Topic: Samba errors on new domain

[csn]

I've just migrated my SME Server v8 to new hardware running v9 and cut over DHCP and Domain Controller duties. The server is supporting a small network of Windows 7 Pro machines which are part of the domain.

Prior to the cutover I removed the machines from the domain, and am now adding them back to the new server, which has the same domain name.

When I add them, while everything seems fine on the Windows side, and I can log in and use domain accounts, I'm getting some strange errors in /var/log/messages. It appears that SME Server is rejecting the auth request, even though the creation apparently went fine:

Code: [Select]

Oct 15 12:02:49 gmf esmith::event[7639]: Processing event: machine-account-create hp8a$
Oct 15 12:02:49 gmf esmith::event[7639]: Running event handler: /etc/e-smith/events/machine-account-create/S10create-machine-account
Oct 15 12:02:49 gmf /etc/e-smith/events/machine-account-create/S10create-machine-account[7640]: /home/e-smith/db/accounts: OLD hp8a$=(undefined)
Oct 15 12:02:49 gmf /etc/e-smith/events/machine-account-create/S10create-machine-account[7640]: /home/e-smith/db/accounts: NEW hp8a$=machine
Oct 15 12:02:49 gmf /etc/e-smith/events/machine-account-create/S10create-machine-account[7640]: /home/e-smith/db/configuration: OLD MinUid=5014
Oct 15 12:02:49 gmf /etc/e-smith/events/machine-account-create/S10create-machine-account[7640]: /home/e-smith/db/configuration: NEW MinUid=5015
Oct 15 12:02:49 gmf /etc/e-smith/events/machine-account-create/S10create-machine-account[7640]: /home/e-smith/db/accounts: OLD hp8a$=machine
Oct 15 12:02:49 gmf /etc/e-smith/events/machine-account-create/S10create-machine-account[7640]: /home/e-smith/db/accounts: NEW hp8a$=machine|Uid|5014
Oct 15 12:02:49 gmf esmith::event[7639]: create-machine-account hp8a$: Creating Unix user and group
Oct 15 12:02:50 gmf esmith::event[7639]: Locking password for user hp8a$.
Oct 15 12:02:50 gmf esmith::event[7639]: passwd: Success
Oct 15 12:02:50 gmf esmith::event[7639]: Group hp8a$ successfully added!
Oct 15 12:02:50 gmf esmith::event[7639]: User hp8a$ successfully added!
Oct 15 12:02:50 gmf esmith::event[7639]: create-machine-account hp8a$: Locking account
Oct 15 12:02:50 gmf esmith::event[7639]: User hp8a$ successfully modified!
Oct 15 12:02:50 gmf esmith::event[7639]: create-machine-account hp8a$: Creating smbpasswd account
Oct 15 12:02:50 gmf esmith::event[7639]: Added user hp8a$.
Oct 15 12:02:50 gmf esmith::event[7639]: S10create-machine-account=action|Event|machine-account-create|Action|S10create-machine-account|Start|1508065369 408832|End|1508065370 977953|Elapsed|1.569121
Oct 15 12:02:50 gmf esmith::event[7639]: Running event handler: /etc/e-smith/events/machine-account-create/S95ldap-update-simple
Oct 15 12:02:51 gmf esmith::event[7639]: S95ldap-update-simple=action|Event|machine-account-create|Action|S95ldap-update-simple|Start|1508065370 978216|End|1508065371 336955|Elapsed|0.358739
Oct 15 12:02:51 gmf smbd[7637]: [2017/10/15 12:02:51.339416,  0] passdb/pdb_smbpasswd.c:665(add_smbfilepwd_entry)
Oct 15 12:02:51 gmf smbd[7637]:   add_smbfilepwd_entry: entry with name hp8a$ already exists
Oct 15 12:02:51 gmf dhcpd: DHCPREQUEST for 192.168.3.192 from 9c:b6:54:f6:75:57 (HP8A) via eth0
Oct 15 12:02:51 gmf dhcpd: DHCPACK on 192.168.3.192 to 9c:b6:54:f6:75:57 (HP8A) via eth0
Oct 15 12:02:51 gmf smbd[7637]: [2017/10/15 12:02:51.613766,  0] rpc_server/netlogon/srv_netlog_nt.c:976(_netr_ServerAuthenticate3)
Oct 15 12:02:51 gmf smbd[7637]:   _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth request from client HP8A machine account HP8A$
Oct 15 12:03:39 gmf dhcpd: DHCPREQUEST for 192.168.3.192 from 9c:b6:54:f6:75:57 (HP8A) via eth0
Oct 15 12:03:39 gmf dhcpd: DHCPACK on 192.168.3.192 to 9c:b6:54:f6:75:57 (HP8A) via eth0
Oct 15 12:05:27 gmf smbd[7685]: [2017/10/15 12:05:27.042983,  0] rpc_server/netlogon/srv_netlog_nt.c:976(_netr_ServerAuthenticate3)
Oct 15 12:05:27 gmf smbd[7685]:   _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth request from client HP8A machine account HP8A$
I'd love to know what's going on here!
Thanks

[Stefano]

how did you do the migration?

[csn]

Good question, should probably have stated above. Manually, i.e. rsync of /home/e-smith/files/users and /home/e-smith/files/ibays and manual config in server manager.

As a result, from samba's point of view the SME v9 install should be a 'new' server, making duplicate join error a bit odd.

Another piece of information which may help - I ran the win7 reg fix before rejoining the domain.

[Stefano]

I'm sorry, but you did it in the wrong way, you forgot many other files..

you'd try to use a different domain name since you're joining your machines from scratch

any (valid) reason not to use a backup/restore procedure to migrate your server?

[csn]

I think 'wrong way' is maybe a little harsh - it gave me the opportunity to configure a fresh new server without pulling over any historic tweaks or config, and keeping all of the user data safe in the process. It's also a much more tractable way of migrating 2TB of data.

Regarding the question, because it's a new install, this issue is essentially 'errors when a Windows machine joins a new SME domain controller'.

More detail on the Windows-side workflow...

1) Leave existing domain and fall back to workgroup
2) Shut down
3) Power off old SME Server, promote new SME Server to domain controller
4) Reboot and join 'new' domain

As I mentioned, the Windows machines are running fine, it's just the error in the log file which is bothering me.

Would love any further advice.