I recently ran into a situation where a Samba upgrade apparently broke the machine records in the smbpasswd file, with the resulting symptom that domain logons on those computers would fail about 95% of the time. (A very strange symptom, how it worked sometimes is still a mystery to me.) Similarly, this would fail: % smbclient -L saf01 -U 'saf/mathog%(password)' session setup failed: NT_STATUS_LOGON_FAILURE Conversely this worked (user domain logon, directly to the domain master): % smbclient -L safserver -U 'saf/mathog%(password)' That told me that the user logon was ok, but there was some issue with interaction between the two machines. It is easy enough to pull the SID off one of the workstations. Is there some command that is the equivalent of the first command, but along the lines of: % smbclient -L safserver -test_machine SID To verify that the smbpasswd record is ok? Since I knew of no such command, I ended up futzing around with firewalls and such (which didn't help) before removing the client from the domain, deleting and readding the machine record, and adding the machine back to the domain, which seems to have fixed the problem. On a related note: Is there a .bat script or, better yet, remote method to induce a Windows machine to remove itself from a domain, reboot, add itself back, and reboot? I had to do that on 8 machines to get them all working again, and it was a major pain having to do this manually. Rebuilding the machine records in the smbpasswd file is always needed after cloning, and I can see this as being a major amount of work for a site with many, many clones machines. Thanks, David Mathog mathog@caltech.edu Manager, Sequence Analysis Facility, Biology Division, Caltech
Volker Lendecke
2008-Sep-04 15:52 UTC
[Samba] method to simulate domain logon from a node?
On Thu, Sep 04, 2008 at 08:31:04AM -0700, David Mathog wrote:> Is there a .bat script or, better yet, remote method to induce a > Windows machine to remove itself from a domain, reboot, add itself > back, and reboot? I had to do that on 8 machines to get them all > working again, and it was a major pain having to do this manually. > Rebuilding the machine records in the smbpasswd file is always needed > after cloning, and I can see this as being a major amount of work for a > site with many, many clones machines.Thanks to G?nther Deschner, Samba 3.2 contains bin/net dom join usage: net dom join <domain=DOMAIN> <ou=OU> <account=ACCOUNT> <password=PASSWORD> <reboot> Join a remote machine usage: net dom unjoin <account=ACCOUNT> <password=PASSWORD> <reboot> Unjoin a remote machine Volker -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.samba.org/archive/samba/attachments/20080904/cf8342a4/attachment.bin
Apparently Analagous Threads
- upgrade broke XP workstation logins, variably
- fixed delay logging onto Samba3.3 from Vista Business
- enable client to join domain with no or any password?
- upgraded 3.0.28a-2 to 3.4.7-0.2, profile desktop configuration no longer saved
- NT 4 sp3 audit + samba = total mess