• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 223
  • Last Modified:

re-adding NT workstation samba domain

We just upgraded a mandrake server and included was samba 3.  All of the windows workstations had to be re-added to the domain.  All were successful (XP & W2k) except a NT 4.0 box,  which was successfully removed from the domain, but when I try to add it back, I get the error; You already have a connection to the domain.  You must disconnect before rejoining the domain.  Looking at the Network Identification, it is listed as workgroup named workgroup.  How do get this machine back onto the domain?

Thanks,

Jeff
0
El_Jeffe
Asked:
El_Jeffe
  • 16
  • 7
  • 6
  • +1
1 Solution
 
Alf666Commented:
Check your smbpasswd for this workstation. Delete it if it's there.

Most probably, you have net connections to this domain.
Get a DOS prompt.

type :

net use

and see if you have "mounted" resources on your samba. If yes, then disconnect them (net use /delete).
0
 
El_JeffeAuthor Commented:
I did have a share connected to the server.  I deleted that, and get the error; This computer name is already configured as a domain controller on the domain.
From where do I delete the smbpasswd?
0
 
Alf666Commented:
You have to delete the share permanently, and then reboot so that no resource from the server is used anymore (like IPCs).

You could also force a new workgroup before rebooting. Change it to whatever you wish.

smbpasswd is a file that contains your workstations "passwords" and also users if they are authenticated locally. It's location depends on your distrib.

Try a "locate smbpasswd" (be carefull, it might find the binary file used to work on this one).
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
El_JeffeAuthor Commented:
The reason we had to re-add the machines are that the security identifier for he domain got changed.  We had ro re-add to create new ones.  THe smbpasswds are now located in LDAP.  That smbpasswd file on the server no longer exists.  We removed the machine account from LDAP and tried adding the w/s to the domain.  That didn't work.  The error in essence was that it couldn't find the machine account.  

Could the NT box have the old securtity identifier cached some where locally?
0
 
Alf666Commented:
You should try what I suggested :

You have to delete the share permanently, and then reboot so that no resource from the server is used anymore (like IPCs).

You could also force a new workgroup before rebooting. Change it to whatever you wish.

Hopefully, it should cleanup all references to the domain on the client.
0
 
El_JeffeAuthor Commented:
I did all of the things you mention in your last comments before contacting Experts Exchange.  See my first entry.  There were no shares or IPC's linked to the server in any way.  When I run the command net use, I get back; there are no entries in the list.  
0
 
Alf666Commented:
Did you try changing the computer name ? (in the Network Identification).
0
 
El_JeffeAuthor Commented:
Renamed the workstation, didn't work, same error.  Checked to be sure there were no shares before attempting adding to domain.  Any more ideas?
0
 
Alf666Commented:
I just don't get it. There must be something left over.

Can I suggest the following steps (that you have already done, but I've had so many problems like this one before that a full cleanup may be necessary) :

1) net use \* /d
(this will delete permanently even non visible connections like IPCs).

2) Set manually another workgroup
(this will manually reset everything related to domains)

3) Reboot

4) Try to rejoin.

Apart from that, I have no more idea, but that covers what I have done in the past.
0
 
El_JeffeAuthor Commented:
I have done this several times, to no avail.  

Could there be old settings, SID's in the registry, or elsewhere cached?
0
 
ahoffmannCommented:
please post the line containing your workstation name from smbpasswd
0
 
El_JeffeAuthor Commented:
The command used to extract this info is "pdbedit -v ntbox$"  This in from the Linux mandrake 9.2 server running samba 3.0.0-2mdk.

Unix username:        ntbox$
NT username:          ntbox$
Account Flags:        [           ]
User SID:             S-1-5-21-3970570929-2603547963-1902127304-2152
Primary Group SID:    S-1-5-21-3970570929-2603547963-1902127304-513
Full Name:            nt computer
Home Directory:       \\border\ntbox_
HomeDir Drive:        U:
Logon Script:         login.bat
Profile Path:         \\border\profiles\ntbox_
Domain:               BORDERENT
Account desc:
Workstations:
Munged dial:
Logon time:           0
Logoff time:          Mon, 18 Jan 2038 21:14:07 GMT
Kickoff time:         Mon, 18 Jan 2038 21:14:07 GMT
Password last set:    0
Password can change:  0
Password must change: Mon, 18 Jan 2038 21:14:07 GMT

As stated earlier, we are not using smbpasswd, we are using LDAP to store the user info.
0
 
ahoffmannCommented:
as others said before, you need to delete this account
if all fails, you can use ldapdelete to do it manually
0
 
El_JeffeAuthor Commented:
I have:
removed it from the domain & reboot
run the command net use * /delete
unsucessfully try to add to domain
renamed the computer & reboot - wouldn't add to domain
changed workgroup to another name & reboot - wouldn't add to domain
deleted the account from the server - wouldn't add to domain

see comment above :

Comment from El_Jeffe
Date: 03/26/2004 07:41AM PST
0
 
Alf666Commented:
I'm sorry, but I can not be of much more help :-(
I've tried and crawled the web, but to no avail.

Good luck.
0
 
El_JeffeAuthor Commented:
Well, is anyone going to help, or am I going to have to look elsewhere?
0
 
ahoffmannCommented:
according your infinite reboots, I assume you did it on the NT box
But the problem seems to be on the PDC (Samba), so please remove the acount there (see my previous comment)
0
 
El_JeffeAuthor Commented:
PLease read thru the list of thing I've done before offering a solution I've already done, see entry above entered on Date: 03/26/2004 11:44AM PST
0
 
El_JeffeAuthor Commented:
To recap: We just upgraded a mandrake server 9.2 and included was samba 3.0.0-2mdk.  All of the windows workstations had to be re-added to the domain.  All were successful (XP & W2k) except a NT 4.0 box,  which was successfully removed from the domain, but when I try to add it back, I get the error;
This computer name is already configured as a domain controller on the domain.  Looking at the Network Identification, it is listed as workgroup named workgroup.  I am almost positive that this box was not configured as a domain controller at time of install.

This is what I have done so far:
Changed the computer name several times
Deleted the computer account on the server
Made sure there are no connections to the server(run the command net use * /delete)
Changed the workgroup name several times

Each change forced a reboot and was unsuccessful in adding this machine to the domain.
0
 
ahoffmannCommented:
> This computer name is already configured as a domain controller on the domain .. workgroup named workgroup
And your sorted list of
  domain names + workgroup names + host names+  group names + user names
is unique? no duplicates?
0
 
El_JeffeAuthor Commented:
Where is this sorted list?
0
 
ahoffmannCommented:
you need to make this "sorted list" yourself
probably pdbedit can be used (I don't know this command):
  pdbedit -v |grep -i name|sort
0
 
El_JeffeAuthor Commented:
Ran the command pdbedit -v -L |grep -i name|sort    no duplicates.  I don't think the problem is on the server.  I think there is something cached on the NT box somewhere, maybe in the registry?
0
 
ahoffmannCommented:
> pdbedit -v -L |grep -i name|sort
hopefully you checked carefully ..
as said, don't knwo how pdbedit works, just assumed it according your previous listing, according this listing the names to be compared are on the right side
0
 
El_JeffeAuthor Commented:
"hopefully you checked carefully .."
no duplicates!no duplicates!no duplicates!no duplicates!no duplicates!no duplicates!no duplicates!no duplicates!no duplicates!no duplicates!no duplicates!no duplicates!no duplicates!no duplicates!no duplicates!no duplicates!no duplicates!no duplicates!no duplicates!no duplicates!no duplicates!no duplicates!no duplicates!no duplicates!no duplicates!no duplicates!
Please don't ask me to do things over and over!!!!!!!!!!!

IS THERE SOMETHING CACHED IN THE NT BOX?  I HAVE ASKED THIS QUESTION SEVERAL TIMES WITH NO REPLY.  THERE IS NOTHING WRONG WITH THE SERVER!!!!!!!!!
0
 
El_JeffeAuthor Commented:
Anyone who can review the info above and solve this dilemma for me deserves the points...

Also, Netlogon service is not running, won't start, gives error:  Error 3095 This computer is configured as a member of a workgroup, not domain.  Netlogon doesn't need to run in this configuration.

How do I start Net Logon Service?
0
 
El_JeffeAuthor Commented:
Increase points.
0
 
Alf666Commented:
Hi again,

I've given it a thought, because your problem bothers me. I have a few new leads :


1) It's a wild guess, but you might try having a look to the following registry key :

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\DomainCache

There might be some reminency of your "old" domain name here.

2) You could also try to search the whole registry for your domain name.

3) You might try to change the NT4's SID (the unique box identifier).
For a reason I don't know, you might have an SID conflict in between two boxes (after using ghost or something like that maybe).

This tool will allow you to give a new SID to your box :

http://www.sysinternals.com/ntw2k/source/newsid.shtml

I don't know if this will work, but, at least, they are new leads :-)
0
 
El_JeffeAuthor Commented:
I looked in the registry and didn't find an entry called DomainCache in Winlogon.  I did find CachePrimaryDomain which had the domain name in it, and I removed that.  Wouldn't add to domain, same error message.

I also reset the sid, first to match the sid on the server machine account.  Tried to add to domain, no go, same error message.  Then I just created a random sid, and still wouldn't add to the domain.  I have told the client we should reload NT or upgrade, as NT is no longer supported.
0
 
moduloCommented:
PAQed with points refunded (500)

modulo
Community Support Moderator
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 16
  • 7
  • 6
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now