[Samba] Samba as PDC with WinXP Clients -> headache!!

Alex King alex at king.net.nz
Thu Jun 5 09:50:58 GMT 2003 

I'm having the same problems as Daniel Zeiss, hence the message with the
same subject!

As is the case with Daniel, I'm having very unsatisfacory performance
with Samba as PDC and WinXP (Pro) clients.

Basically, XP machines seem to join the domain OK, but then fall off at
random, and tell me that no domain controler is available, without any
apparant network activity.

I'm using 2.2.8a, with "normal" encrypted passwords (no LDAP).

I have essentially the same setup at several sites.  I'm not the first
point of contact at any of the sites, but unfortunately I'm responsible
for making samba work at all of them.  Access to the sites (and direct
experience of the problems as opposed to user reports) is relatively
difficult.  Also the different sites have different first-port-of-call
administrators, and probably very different usage patterns....

At one site ("the good site") there are around 13 XP workstations no
other windows machines.  I seldom hear of any problems at this site.
However I know the administrator here is routinely reinstalls XP (and
re-joins the domain) whenever there is a problem.

I've also heard that they sometimes have the "can't log in" problem, and
have solved it by re-joining the domain.  I'm not sure exactly how
frequent this is because I'm not always told.

Historically most of the sites have been on 95/98, and most probably
still have a majority of 98 machines, but lately most of them also have
a few XP machines as well.

Again I am hamstrung by limited direct experience at these sites, but it
appears that the "no domain controler" error happens at these sites too.
Usually re-joining the domain solves this issue, but some clients seem
not to be able to join the domain at all, or only after repeated
attempts.

My setup runs a logon script, which syncs the workstation time and maps
certain shares ("NET USE... etc.")  according to the user logged in.
The scripts are different according to the windows client architecture.
Win 95 script looks like:

NET TIME \\SERVER /YES /SET
NET USE H: /home
NET USE S: \\SERVER\STORAGE
NET USE W: \\SERVER\WEBSITE
...
(maps 11 drives)
WinNT and Win2K scripts are the same:
NET TIME \\SERVER /YES /SET
NET USE H: \\SERVER\alex
NET USE S: \\SERVER\STORAGE
NET USE W: \\SERVER\WEBSITE
...
(I assume XP appears as the 2K archetecture in the %a samba config
variable substitution)

We have a problem with some XP machines which seem to be partially
working... they log in but don't run the sripts.  They map the home
drive as Z, but don't get any further....

I really need to get these problems sorted, if anyone can offer any
general debugging advice please feel free.  I have tried a few
times to go onsite and "sort it once and for all", spending many hours
on it searching google etc. but always hitting a brick wall.  I've tried
increasing the log level, packet dumps etc, but never get anything
useful.

Alex

smb.conf follows:
# Samba configuration file
[global]
   workgroup = WORKGROUP
   debug level = 1
#   interfaces = eth* ppp* _SAMBATUNLIF_
   hosts allow = 127.0.0.1 : 192.168.2.0/255.255.255.0
   hosts deny = 0.0.0.0/0.0.0.0
   printing = bsd
   printcap name = /etc/printcap
   hide files = AppleVolumes
   load printers = yes
   guest account = nobody
#   invalid users = root
   security = user
   server string = %h server (Samba %v)
#   socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=4096 SO_RCVBUF=4096
   encrypt passwords = yes
   smbpasswd file = /etc/smbpasswd
   wins support = yes
   os level = 65
   domain master = yes
   local master = yes
   preferred master = yes
   logon script = %a\%U.bat
   logon drive = Z:
   logon home = "\\%N\%U\profile"
   logon path = "\\%N\NTPROFILE\%U"
   dns proxy = no
   preserve case = yes
   short preserve case = yes
   domain logons = yes
   unix password sync = false
   add user script = /usr/sbin/useradd -d /dev/null -g users -s
/bin/false %u
   domain admin group = alex, blair, root

[homes]
   comment = Home
   browseable = no
   read only = no
   create mask = 0600
   directory mask = 0700

[netlogon]
   path = /var/shares/netlogon
   writeable = no
   guest ok = no

[ntprofile]
   comment = NT Profiles
   writable = yes
   path = /var/shares/ntprofile
   create mask = 600
   directory mask = 700

[website]
   comment = Web site
   writeable = yes
   valid users = @website
   force group = website
   path = /var/shares/website
   create mask = 664
   directory mask = 775

[intranet]
   comment = Intranet
   writeable = yes
   valid users = @intranet
   force group = intranet
   path = /var/www
   create mask = 664
   directory mask = 775

[storage]
   comment = Storage
   writable = no
   write list = @storage
   force group = storage
   path = /extra/storage
   create mask = 664
   directory mask = 775

....
(more shares)

More information about the samba mailing list