NT Samba 3.0 Migration -- Machine Accout Disable

From: TC (shimashi_at_hotmail.com)
Date: 05/27/04 

Date: Thu, 27 May 2004 16:14:58 -0400

After migrated or vampired PDC to Samba 3.0 on Redhat AS3.0, tried to logon
to samba but got "The trust relationship between this workstation and the
primary domain failed."

I noticed all the transferred computer accounts were marked Disable however
those accounts were shown active in `net rpc samdump`. I tried to enable it
by using `pdbedit -c="[]" -u xxxx` but failed to modify. Could anyone
suggest how I can fix this problem?

Thanks

TC

cat smbd.log
rpc_server/srv_netlog_nt.c:get_md4pw(218)
  get_md4pw: Workstation BID20$: no account in domain

Sample of `pdbedit -Lw`
BID20$:572:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:9BB1D91B689D1E3E105D116E044B5797
:[DW ]:LCT-4036453B:
BID06$:549:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:1DF107C013DEFFC6DBD5F1E2E96F2DC1
:[DW ]:LCT-40634FAB:
BID17$:569:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:CE2598FAA333ECA5EBB7C3DDB54BD3DD
:[DW ]:LCT-3F0E813B:
BID15$:563:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:8B4C80D353F7A34E6F14DBF1AE9B751E
:[DW ]:LCT-4036832A:
BID07$:540:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:7978F42123D810842CD6EF54A0C63068
:[DW ]:LCT-3F2CE337:
BID05$:543:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:519C15D2EC512F8F9CB06329E2205D06
:[DW ]:LCT-40868F65:
BID-VAIO$:573:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:3F8055442D95B798F6D749D673FE8
526:[DW ]:LCT-407BE3EB:
BID11$:546:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:E47C85B839CB724AC6415A6FDE89A5DB
:[DW ]:LCT-4046617A:
BID03$:548:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:E24B392E515C16334FF6006FC7FEB9C9
:[DW ]:LCT-3F5C9E6B:
BID01$:544:5B1BEC790498EEE3182F51880E653D01:19F42777D567CC3D134136497F911715
:[W ]:LCT-3E480CAD:
BID16$:539:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:35A1872159EFAC6700BBB25B67837FA1
:[DW ]:LCT-3EB2219F:
BID08$:545:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:3A1A4DB55594384632A9760D262F9D01
:[DW ]:LCT-4044EDFA:
........

Sample of `net rpc samdump -S `
BID16$:1055:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:35A1872159EFAC6700BBB25B67837FA
1:[W ]:LCT-0
BID07$:1059:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:7978F42123D810842CD6EF54A0C6306
8:[W ]:LCT-0
BID05$:1067:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:519C15D2EC512F8F9CB06329E2205D0
6:[W ]:LCT-0
BID01$:1069:5B1BEC790498EEE3182F51880E653D01:19F42777D567CC3D134136497F91171
5:[W ]:LCT-0
BID08$:1071:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:3A1A4DB55594384632A9760D262F9D0
1:[W ]:LCT-0
BID11$:1073:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:E47C85B839CB724AC6415A6FDE89A5D
B:[W ]:LCT-0
BID03$:1079:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:E24B392E515C16334FF6006FC7FEB9C
9:[W ]:LCT-0
BID06$:1081:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:1DF107C013DEFFC6DBD5F1E2E96F2DC
1:[W ]:LCT-0
BID15$:1107:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:8B4C80D353F7A34E6F14DBF1AE9B751
E:[W ]:LCT-0
BID17$:1116:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:CE2598FAA333ECA5EBB7C3DDB54BD3D
D:[W ]:LCT-0
BID20$:1120:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:9BB1D91B689D1E3E105D116E044B579
7:[W ]:LCT-0
BID-VAIO$:1122:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:3F8055442D95B798F6D749D673FE
8526:[W ]:LCT-0
..................

Relevant Pages

  • Re: enabling certain services for only certain accounts
    ... are actions reserved to administrator accounts. ... It might be more simple to set their version of BlackIce ... > workstation with a Win98 workstation connected by a 10mb hub and a WAP. ... If that enables connection, I'd like to figure out how to ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Perl administration for Linux fileserver
    ... Old Mac use netatalk ... but Mac OS X can use samba, appletalk, even NFS. ... > create 'real' unix user accounts, or can I use something like the ...
    (Focus-Linux)
  • Re: File Filter for Samba Server
    ... I've run my samba server running on my FreeBSD box. ... The problem is some of my workstation is infected by virus. ... It is not clear if it will prevent the infected hosts from uploading the files, but it should prevent access to these files and hence the infection of other hosts. ...
    (freebsd-questions)
  • Re: Disappearing Workstations
    ... Do you mean that the workstation record no longer exists in AD at all? ... machine accounts are disabled in AD or not working for logon? ... Run nltest and netdom to verify and fix any trust problems with the computer accounts ...
    (microsoft.public.windows.server.general)
  • Re: Changing Local Admin passwords from server ASAP
    ... when I navigate to my workstation from the SBS manage computer mmc and view ... the local users, it's definitely my workstation's local accounts I'm seeing, ... admin rights without increasing their rights elsewhere on the network. ... While certain domain accounts may have ...
    (microsoft.public.windows.server.sbs)