I am the only user who logs on to the server. I logon as root. The remaining users logon via Samba only from windows machines. On attempting to logon as root to setup a new user I found it would not accept the proper password for the root account. The server had been up for over a month since I last logged on. The Samba users could logon (probably because smbpasswd is ok). I logged on in single user mode and found that the /etc/shadow file was missing. I copied the file /etc/shadow- to create /etc/shadow then rebooted to multiuser mode. I could then logon as root. I believe that Samba is irrelevant to the problem as I believe that I encountered the same problem on my firewall which had no SAMBA support. On that machine I simply reinstalled to recover so I am not sure that the shadow file was gone. I don't know if it is relevant but I do use cron to schedule daily, weekly, monthly backups. I have had no repeat of this since I stopped using cron on the firewall machine. Tonight was my first detected problem on the Samba machine. Any thoughts?
I've never seen a Linux system deleting /etc/shadow without being told to. Chances are someone figured out the root password and is playing games with you. Also, check the permissions to make sure the samba users can't mount /etc writable on their windoze boxes.