[Samba] A domain controller for the domain could not by contacted (2.2.3a-12.3 for Debian)

Patrick Shoaf pshoaf at model-cleaners.com
Tue Dec 16 18:34:52 GMT 2003 

I am running on RedHat, but everything should be same on server side.  Try 
adding the following lines into the smb.conf file:

password level = 8
username level = 8
encrypt passwords = yes
smb passwd file = /etc/samba/smbpasswd
unix password sync = yes
pam password change = yes
obey pam restrictions = yes

I have these lines in my conf and everything is working for me, even WinXP 
now.
The first two lines are for the case differences between Win & linux.
All version of win beyond Win95 defaults to encrypted passwords, hence line 3.
I have two password files, /etc/passwd for Linux & smbpasswd for Samba, 
users must be in both to authenticate, hence lines 4-5.
Lines 6-7 were in my default config and things work, so I did not question 
them.

If this does not work, please email me complete smb.conf file, and I will 
do a more thorough comparison.

Good Luck.

Patrick Shoaf

At 11:12 AM 12/16/2003, Eduard Witteveen wrote:
>Hello,
>
>I'm having problems using Samba as an primary domain controller. I am 
>using debian woody as our platform.
>
>The version of samba is "2.2.3a-12.3 for Debian" and i followed the 
>instructions which can be found on the following url: 
>http://www-106.ibm.com/developerworks/eserver/tutorials/samba/. In short 
>this covers:
>    - creating the config file
>    - creating the users / groups
>    - creating directory structure
>    - configuring the windows client
>I attached my config file's /logging  from my debian woody system.
>
>I did the following things on the windows client (Windows XP Professional 
>2002 Service Pack 1)
>    - Open the Local Security Policy editor (Start -> All Programs -> 
> Administrative Tools -> Local Security Policy).
>    - Locate the entry "Domain member: Digitally encrypt or sign secure 
> channel (always)". Disable it.
>    - Locate the entry "Domain member: Disable machine account password 
> changes". Make sure it's disabled as well.
>    - Locate the entry "Domain member: Require strong (Windows 2000 or 
> later) session key". Disable it.
>    - Next, download the WinXP_SignOrSeal registry patch from 
> www.samba.org <http://www.samba.org> or collect it from the Further 
> resources: Downloads and developerWorks 
> <http://www-106.ibm.com/developerworks/eserver/tutorials/samba/samba-6-2.html> 
> section at the end of this tutorial. Apply it by double-clicking and 
> answering Yes to the dialog prompt.
>    - Now join the domain the same as you would for Windows NT or 2000. 
> Right-click My Computer, select Properties, Computer Name, and Change. Or 
> click the Network ID button and run the Network Wizard.
>
>I put some screenshots of windows on the following locations: 
>http://www.nergens.org/samba/ComputerNameChanges.PNG and 
>http://www.nergens.org/samba/ComputerProperties.PNG
>
>( i searched on the mailarchive, but i couldnt find any pointers / im 
>kinda new to smb so i dont know how to debug)
>
>Could someone please help me here?
>
>Eduard Witteveen
>
>
>
>[global]
>;basic server settings
>workgroup = HAWAR3
>netbios name = nemo
>server string = Samba %h PDC running %v
>socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192
>
>;PDC and master browser settings
>os level = 64
>preferred master = yes
>local master = yes
>domain master = yes
>
>;security and logging settings
>security = user
># encrypt passwords = yes
>log file = /var/log/samba/log.%m
>log level = 2
># max log size = 50
># hosts allow = 127.0.0.1 192.168.1.0/255.255.255.0
>
>;user profiles and home directory
>logon home = \\%L\%U\
>logon drive = H:
>logon path = \\%L\profiles\%U
>logon script = netlogon.bat
>
>;sync passwords
>unix password sync = yes
>passwd program = /usr/bin/passwd %u
>passwd chat = *New*UNIX*password* %n\n *Retype*new*UNIX*password* 
>%n\n  *Enter*new*UNIX*password* %n\n *Retype*new*UNIX*password* %n\n 
>*passwd:         *all*authentication*tokens*updated*successfully*
>
>; new machines
>add user script = /usr/sbin/useradd -d /dev/null -g machines -s /bin/false 
>-M %u
>
>
># ==== shares ====
>
>[homes]
>comment = Home Directories
>browseable = no
>writeable = yes
>
>[profiles]
>path = /home/samba/profiles
>writeable = yes
>browseable = no
>create mask = 0600[2003/12/16 17:18:37, 0] smbd/server.c:main(698)
>   smbd version 2.2.3a-12.3 for Debian started.
>   Copyright Andrew Tridgell and the Samba Team 1992-2002
>[2003/12/16 17:18:37, 1] lib/debug.c:debug_message(250)
>   INFO: Debug class all level = 2   (pid 232 from pid 232)
>[2003/12/16 17:18:37, 2] param/loadparm.c:do_section(2973)
>   Processing section "[homes]"
>[2003/12/16 17:18:37, 2] param/loadparm.c:do_section(2973)
>   Processing section "[profiles]"
>[2003/12/16 17:18:37, 2] param/loadparm.c:do_section(2973)
>   Processing section "[netlogon]"
>[2003/12/16 17:18:37, 2] lib/interface.c:add_interface(81)
>   added interface ip=10.0.0.152 bcast=10.0.0.255 nmask=255.255.255.0
>[2003/12/16 17:18:37, 2] smbd/server.c:open_sockets(198)
>   waiting for a connection
>nemo:/var/log/samba# cat log.nmbd
>[2003/12/16 17:18:37, 0] nmbd/nmbd.c:main(783)
>   Netbios nameserver version 2.2.3a-12.3 for Debian started.
>   Copyright Andrew Tridgell and the Samba Team 1994-2002
>[2003/12/16 17:18:37, 1] lib/debug.c:debug_message(250)
>   INFO: Debug class all level = 2   (pid 230 from pid 230)
>[2003/12/16 17:18:37, 2] nmbd/nmbd.c:main(821)
>   Becoming a daemon.
>[2003/12/16 17:18:37, 2] lib/interface.c:add_interface(81)
>   added interface ip=10.0.0.152 bcast=10.0.0.255 nmask=255.255.255.0
>[2003/12/16 17:18:37, 2] nmbd/nmbd_subnetdb.c:make_subnet(193)
>   making subnet name:10.0.0.152 Broadcast address:10.0.0.255 Subnet 
> mask:255.255.255.0
>[2003/12/16 17:18:37, 2] nmbd/nmbd_subnetdb.c:make_subnet(193)
>   making subnet name:UNICAST_SUBNET Broadcast address:0.0.0.0 Subnet 
> mask:0.0.0.0
>[2003/12/16 17:18:37, 2] nmbd/nmbd_subnetdb.c:make_subnet(193)
>   making subnet name:REMOTE_BROADCAST_SUBNET Broadcast address:0.0.0.0 
> Subnet mask:0.0.0.0
>[2003/12/16 17:18:37, 2] nmbd/nmbd_lmhosts.c:load_lmhosts_file(41)
>   load_lmhosts_file: Can't open lmhosts file /etc/samba/lmhosts. Error 
> was No such file or directory
>[2003/12/16 17:18:37, 0] 
>nmbd/nmbd_become_dmb.c:become_domain_master_browser_bcast(291)
>   become_domain_master_browser_bcast:
>   Attempting to become domain master browser on workgroup HAWAR3 on 
> subnet 10.0.0.152
>[2003/12/16 17:18:37, 0] 
>nmbd/nmbd_become_dmb.c:become_domain_master_browser_bcast(305)
>   become_domain_master_browser_bcast: querying subnet 10.0.0.152 for 
> domain master browser on workgroup HAWAR3
>[2003/12/16 17:18:41, 2] 
>nmbd/nmbd_become_dmb.c:become_domain_master_stage1(179)
>   become_domain_master_stage1: Becoming domain master browser for 
> workgroup HAWAR3 on subnet 10.0.0.152
>[2003/12/16 17:18:41, 0] 
>nmbd/nmbd_responserecordsdb.c:find_response_record(237)
>   find_response_record: response packet id 12349 received with no 
> matching record.
>[2003/12/16 17:18:41, 0] 
>nmbd/nmbd_responserecordsdb.c:find_response_record(237)
>   find_response_record: response packet id 12350 received with no 
> matching record.
>[2003/12/16 17:18:43, 2] nmbd/nmbd_elections.c:send_election_dgram(43)
>   send_election_dgram: Sending election packet for workgroup HAWAR3 on 
> subnet 10.0.0.152
>[2003/12/16 17:18:45, 2] nmbd/nmbd_elections.c:send_election_dgram(43)
>   send_election_dgram: Sending election packet for workgroup HAWAR3 on 
> subnet 10.0.0.152
>[2003/12/16 17:18:45, 0] 
>nmbd/nmbd_become_dmb.c:become_domain_master_stage2(115)
>   *****
>
>   Samba server NEMO is now a domain master browser for workgroup HAWAR3 
> on subnet 10.0.0.152
>
>   *****
>[2003/12/16 17:18:48, 2] nmbd/nmbd_elections.c:send_election_dgram(43)
>   send_election_dgram: Sending election packet for workgroup HAWAR3 on 
> subnet 10.0.0.152
>[2003/12/16 17:18:50, 2] nmbd/nmbd_elections.c:send_election_dgram(43)
>   send_election_dgram: Sending election packet for workgroup HAWAR3 on 
> subnet 10.0.0.152
>[2003/12/16 17:18:52, 2] nmbd/nmbd_elections.c:send_election_dgram(43)
>   send_election_dgram: Sending election packet for workgroup HAWAR3 on 
> subnet 10.0.0.152
>[2003/12/16 17:18:52, 2] nmbd/nmbd_elections.c:run_elections(208)
>   run_elections: >>> Won election for workgroup HAWAR3 on subnet 
> 10.0.0.152 <<<
>[2003/12/16 17:18:52, 2] 
>nmbd/nmbd_become_lmb.c:become_local_master_browser(549)
>   become_local_master_browser: Starting to become a master browser for 
> workgroup HAWAR3 on subnet 10.0.0.152
>[2003/12/16 17:19:00, 0] 
>nmbd/nmbd_become_lmb.c:become_local_master_stage2(404)
>   *****
>
>   Samba name server NEMO is now a local master browser for workgroup 
> HAWAR3 on subnet 10.0.0.152
>
>   *****[2003/12/16 17:18:37, 0] smbd/server.c:main(698)
>   smbd version 2.2.3a-12.3 for Debian started.
>   Copyright Andrew Tridgell and the Samba Team 1992-2002
>[2003/12/16 17:18:37, 1] lib/debug.c:debug_message(250)
>   INFO: Debug class all level = 2   (pid 232 from pid 232)
>[2003/12/16 17:18:37, 2] param/loadparm.c:do_section(2973)
>   Processing section "[homes]"
>[2003/12/16 17:18:37, 2] param/loadparm.c:do_section(2973)
>   Processing section "[profiles]"
>[2003/12/16 17:18:37, 2] param/loadparm.c:do_section(2973)
>   Processing section "[netlogon]"
>[2003/12/16 17:18:37, 2] lib/interface.c:add_interface(81)
>   added interface ip=10.0.0.152 bcast=10.0.0.255 nmask=255.255.255.0
>[2003/12/16 17:18:37, 2] smbd/server.c:open_sockets(198)
>   waiting for a connection--
>To unsubscribe from this list go to the following URL and read the
>instructions:  http://lists.samba.org/mailman/listinfo/samba

Patrick J. Shoaf, IT Manager
pshoaf at model-cleaners.com

Model Cleaners, Uniforms, & Apparel
100 Third Street
Charleroi, PA 15022
<http://www.model-uniforms.com/>http://www.model-uniforms.com
Phone: 724-489-9553 ext. 105
  or    800-99 MODEL
Fax:   724-489-4386

More information about the samba mailing list