Solved

re-adding NT workstation samba domain

Posted on 2004-03-26
31
213 Views
Last Modified: 2010-03-18
We just upgraded a mandrake server and included was samba 3.  All of the windows workstations had to be re-added to the domain.  All were successful (XP & W2k) except a NT 4.0 box,  which was successfully removed from the domain, but when I try to add it back, I get the error; You already have a connection to the domain.  You must disconnect before rejoining the domain.  Looking at the Network Identification, it is listed as workgroup named workgroup.  How do get this machine back onto the domain?

Thanks,

Jeff
0
Comment
Question by:El_Jeffe
  • 16
  • 7
  • 6
  • +1
31 Comments
 
LVL 9

Expert Comment

by:Alf666
ID: 10687424
Check your smbpasswd for this workstation. Delete it if it's there.

Most probably, you have net connections to this domain.
Get a DOS prompt.

type :

net use

and see if you have "mounted" resources on your samba. If yes, then disconnect them (net use /delete).
0
 

Author Comment

by:El_Jeffe
ID: 10687562
I did have a share connected to the server.  I deleted that, and get the error; This computer name is already configured as a domain controller on the domain.
From where do I delete the smbpasswd?
0
 
LVL 9

Expert Comment

by:Alf666
ID: 10687817
You have to delete the share permanently, and then reboot so that no resource from the server is used anymore (like IPCs).

You could also force a new workgroup before rebooting. Change it to whatever you wish.

smbpasswd is a file that contains your workstations "passwords" and also users if they are authenticated locally. It's location depends on your distrib.

Try a "locate smbpasswd" (be carefull, it might find the binary file used to work on this one).
0
 

Author Comment

by:El_Jeffe
ID: 10688036
The reason we had to re-add the machines are that the security identifier for he domain got changed.  We had ro re-add to create new ones.  THe smbpasswds are now located in LDAP.  That smbpasswd file on the server no longer exists.  We removed the machine account from LDAP and tried adding the w/s to the domain.  That didn't work.  The error in essence was that it couldn't find the machine account.  

Could the NT box have the old securtity identifier cached some where locally?
0
 
LVL 9

Expert Comment

by:Alf666
ID: 10688279
You should try what I suggested :

You have to delete the share permanently, and then reboot so that no resource from the server is used anymore (like IPCs).

You could also force a new workgroup before rebooting. Change it to whatever you wish.

Hopefully, it should cleanup all references to the domain on the client.
0
 

Author Comment

by:El_Jeffe
ID: 10688341
I did all of the things you mention in your last comments before contacting Experts Exchange.  See my first entry.  There were no shares or IPC's linked to the server in any way.  When I run the command net use, I get back; there are no entries in the list.  
0
 
LVL 9

Expert Comment

by:Alf666
ID: 10688478
Did you try changing the computer name ? (in the Network Identification).
0
 

Author Comment

by:El_Jeffe
ID: 10688588
Renamed the workstation, didn't work, same error.  Checked to be sure there were no shares before attempting adding to domain.  Any more ideas?
0
 
LVL 9

Expert Comment

by:Alf666
ID: 10689183
I just don't get it. There must be something left over.

Can I suggest the following steps (that you have already done, but I've had so many problems like this one before that a full cleanup may be necessary) :

1) net use \* /d
(this will delete permanently even non visible connections like IPCs).

2) Set manually another workgroup
(this will manually reset everything related to domains)

3) Reboot

4) Try to rejoin.

Apart from that, I have no more idea, but that covers what I have done in the past.
0
 

Author Comment

by:El_Jeffe
ID: 10689923
I have done this several times, to no avail.  

Could there be old settings, SID's in the registry, or elsewhere cached?
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 10690009
please post the line containing your workstation name from smbpasswd
0
 

Author Comment

by:El_Jeffe
ID: 10690221
The command used to extract this info is "pdbedit -v ntbox$"  This in from the Linux mandrake 9.2 server running samba 3.0.0-2mdk.

Unix username:        ntbox$
NT username:          ntbox$
Account Flags:        [           ]
User SID:             S-1-5-21-3970570929-2603547963-1902127304-2152
Primary Group SID:    S-1-5-21-3970570929-2603547963-1902127304-513
Full Name:            nt computer
Home Directory:       \\border\ntbox_
HomeDir Drive:        U:
Logon Script:         login.bat
Profile Path:         \\border\profiles\ntbox_
Domain:               BORDERENT
Account desc:
Workstations:
Munged dial:
Logon time:           0
Logoff time:          Mon, 18 Jan 2038 21:14:07 GMT
Kickoff time:         Mon, 18 Jan 2038 21:14:07 GMT
Password last set:    0
Password can change:  0
Password must change: Mon, 18 Jan 2038 21:14:07 GMT

As stated earlier, we are not using smbpasswd, we are using LDAP to store the user info.
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 10690280
as others said before, you need to delete this account
if all fails, you can use ldapdelete to do it manually
0
 

Author Comment

by:El_Jeffe
ID: 10690423
I have:
removed it from the domain & reboot
run the command net use * /delete
unsucessfully try to add to domain
renamed the computer & reboot - wouldn't add to domain
changed workgroup to another name & reboot - wouldn't add to domain
deleted the account from the server - wouldn't add to domain

see comment above :

Comment from El_Jeffe
Date: 03/26/2004 07:41AM PST
0
 
LVL 9

Expert Comment

by:Alf666
ID: 10690807
I'm sorry, but I can not be of much more help :-(
I've tried and crawled the web, but to no avail.

Good luck.
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 

Author Comment

by:El_Jeffe
ID: 10691589
Well, is anyone going to help, or am I going to have to look elsewhere?
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 10695438
according your infinite reboots, I assume you did it on the NT box
But the problem seems to be on the PDC (Samba), so please remove the acount there (see my previous comment)
0
 

Author Comment

by:El_Jeffe
ID: 10706645
PLease read thru the list of thing I've done before offering a solution I've already done, see entry above entered on Date: 03/26/2004 11:44AM PST
0
 

Author Comment

by:El_Jeffe
ID: 10715138
To recap: We just upgraded a mandrake server 9.2 and included was samba 3.0.0-2mdk.  All of the windows workstations had to be re-added to the domain.  All were successful (XP & W2k) except a NT 4.0 box,  which was successfully removed from the domain, but when I try to add it back, I get the error;
This computer name is already configured as a domain controller on the domain.  Looking at the Network Identification, it is listed as workgroup named workgroup.  I am almost positive that this box was not configured as a domain controller at time of install.

This is what I have done so far:
Changed the computer name several times
Deleted the computer account on the server
Made sure there are no connections to the server(run the command net use * /delete)
Changed the workgroup name several times

Each change forced a reboot and was unsuccessful in adding this machine to the domain.
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 10721030
> This computer name is already configured as a domain controller on the domain .. workgroup named workgroup
And your sorted list of
  domain names + workgroup names + host names+  group names + user names
is unique? no duplicates?
0
 

Author Comment

by:El_Jeffe
ID: 10723877
Where is this sorted list?
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 10726156
you need to make this "sorted list" yourself
probably pdbedit can be used (I don't know this command):
  pdbedit -v |grep -i name|sort
0
 

Author Comment

by:El_Jeffe
ID: 10726591
Ran the command pdbedit -v -L |grep -i name|sort    no duplicates.  I don't think the problem is on the server.  I think there is something cached on the NT box somewhere, maybe in the registry?
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 10727133
> pdbedit -v -L |grep -i name|sort
hopefully you checked carefully ..
as said, don't knwo how pdbedit works, just assumed it according your previous listing, according this listing the names to be compared are on the right side
0
 

Author Comment

by:El_Jeffe
ID: 10727243
"hopefully you checked carefully .."
no duplicates!no duplicates!no duplicates!no duplicates!no duplicates!no duplicates!no duplicates!no duplicates!no duplicates!no duplicates!no duplicates!no duplicates!no duplicates!no duplicates!no duplicates!no duplicates!no duplicates!no duplicates!no duplicates!no duplicates!no duplicates!no duplicates!no duplicates!no duplicates!no duplicates!no duplicates!
Please don't ask me to do things over and over!!!!!!!!!!!

IS THERE SOMETHING CACHED IN THE NT BOX?  I HAVE ASKED THIS QUESTION SEVERAL TIMES WITH NO REPLY.  THERE IS NOTHING WRONG WITH THE SERVER!!!!!!!!!
0
 

Author Comment

by:El_Jeffe
ID: 10774066
Anyone who can review the info above and solve this dilemma for me deserves the points...

Also, Netlogon service is not running, won't start, gives error:  Error 3095 This computer is configured as a member of a workgroup, not domain.  Netlogon doesn't need to run in this configuration.

How do I start Net Logon Service?
0
 

Author Comment

by:El_Jeffe
ID: 10774074
Increase points.
0
 
LVL 9

Expert Comment

by:Alf666
ID: 10774879
Hi again,

I've given it a thought, because your problem bothers me. I have a few new leads :


1) It's a wild guess, but you might try having a look to the following registry key :

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\DomainCache

There might be some reminency of your "old" domain name here.

2) You could also try to search the whole registry for your domain name.

3) You might try to change the NT4's SID (the unique box identifier).
For a reason I don't know, you might have an SID conflict in between two boxes (after using ghost or something like that maybe).

This tool will allow you to give a new SID to your box :

http://www.sysinternals.com/ntw2k/source/newsid.shtml

I don't know if this will work, but, at least, they are new leads :-)
0
 

Author Comment

by:El_Jeffe
ID: 10786818
I looked in the registry and didn't find an entry called DomainCache in Winlogon.  I did find CachePrimaryDomain which had the domain name in it, and I removed that.  Wouldn't add to domain, same error message.

I also reset the sid, first to match the sid on the server machine account.  Tried to add to domain, no go, same error message.  Then I just created a random sid, and still wouldn't add to the domain.  I have told the client we should reload NT or upgrade, as NT is no longer supported.
0
 

Accepted Solution

by:
modulo earned 0 total points
ID: 14563964
PAQed with points refunded (500)

modulo
Community Support Moderator
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now