After migrated or vampired PDC to Samba 3.0 on Redhat AS3.0, tried to logon to samba but got "The trust relationship between this workstation and the primary domain failed." I noticed all the transferred computer accounts were marked Disable however those accounts were shown active in `net rpc samdump`. I tried to enable it by using `pdbedit -c="[]" -u xxxx` but failed to modify. Could anyone suggest how I can fix this problem? Thanks TC cat smbd.log rpc_server/srv_netlog_nt.c:get_md4pw(218) get_md4pw: Workstation BID20$: no account in domain Sample of `pdbedit -Lw` BID20$:572:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:9BB1D91B689D1E3E105D116E044B5797 :[DW ]:LCT-4036453B: BID06$:549:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:1DF107C013DEFFC6DBD5F1E2E96F2DC1 :[DW ]:LCT-40634FAB: BID17$:569:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:CE2598FAA333ECA5EBB7C3DDB54BD3DD :[DW ]:LCT-3F0E813B: BID15$:563:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:8B4C80D353F7A34E6F14DBF1AE9B751E :[DW ]:LCT-4036832A: BID07$:540:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:7978F42123D810842CD6EF54A0C63068 :[DW ]:LCT-3F2CE337: BID05$:543:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:519C15D2EC512F8F9CB06329E2205D06 :[DW ]:LCT-40868F65: BID-VAIO$:573:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:3F8055442D95B798F6D749D673FE8 526:[DW ]:LCT-407BE3EB: BID11$:546:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:E47C85B839CB724AC6415A6FDE89A5DB :[DW ]:LCT-4046617A: BID03$:548:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:E24B392E515C16334FF6006FC7FEB9C9 :[DW ]:LCT-3F5C9E6B: BID01$:544:5B1BEC790498EEE3182F51880E653D01:19F42777D567CC3D134136497F911715 :[W ]:LCT-3E480CAD: BID16$:539:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:35A1872159EFAC6700BBB25B67837FA1 :[DW ]:LCT-3EB2219F: BID08$:545:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:3A1A4DB55594384632A9760D262F9D01 :[DW ]:LCT-4044EDFA: ........ Sample of `net rpc samdump -S ` BID16$:1055:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:35A1872159EFAC6700BBB25B67837FA 1:[W ]:LCT-0 BID07$:1059:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:7978F42123D810842CD6EF54A0C6306 8:[W ]:LCT-0 BID05$:1067:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:519C15D2EC512F8F9CB06329E2205D0 6:[W ]:LCT-0 BID01$:1069:5B1BEC790498EEE3182F51880E653D01:19F42777D567CC3D134136497F91171 5:[W ]:LCT-0 BID08$:1071:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:3A1A4DB55594384632A9760D262F9D0 1:[W ]:LCT-0 BID11$:1073:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:E47C85B839CB724AC6415A6FDE89A5D B:[W ]:LCT-0 BID03$:1079:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:E24B392E515C16334FF6006FC7FEB9C 9:[W ]:LCT-0 BID06$:1081:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:1DF107C013DEFFC6DBD5F1E2E96F2DC 1:[W ]:LCT-0 BID15$:1107:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:8B4C80D353F7A34E6F14DBF1AE9B751 E:[W ]:LCT-0 BID17$:1116:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:CE2598FAA333ECA5EBB7C3DDB54BD3D D:[W ]:LCT-0 BID20$:1120:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:9BB1D91B689D1E3E105D116E044B579 7:[W ]:LCT-0 BID-VAIO$:1122:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:3F8055442D95B798F6D749D673FE 8526:[W ]:LCT-0 ..................
Robert H.B. Netzer
2004-May-27 20:55 UTC
[Samba] NT Samba 3.0 Migration -- Machine Accout Disable
I had the same problem, and found that there was a bug fix between 3.0.2 and 3.0.2a that corrected this. All you need to do is to re-build pdbedit with the 3.0.2a fix for pdb_interface.c and you should be able to remove the disabled flag. If you are running Samba 3.0.2, here is the diff which you need for that file: [~/samba-3.0.2/source/passdb]$ diff -Nur pdb_interface.c* --- pdb_interface.c 2004-05-17 18:59:32.000000000 -0400 +++ pdb_interface.c~ 2004-02-06 17:40:31.000000000 -0500 @@ -244,7 +244,7 @@ been allowed by the ACB_PWNOTREQ bit */ lm_pw = pdb_get_lanman_passwd( sam_acct ); - nt_pw = pdb_get_nt_passwd( sam_acct ); + nt_pw = pdb_get_lanman_passwd( sam_acct ); acb_flags = pdb_get_acct_ctrl( sam_acct ); if ( !lm_pw && !nt_pw && !(acb_flags&ACB_PWNOTREQ) ) { acb_flags |= ACB_DISABLED; @@ -279,7 +279,7 @@ been allowed by the ACB_PWNOTREQ bit */ lm_pw = pdb_get_lanman_passwd( sam_acct ); - nt_pw = pdb_get_nt_passwd( sam_acct ); + nt_pw = pdb_get_lanman_passwd( sam_acct ); acb_flags = pdb_get_acct_ctrl( sam_acct ); if ( !lm_pw && !nt_pw && !(acb_flags&ACB_PWNOTREQ) ) { acb_flags |= ACB_DISABLED;>>>>>On Thu, 27 May 2004 16:07:55 -0400, "TC" <shimashi@hotmail.com> said:TC> After migrated or vampired PDC to Samba 3.0 on Redhat AS3.0, tried to logon TC> to samba but got "The trust relationship between this workstation and the TC> primary domain failed." TC> I noticed all the transferred computer accounts were marked Disable however TC> those accounts were shown active in `net rpc samdump`. I tried to enable it TC> by using `pdbedit -c="[]" -u xxxx` but failed to modify. Could anyone TC> suggest how I can fix this problem? TC> Thanks TC> TC