Trying to replace a NT4-PDC I have configured a Samba+LDAP server, and done an "net rpc vampire [...]", everything works fine but the machine accounts don't, obiously, if I join a workstation to domain it works fine. Also I've found something strange, If you previously logged in to that machine you can use the workstation and to the server shares and printers, with no problem (I know that you can login to a W2k workstation if the domain is not available). I done some dbugging and the only error that seems (to me) to be related is this: All events have the same date rpc_parse/parse_prs.c:prs_ntstatus(701) 01bc status : NT_STATUS_OK rpc_server/srv_pipe.c:api_rpcTNP(1590) api_rpcTNP: called NETLOGON successfully rpc_server/srv_pipe.c:api_rpcTNP(1599) api_rpcTNP: rpc input buffer underflow (parse error?) rpc_parse/parse_prs.c:prs_uint8s(758) 010a : 00 00 8a e3 13 71 02 f4 36 71 01 40 04 00 01 00 00 00 03 00 00 00 44 06 04 00 80 2f 0b 00 rpc_server/srv_pipe_hnd.c:free_pipe_context(543) by the way here is my smb.conf [global] workgroup = IPLAN netbios name = PDCIPLAN server string = IplanTest Samba3 & OpenLDAP PDC Server interfaces = eth0 bind interfaces only = Yes passdb backend = ldapsam:ldap://localhost enable privileges = Yes username map = /etc/samba/smbusers log level = 10 syslog = 0 log file = /var/log/samba/%m.log max log size = 1024 logon path = logon drive = X: logon home = name resolve order = host wins bcast time server = Yes printing = cups printcap name = cups show add printer wizard = No add user script = /opt/IDEALX/sbin/smbldap-useradd -m "%u" delete user script = /opt/IDEALX/sbin/smbldap-userdel "%u" add group script = /opt/IDEALX/sbin/smbldap-groupadd -p "%g" delete group script = /opt/IDEALX/sbin/smbldap-groupdel "%g" add user to group script = /opt/IDEALX/sbin/smbldap-groupmod -m "%u" "%g" delete user from group script = /opt/IDEALX/sbin/smbldap-groupmod -x "%u" "%g" set primary group script = /opt/IDEALX/sbin/smbldap-usermod -g "%g" "%u" add machine script = /opt/IDEALX/sbin/smbldap-useradd -w "%u" passwd program = /opt/IDEALX/sbin/smbldap-passwd %u logon script = scripts\logon.bat domain logons = Yes printcap cache time = 3 domain master = Yes local master = Yes preferred master = Yes os level = 65 security = user wins support = Yes ldap suffix = dc=iplan,dc=com,dc=ar ldap machine suffix = ou=People ldap user suffix = ou=People ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap ldap admin dn = cn=Administrator,dc=iplan,dc=com,dc=ar idmap backend = ldap:ldap://127.0.0.1 idmap uid = 10000-20000 idmap gid = 10000-20000 map acl inherit = Yes
Could you please upload the full log level 10 logfile of the failed vampire process?
Created attachment 1776 [details] The log of the vampire process
The vampire process was ok, there been some minor problems like "Cannot delete user (daieta) from his primary group (Domain Users)"
I've done some "forensics" and compare two machine accounts in the LDAP Server, and saw that both entries are "equivalent", the first entry (RESERVAS-1$) have the machine account and I cannot login to them, and the other machine (DELLD510W2K-001$) is joined to the domain and works fine. # RESERVAS-1$, People, iplan.com.ar dn: uid=RESERVAS-1$,ou=People,dc=iplan,dc=com,dc=ar objectClass: top objectClass: inetOrgPerson objectClass: posixAccount objectClass: sambaSamAccount cn: RESERVAS-1$ sn: RESERVAS-1$ uid: RESERVAS-1$ uidNumber: 1755 homeDirectory: /dev/null loginShell: /bin/false description: Computer gecos: Computer sambaSID: S-1-5-21-3918550812-1676614423-225969733-4534 displayName: RESERVAS-1$ sambaNTPassword: 29649CFC435BB9EEF96521D95873C5D2 sambaPwdLastSet: 1139317252 sambaAcctFlags: [W ] gidNumber: 513 sambaPrimaryGroupSID: S-1-5-21-3918550812-1676614423-225969733-513 # DELLD510W2K-001$, People, iplan.com.ar dn: uid=DELLD510W2K-001$,ou=People,dc=iplan,dc=com,dc=ar objectClass: top objectClass: inetOrgPerson objectClass: posixAccount objectClass: sambaSamAccount cn: DELLD510W2K-001$ sn: DELLD510W2K-001$ uid: DELLD510W2K-001$ uidNumber: 1917 homeDirectory: /dev/null loginShell: /bin/false description: Computer gecos: Computer sambaSID: S-1-5-21-3918550812-1676614423-225969733-4917 displayName: DELLD510W2K-001$ sambaAcctFlags: [W ] gidNumber: 513 sambaPrimaryGroupSID: S-1-5-21-3918550812-1676614423-225969733-513 sambaPwdCanChange: 1141394735 sambaPwdMustChange: 1146578735 sambaNTPassword: 774CEBB6A0319EFBE7F3F2F013602257 sambaPwdLastSet: 1141394735
hard to debug and worked for me in other cases. please reopen if you still see this bug and if there are any new insights on this.