Topic: Domain controler problem: account disable

[oblooblo2000]

hi every body,

there is a month ago, I re-install my sme server v7 final on my proliant HP.
I had two problem, maybe someone could help:

1/ I had to join the domain for each computer client (xp) again, because they didn't loged in !!! So amazing job (log first in in admin user, copy old profile to default profile, then log out, log in with user of the domain that use this computer, then set up outlook with mail account...ouch !!!!). I guess there was some info in the save of the sme installed before but....

2/ I still got this problem, I success log in with a particular xp client, however, after couple of day, the computer was unable to log in the domain!!! I tried to setup workgroup mode, then again domain mode, but no way !!! test to log in the domain with admin user = error with password and/or user !!! Try to log with a valid user on domain= no right to log in but good password , so it's normal but not with the admin user !!! I installed the XP reg value, I tried to delete computer account (smb, /etc/pass group...) but no way !!!! 2 weeks after (today) I tried again and this time I got: failed to open session : account disable ???? great ???


If any idea, I will be very gratefull !!!! Sorry for my poor english  

[cactus]

hi every body,

there is a month ago, I re-install my sme server v7 final on my proliant HP.
I had two problem, maybe someone could help:

1/ I had to join the domain for each computer client (xp) again, because they didn't loged in !!! So amazing job (log first in in admin user, copy old profile to default profile, then log out, log in with user of the domain that use this computer, then set up outlook with mail account...ouch !!!!). I guess there was some info in the save of the sme installed before but....

2/ I still got this problem, I success log in with a particular xp client, however, after couple of day, the computer was unable to log in the domain!!! I tried to setup workgroup mode, then again domain mode, but no way !!! test to log in the domain with admin user = error with password and/or user !!! Try to log with a valid user on domain= no right to log in but good password , so it's normal but not with the admin user !!! I installed the XP reg value, I tried to delete computer account (smb, /etc/pass group...) but no way !!!! 2 weeks after (today) I tried again and this time I got: failed to open session : account disable ???? great ???


If any idea, I will be very gratefull !!!! Sorry for my poor english  

Are there any error messages in the /var/log/messages* files from the time the error occurred? Maybe you can find a clue there.

[oblooblo2000]

thank's for helping !!

no infos in messages, only some DHCPPACK and DHCPREQUEST with the mac adress, but no error !


however i got this:

Code: [Select]


[root@acf-srv ~]# grep postesc -H /var/log/samba/*
/var/log/samba/log.postesc:  postesc (192.168.100.126) connect to service netlogon initially as user simonec (uid=5042, gid=5042) (pid 9992)
/var/log/samba/log.postesc:  postesc (192.168.100.126) connect to service simonec initially as user simonec (uid=5042, gid=5042) (pid 9992)
/var/log/samba/log.postesc:  postesc (192.168.100.126) closed connection to service netlogon
/var/log/samba/log.postesc:  postesc (192.168.100.126) closed connection to service simonec
/var/log/samba/log.postesc:  postesc (192.168.100.126) connect to service netlogon initially as user admin (uid=0, gid=101) (pid 10010)
/var/log/samba/log.postesc:  postesc (192.168.100.126) connect to service admin initially as user admin (uid=0, gid=101) (pid 10010)
/var/log/samba/log.postesc:  postesc (192.168.100.126) closed connection to service netlogon
/var/log/samba/log.postesc:  postesc (192.168.100.126) closed connection to service admin
/var/log/samba/log.postesc:  postesc (192.168.100.126) connect to service netlogon initially as user simonec (uid=5042, gid=5042) (pid 10020)
/var/log/samba/log.postesc:  postesc (192.168.100.126) connect to service simonec initially as user simonec (uid=5042, gid=5042) (pid 10020)
/var/log/samba/log.postesc:  postesc (192.168.100.126) connect to service simonec initially as user simonec (uid=5042, gid=5042) (pid 10040)
/var/log/samba/log.postesc:  postesc (192.168.100.126) closed connection to service simonec
/var/log/samba/log.postesc:  postesc (192.168.100.126) closed connection to service netlogon
/var/log/samba/log.postesc:  postesc (192.168.100.126) closed connection to service simonec
/var/log/samba/log.postesc:  postesc (192.168.100.126) connect to service admin initially as user admin (uid=0, gid=101) (pid 13006)
/var/log/samba/log.postesc:  postesc (192.168.100.126) connect to service Primary initially as user admin (uid=0, gid=101) (pid 13006)
/var/log/samba/log.postesc:  postesc (192.168.100.126) connect to service temp initially as user admin (uid=0, gid=101) (pid 13006)
/var/log/samba/log.postesc:  postesc (192.168.100.126) closed connection to service Primary
/var/log/samba/log.postesc:  postesc (192.168.100.126) closed connection to service temp
/var/log/samba/log.postesc:  postesc (192.168.100.126) closed connection to service admin
/var/log/samba/log.postesc:  postesc (192.168.100.126) connect to service temp initially as user admin (uid=0, gid=101) (pid 13053)
/var/log/samba/log.postesc:  postesc (192.168.100.126) closed connection to service temp



and

Code: [Select]


[root@acf-srv ~]# cat /var/log/samba/log.postesc
[2006/10/06 14:49:15, 0] rpc_server/srv_netlog_nt.c:get_md4pw(244)
  get_md4pw: Workstation POSTESC$: no account in domain
[2006/10/06 14:52:46, 0] rpc_server/srv_netlog_nt.c:get_md4pw(244)
  get_md4pw: Workstation POSTESC$: no account in domain
[2006/10/06 15:23:58, 1] smbd/service.c:make_connection_snum(648)
  postesc (192.168.100.126) connect to service netlogon initially as user simonec (uid=5042, gid=5042) (pid 9992)
esmith::isInGroup() called too early to check prototype at /usr/local/bin/generate_netlogon line 87.
[2006/10/06 15:24:04, 1] smbd/service.c:make_connection_snum(648)
  postesc (192.168.100.126) connect to service simonec initially as user simonec (uid=5042, gid=5042) (pid 9992)
[2006/10/06 15:27:06, 1] rpc_server/srv_util.c:get_domain_user_groups(298)
  get_domain_user_groups: primary gid of user [simonec] is not a Domain group !
  get_domain_user_groups: You should fix it, NT doesn't like that
[2006/10/06 15:27:06, 0] rpc_server/srv_util.c:get_alias_user_groups(206)
  get_alias_user_groups: gid of user simonec doesn't exist. Check your /etc/passwd and /etc/group files
[2006/10/06 15:27:09, 1] smbd/service.c:close_cnum(841)
  postesc (192.168.100.126) closed connection to service netlogon
[2006/10/06 15:27:09, 1] smbd/service.c:close_cnum(841)
  postesc (192.168.100.126) closed connection to service simonec
[2006/10/06 15:37:48, 1] smbd/service.c:make_connection_snum(648)
  postesc (192.168.100.126) connect to service netlogon initially as user admin (uid=0, gid=101) (pid 10010)
esmith::isInGroup() called too early to check prototype at /usr/local/bin/generate_netlogon line 87.
[2006/10/06 15:37:53, 1] smbd/service.c:make_connection_snum(648)
  postesc (192.168.100.126) connect to service admin initially as user admin (uid=0, gid=101) (pid 10010)
[2006/10/06 15:38:54, 1] rpc_server/srv_util.c:get_domain_user_groups(298)
  get_domain_user_groups: primary gid of user [simonec] is not a Domain group !
  get_domain_user_groups: You should fix it, NT doesn't like that
[2006/10/06 15:38:54, 0] rpc_server/srv_util.c:get_alias_user_groups(206)
  get_alias_user_groups: gid of user simonec doesn't exist. Check your /etc/passwd and /etc/group files
[2006/10/06 15:40:10, 1] smbd/service.c:close_cnum(841)
  postesc (192.168.100.126) closed connection to service netlogon
[2006/10/06 15:40:10, 1] smbd/service.c:close_cnum(841)
  postesc (192.168.100.126) closed connection to service admin
[2006/10/06 15:47:14, 1] smbd/service.c:make_connection_snum(648)
  postesc (192.168.100.126) connect to service netlogon initially as user simonec (uid=5042, gid=5042) (pid 10020)
esmith::isInGroup() called too early to check prototype at /usr/local/bin/generate_netlogon line 87.
[2006/10/06 15:47:15, 1] smbd/service.c:make_connection_snum(648)
  postesc (192.168.100.126) connect to service simonec initially as user simonec (uid=5042, gid=5042) (pid 10020)
esmith::isInGroup() called too early to check prototype at /usr/local/bin/generate_netlogon line 87.
[2006/10/06 15:57:58, 1] smbd/service.c:make_connection_snum(648)
  postesc (192.168.100.126) connect to service simonec initially as user simonec (uid=5042, gid=5042) (pid 10040)
[2006/10/06 16:11:17, 0] lib/util_sock.c:read_socket_data(384)
  read_socket_data: recv failure for 4. Error = Connection timed out
[2006/10/06 16:11:17, 1] smbd/service.c:close_cnum(841)
  postesc (192.168.100.126) closed connection to service simonec
[2006/10/06 16:11:17, 1] smbd/service.c:close_cnum(841)
  postesc (192.168.100.126) closed connection to service netlogon
[2006/10/06 17:22:31, 1] smbd/service.c:close_cnum(841)
  postesc (192.168.100.126) closed connection to service simonec
[2006/10/06 17:22:31, 1] rpc_server/srv_util.c:get_domain_user_groups(298)
  get_domain_user_groups: primary gid of user [simonec] is not a Domain group !
  get_domain_user_groups: You should fix it, NT doesn't like that
[2006/10/06 17:22:31, 0] rpc_server/srv_util.c:get_alias_user_groups(206)
  get_alias_user_groups: gid of user simonec doesn't exist. Check your /etc/passwd and /etc/group files
esmith::isInGroup() called too early to check prototype at /usr/local/bin/generate_netlogon line 87.
[2006/12/01 15:33:55, 1] smbd/service.c:make_connection_snum(648)
  postesc (192.168.100.126) connect to service admin initially as user admin (uid=0, gid=101) (pid 13006)
[2006/12/01 15:35:10, 1] smbd/service.c:make_connection_snum(648)
  postesc (192.168.100.126) connect to service Primary initially as user admin (uid=0, gid=101) (pid 13006)
[2006/12/01 15:35:10, 1] smbd/service.c:make_connection_snum(648)
  postesc (192.168.100.126) connect to service temp initially as user admin (uid=0, gid=101) (pid 13006)
[2006/12/01 15:35:14, 1] smbd/service.c:close_cnum(841)
  postesc (192.168.100.126) closed connection to service Primary
[2006/12/01 15:35:14, 1] smbd/service.c:close_cnum(841)
  postesc (192.168.100.126) closed connection to service temp
[2006/12/01 15:35:14, 1] smbd/service.c:close_cnum(841)
  postesc (192.168.100.126) closed connection to service admin
[2006/12/01 15:37:59, 1] smbd/service.c:make_connection_snum(648)
  postesc (192.168.100.126) connect to service temp initially as user admin (uid=0, gid=101) (pid 13053)
[2006/12/01 15:38:10, 1] smbd/service.c:close_cnum(841)
  postesc (192.168.100.126) closed connection to service temp
[2006/12/19 17:10:57, 1] auth/auth_sam.c:sam_account_ok(123)
  sam_account_ok: Account for user 'admin' was disabled.
[2006/12/19 17:10:57, 1] auth/auth_sam.c:sam_account_ok(123)
  sam_account_ok: Account for user 'admin' was disabled.



and

Code: [Select]

(entrée standard):  postesc (192.168.100.126) connect to service netlogon initially as user simonec (uid=5042, gid=5042) (pid 9992)
(entrée standard):  postesc (192.168.100.126) connect to service simonec initially as user simonec (uid=5042, gid=5042) (pid 9992)
(entrée standard):  postesc (192.168.100.126) closed connection to service netlogon
(entrée standard):  postesc (192.168.100.126) closed connection to service simonec
(entrée standard):  postesc (192.168.100.126) connect to service netlogon initially as user admin (uid=0, gid=101) (pid 10010)
(entrée standard):  postesc (192.168.100.126) connect to service admin initially as user admin (uid=0, gid=101) (pid 10010)
(entrée standard):  postesc (192.168.100.126) closed connection to service netlogon
(entrée standard):  postesc (192.168.100.126) closed connection to service admin
(entrée standard):  postesc (192.168.100.126) connect to service netlogon initially as user simonec (uid=5042, gid=5042) (pid 10020)
(entrée standard):  postesc (192.168.100.126) connect to service simonec initially as user simonec (uid=5042, gid=5042) (pid 10020)
(entrée standard):  postesc (192.168.100.126) connect to service simonec initially as user simonec (uid=5042, gid=5042) (pid 10040)
(entrée standard):  postesc (192.168.100.126) closed connection to service simonec
(entrée standard):  postesc (192.168.100.126) closed connection to service netlogon
(entrée standard):  postesc (192.168.100.126) closed connection to service simonec
(entrée standard):  postesc (192.168.100.126) connect to service admin initially as user admin (uid=0, gid=101) (pid 13006)
(entrée standard):  postesc (192.168.100.126) connect to service Primary initially as user admin (uid=0, gid=101) (pid 13006)
(entrée standard):  postesc (192.168.100.126) connect to service temp initially as user admin (uid=0, gid=101) (pid 13006)
(entrée standard):  postesc (192.168.100.126) closed connection to service Primary
(entrée standard):  postesc (192.168.100.126) closed connection to service temp
(entrée standard):  postesc (192.168.100.126) closed connection to service admin
(entrée standard):  postesc (192.168.100.126) connect to service temp initially as user admin (uid=0, gid=101) (pid 13053)
(entrée standard):  postesc (192.168.100.126) closed connection to service temp
(entrée standard):@400000004549ff6f1503bce4 7f000001:a045:a5aa + 0001 postesc.domain.fr
(entrée standard):@4000000045534c2e0dd724ec 7f000001:4b50:9f3e + 0001 postesc.domain.fr


but there is old log because I tried to add manually posteSC (the XP client) to the domain controler, then to delete it, then to add in samba...

[oblooblo2000]

No idea ????

I remember of a contrib (on sme6) that allowed to view the computer account... and add/delete... is there any idea ???

thanks a lot

[oblooblo2000]

up, still can't connect !!

[CharlieBrady]

there is a month ago, I re-install my sme server v7 final on my proliant HP.
I had two problem...

Please report all problems via the bug tracker.

Cactus, please don't try to help here. Please help to have all problems reported to the bug tracker, and please try to help investigate and solve problems in the bug tracker. Thanks.

[oblooblo2000]

no need, the solution was to execute this command on the server:

/sbin/e-smith/signal-event machine-account-create computerName

[CharlieBrady]

no need, the solution was to execute this command on the server:

/sbin/e-smith/signal-event machine-account-create computerName

But we don't want everyone to need to do that. It's a bug, which needs to be found and fix. Please report details of your problem to the Bug Tracker.

[cactus]

Cactus, please don't try to help here. Please help to have all problems reported to the bug tracker, and please try to help investigate and solve problems in the bug tracker. Thanks.

You are right... but I am still not sure if this is a bug or some weird user generated situation. Is there already a bug reported for this issue as I am happy to follow up there?

[oblooblo2000]

I agree with you cactus, I'm not sure it is a bug, and I'm stilll in v7 and not in v7.1, maybe it will not occur with this version????
I'll put it in the bug tracker!

[cactus]

I'll put it in the bug tracker!

Please post the bug number here as well, for easy follow-up. Thanks in advance.

[oblooblo2000]

ok, I will do it, however, I just execute the command that is in the smb.conf when you join a domain, it is strange... and in bug tracker, it is fixed but not explain in general, it' why I asked in the forum.

[cactus]

and in bug tracker, it is fixed but not explain in general, it' why I asked in the forum.

If you post the bug number we might be able to help you and clarify the bug.

[oblooblo2000]

Bug 2397
link
http://bugs.contribs.org/show_bug.cgi?id=2397