_get_lanman_passwd( sam_acct );
-       nt_pw = pdb_get_nt_passwd( sam_acct );
+       nt_pw = pdb_get_lanman_passwd( sam_acct );
        acb_flags = pdb_get_acct_ctrl( sam_acct );
        if ( !lm_pw && !nt_pw && !(acb_flags&ACB_PWNOTREQ) )
{
                acb_flags |= ACB_DISABLED;
>>>>>On Thu, 27 May 2004 16:07:55 -0400, "TC"
<shimashi@hotmail.com> said:
  TC> After migrated or vampired PDC to Samba 3.0 on Redhat AS3.0, tried to
logon
  TC> to samba but got "The trust relationship between this workstation
and the
  TC> primary domain failed."

  TC> I noticed all the transferred computer accounts were marked Disable
however
  TC> those accounts were shown active in `net rpc samdump`.  I tried to
enable it
  TC> by using `pdbedit -c="[]" -u xxxx` but failed to modify. 
Could anyone
  TC> suggest how I can fix this problem?

  TC> Thanks

  TC> TC