[Samba] Domain logins not working

Gary Dale garydale at rogers.com
Sat Jan 3 23:07:21 GMT 2009 

Further to below, here are the syslog entries for an attempt to login 
from an XP/Pro workstation. While it is indicating a problem 
authenticating a machine account, the machine account does exist:

Jan  3 17:50:44 whenim64 smbd[11537]: [2009/01/03 17:50:44, 0] 
rpc_server/srv_netlog_nt.c:_net_auth_2(478)
Jan  3 17:50:44 whenim64 smbd[11537]:   _net_auth2: creds_server_check 
failed. Rejecting auth request from client SHAFEENA machine account 
SHAFEENA$
Jan  3 17:50:44 whenim64 smbd[11537]: [2009/01/03 17:50:44, 0] 
rpc_server/srv_netlog_nt.c:_net_auth_2(478)
Jan  3 17:50:44 whenim64 smbd[11537]:   _net_auth2: creds_server_check 
failed. Rejecting auth request from client SHAFEENA machine account 
SHAFEENA$


Here are the syslog entries for a share connection from another machine 
(hyperzip) which has not been logged out and back in since the DC switch 
took place. It can still connect to shares:

Jan  3 17:59:58 whenim64 smbd[11203]: [2009/01/03 17:59:58, 0] 
lib/util_sock.c:get_peer_addr(1221)
Jan  3 17:59:58 whenim64 smbd[11203]:   getpeername failed. Error was 
Transport endpoint is not connected
Jan  3 17:59:58 whenim64 smbd[11606]: [2009/01/03 17:59:58, 0] 
lib/util_sock.c:get_peer_addr(1221)
Jan  3 17:59:58 whenim64 smbd[11606]:   getpeername failed. Error was 
Transport endpoint is not connected
Jan  3 17:59:58 whenim64 smbd[11606]: [2009/01/03 17:59:58, 0] 
lib/util_sock.c:write_data(562)
Jan  3 17:59:58 whenim64 smbd[11606]:   write_data: write failure in 
writing to client 0.0.0.0. Error Connection reset by peer
Jan  3 17:59:58 whenim64 smbd[11606]: [2009/01/03 17:59:58, 0] 
lib/util_sock.c:send_smb(761)
Jan  3 17:59:58 whenim64 smbd[11606]:   Error writing 4 bytes to client. 
-1. (Connection reset by peer)
Jan  3 17:59:58 whenim64 smbd[11607]: [2009/01/03 17:59:58, 1] 
smbd/service.c:make_connection_snum(950)
Jan  3 17:59:58 whenim64 smbd[11607]:   hyperzip (192.168.2.12) connect 
to service archives initially as user garydale (uid=0, gid=1000) (pid 
11607)
Jan  3 17:59:59 whenim64 smbd[11607]: [2009/01/03 17:59:59, 1] 
smbd/service.c:make_connection_snum(950)
Jan  3 17:59:59 whenim64 smbd[11607]:   hyperzip (192.168.2.12) connect 
to service media$ initially as user garydale (uid=0, gid=1000) (pid 11607)


--------------------------

I'm trying to set up a new server to replace my previous domain
controller/file&print server on my home network. My old server was
running Debian/Etch on a 32bit sempron system with two HDs. The new one
is running an old 64bit single-core processor and 3 HDs configured into
multiple RAID  1 and 5 arrays (/boot as RAID 1 and /, /home, swap and a
/backup directory as RAID 5).  The new server is running Debian/Etch+1/2.

Samba was installed by default since I specified the new server as a
file & print server.  I rsync'ed the old /home to the new one to get the
files across. Then  I used SWAT to make my old server a member server
and the new one a domain controller. Since I only had a few accounts I
set them up manually on the new machine, taking care to ensure that the
new Unix ids matched the old ones.

File sharing is working well after I remapped the drives on a running
XP/Pro workstation. However, I can't get logins to work. I've set up
machine accounts for each XP/Pro workstation and used SWAT to create the
new Samba accounts and enable them (with the same password as before)
but XP/Pro refuses to allow the logins. I also tried mapping a share on
the old server to a directory on the new and I get the same problem -
it's having problems finding a DC.

Here's my smb.conf (minus most of the shares), if that helps (ps, I will
set the log level higher as part of my debugging so don't suggest I do
that. However, any suggestions on what may be going wrong are welcome.
:)  ):

# Samba config file created using SWAT
# from 192.168.2.11 (192.168.2.11)
# Date: 2009/01/03 15:47:32

[global]
    workgroup = RAHIM-DALE
    server string = %h server
    obey pam restrictions = Yes
    passdb backend = tdbsam
    passwd program = /usr/bin/passwd %u
    passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* .
    unix password sync = Yes
    syslog = 0
    log file = /var/log/samba/log.%m
    max log size = 1000
    add user script = /usr/sbin/useradd  -g users %u
    delete user script = /usr/sbin/userdel -r %u
    add group script = /usr/sbin/groupadd %g
    delete group script = /usr/sbin/groupdel %g
    add user to group script = /usr/sbin/usermod -G  %g %u
    add machine script = /usr/sbin/useradd -g machines -c Machine -d
/dev/null -s /bin/false %u\$
    logon script = scripts\logon.bat
    logon path = \\%L\profiles\%U
    logon drive = M:
    logon home = \\%L\%U
    domain logons = Yes
    preferred master = Yes
    domain master = Yes
    dns proxy = No
    wins support = Yes
    ldap ssl = no
    panic action = /usr/share/samba/panic-action %d
    idmap uid = 10000-20000
    idmap gid = 10000-20000
    username = root = administrator
    invalid users = root
    admin users = garydale, root
    printer admin = garydale
    printing = cups
    print command =
    lpq command = %p
    lprm command =
    include = /etc/samba/dhcp.conf

[homes]
    comment = Home Directories
    valid users = %S
    create mask = 0700
    directory mask = 0700
    browseable = No

[printers]
    comment = All Printers
    path = /var/spool/samba
    create mask = 0700
    printable = Yes
    browseable = No

[print$]
    comment = Printer Drivers
    path = /var/lib/samba/printers

[profiles]
    path = /home/samba/profiles
    read only = No

[netlogon]
    path = /home/samba/netlogon
    read only = No

More information about the samba mailing list