samba - Sep 2009 - Can't Join Domain "The User name cannot be found"

I have a small Samba installation, two servers and about 10 
workstations. The hard drive on one of the Windows XP workstations 
failed. I cloned a drive a from an identical machine and replaced the 
defective drive.  When it came up it had the name of the original 
machine (which was off). It worked fine.

This group is small and fairly stable so I add machines to the domain 
manually. The server uses tdbsam backend.
On the repaired machine I changed the name of the machine to NEW and set 
the Workgroup to WORKGROUP and rebooted.
I deleted the original machine account using smbpasswd -x restarted 
samba and recreated it using smbpasswd -a -m.
I tried to rejoin the Domain using the original name. I was prompted for 
a username and password, I entered root and the root smbpasswd..I got an 
error message "The user name could not be found"
I created an entirely new machine account and attempted to join the 
domain with the same result.
Using log level 3 I don't see any obvious errors in the logs nor do I 
see any evidence of any exchange.
I tried joining with the XP NETDOM.exe command (User not found) and the 
Samba NET DOM command unsuccessfully (Access Denied).

It appears that the trust account is not being created. I'm obviously 
missing something here.
-- 
Robert Steinmetz, AIA
Principal
Steinmetz & Associates

Robert Steinmetz wrote:
> I have a small Samba installation, two servers and about 10 
> workstations. The hard drive on one of the Windows XP workstations 
> failed. I cloned a drive a from an identical machine and replaced the 
> defective drive.  When it came up it had the name of the original 
> machine (which was off). It worked fine.
>
> This group is small and fairly stable so I add machines to the domain 
> manually. The server uses tdbsam backend.
> On the repaired machine I changed the name of the machine to NEW and 
> set the Workgroup to WORKGROUP and rebooted.
> I deleted the original machine account using smbpasswd -x restarted 
> samba and recreated it using smbpasswd -a -m.
>
You cannot just clone a Windows workstation. You will have to change the 
SID (Security ID) of the clone. Otherwise, you end up with two machines 
with the same SID on the network, which is asking for trouble.

You will have to use some utility to change the SID of the new machine. 
If you use Ghost to clone your computers, you will then use Ghost Walker 
to change the SID. Microsoft includes a utility to clone a machine and 
change the SIDs on the clones.

The "sysprep" utility included in the Windows XP installation CD,
under
\SUPPORT\TOOLS, also takes care of cloning and subsequent changing of 
the SID.

> On the repaired machine I changed the name of the machine to NEW and set
> the Workgroup to WORKGROUP and rebooted.
> I deleted the original machine account using smbpasswd -x restarted
> samba and recreated it using smbpasswd -a -m.
> I tried to rejoin the Domain using the original name. I was prompted for
> a username and password, I entered root and the root smbpasswd..I got an
> error message "The user name could not be found"
> I created an entirely new machine account and attempted to join the
> domain with the same result.
It sounds like the machine still thinks it's on the domain with its old
name, and because you deleted the old machine account that user name
(machine$) can no longer be found.

We use a much lower tech option when we clone Windows machines.  If we
remember we remove the machine from the domain *first*, so that it's
cloned not belonging to the domain.  Then we can rename any clones and
join them to the domain without any problems.  If we forget and the
clones are all joined to the domain with the same name, we have to
unplug their network connection (so we don't interfere with the original
PC's domain membership), leave the domain (then reboot), rename the PC
(then reboot), plug the network back in and add it to the domain again
(then reboot.)

It's a bit laborious but it works fine if you don't have any fancy tools
handy :-)

Cheers,
Adam.

> I disconnected the machine from the network (unplugged the cable). I
> changed the SID, removed the machine accounts from the Domain and
> from the client machine. Restarted tha Samba Daemons. I renamed the
> Client then shutdown the client. I reconnected the network cable and
> restarted the client machine.
Can you confirm that the client machine was actually taken off the
domain?  i.e. you had to specify a workgroup.
> I think have some kind of problem with authenticating the Domain
> Administrator account.I don't understand the error message; "The
User
> name cannot be found" According to Microsoft this means the account
> does not exist. But every tool I have says both the administrator
> account and the machine account is there.
> 
> If I put in a bogus user name or password I get an different error
> message "Unknown user name or bad password."
Given the different error with a bogus password I would guess that your
domain username is correct.  One thing with error messages is that they
may occur in a completely different context to what you're expecting, so
you need to be open about what it might mean by "user" (especially as
computers also have usernames in AD.)

However if the machine is definitely off the domain, it would seem that
this isn't the problem...

What happens if you create a machine account in the domain with the same
name as the client PC before you add it?

Cheers,
Adam.