[Pkg-samba-maint] Bug#605853: still having trouble with latest backports version

Jamie McClelland jm at mayfirst.org
Sat Dec 4 02:06:21 UTC 2010 

Package: samba
Version: 3.5.6~dfsg-1+bpo50+2

I'm experiencing a similar problem to the report posted in #550043. I
don't have access to samba 3.3.6 to test our environment with that
version.

We're running:

ii  samba              2:3.5.6~dfsg-1+bpo50+2
ii  samba-common       2:3.5.6~dfsg-1+bpo50+2 
ii  samba-common-bin   2:3.5.6~dfsg-1+bpo50+2 

The workstation is running Windows 7.

We can join the domain successfully, although we get the DNS error:

  Changing the Primary Domain DNS name of this computer to "" failed.
  The name will remain "RBI". The error was: The specified domain either
  does not exist or could not be contacted

On the samba server, the log file for the machine in question reports
the following error when the machine is added to the domain:

  [2010/12/03 19:50:51,  0]
  rpc_server/srv_netlog_nt.c:603(_netr_ServerAuthenticate3)
    _netr_ServerAuthenticate3: netlogon_creds_server_check failed.
    Rejecting auth request from client JOHANSANTANA machine account
    JOHANSANTANA$

The machine is listed by pdbedit.

When logged into the machine locally, it can mount shares from the samba
server.

However, when you try to login to the domain, the Windows machine
responds:

  There are currently no logon servers available to service the logon
  request.

The Windows machine event log reports

  This computer was not able to setup a secure session with a domain
  controller in domain RBI due to the following: The RPC server is
  unavailable. This may lead to authentication problems. Make sure that
  this computer is connected to the network. If the problem persists,
  please contact your domain administrator.

(I tried to downgrade to version 3.4.8 - with that version "The RPC
server is unavailable" was not in the Windows Event log. Instead it
reported "There are currently no logon servers available to service the
logon request.")

On the samba server, the log file for the machine in question reports:

[2010/12/03 19:51:30,  0] lib/util_sock.c:539(read_fd_with_timeout)
[2010/12/03 19:51:30,  0] lib/util_sock.c:1491(get_peer_addr_internal)
  getpeername failed. Error was Transport endpoint is not connected
    read_fd_with_timeout: client 0.0.0.0 read error = Connection reset
    by peer

Copied below is the smb.conf file. Any suggestions appreciated.

jamie

[global]
unix extensions = no
workgroup = rbi
wins support = yes
dns proxy = yes
netbios name = martin
enable privileges = yes
log file = /var/log/samba/log.%m
max log size = 1000
syslog = 0
panic action = /usr/share/samba/panic-action %d
security = user
encrypt passwords = true
passdb backend = ldapsam:"ldap://10.34.2.210 ldap://10.34.2.206"
ldap ssl = No
ldap suffix = dc=office,dc=harlemrbi,dc=org
ldap machine suffix = ou=Computers
ldap user suffix = ou=Users
ldap group suffix = ou=Groups
ldap admin dn = cn=smb-admin,dc=office,dc=harlemrbi,dc=org
unix password sync = yes
obey pam restrictions = no
passwd program = /usr/sbin/smbldap-passwd %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n *all*authentication*tokens*updated*
logon path = 
logon drive = H:
logon home = \\%L\%U
logon script = logon.bat
domain logons = yes
os level = 30
preferred master = yes
domain master = yes
winbind uid = 15000-20000
winbind gid = 15000-20000
ldap delete dn = yes
add user script = /usr/sbin/smbldap-useradd -m %u
delete user script = /usr/sbin/smbldap-userdel %u
add machine script = /usr/sbin/smbldap-useradd -d /dev/null -g nogroup -s /bin/false -w %u
add group script = /usr/sbin/smbldap-groupadd -p %g
delete group script = /usr/sbin/smbldap-groupdel %g
add user to group script = /usr/sbin/smbldap-groupmod -m %u %g
delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g
set primary group script = /usr/sbin/smbldap-groupadd -p %g
load printers = yes
printing = cups
printcap name = cups
cups options = "raw"
socket options = TCP_NODELAY 
restrict anonymous = no
acl compatibility = winnt
server signing = Auto

[homes]
comment = Home Directories
browseable = no
read only = no
nt acl support = no
create mask = 0755
directory mask = 0755
valid users = %S

[netlogon]
comment = Network Logon Service
path = /home/samba/netlogon
share modes = no
admin users = mayfirst,cgimenez
available = yes
guest ok = yes

[printers]
comment = All Printers
browseable = no
path = /var/spool/samba
printable = yes
guest ok = yes
admin users = root, @admin, cgimenez

[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
write list = root,mayfirst, at ntadmin
guest ok = yes

[Share]
comment = Share Drive
path = /home/share
create mask = 0664
directory mask = 2775
force group = staff
read only = no
available = yes
guest ok = yes

[Software]
comment = Software Installers
path = /home/software
create mask = 0664
directory mask = 2775
write list = @software
available = yes
guest ok = yes
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-samba-maint/attachments/20101203/fbcc96b2/attachment.pgp>

More information about the Pkg-samba-maint mailing list