[Samba] Samba as PDC with WinXP Clients -> headache!!

Mal Beaton mal at mbeaton.id.au
Thu Jun 5 10:55:02 GMT 2003 

We have been doing some extensive work with samba2.2.3 and win xp sp1 
and have experienced similar problems

Intermittantly users could not locate their roaming profiles on first 
login in the morning. Sometimes second login would work sometimes not.

then at random intervals during the day they would lose their drives

the first thing we tried

deadtime = 1

that fixed the login in the morning problem and users seem to be happier 
(no complaints)

but they were losing their network drives at irregular intervals 
sometimes reconnecting straight away sometimes not

we changed it to

deadtime =120 and we have not had a complaint about lost drives for 3 days

during the investigations we found that even though win xp had 
completely logged out (even turned off the maching in one case) the user
was still appearing in smbstatus

This was identified in an article sent to the samb lists about samba not 
recognising win xp logoffs

http://support.microsoft.com/default.aspx?scid=kb;en-us;316740
http://support.microsoft.com/default.aspx?scid=kb;EN-US;323582

I havent tried these yet.

but for the users deadtime =120 seems to have assisted

let me know how you go



Alex King wrote:
> I'm having the same problems as Daniel Zeiss, hence the message with the
> same subject!
> 
> As is the case with Daniel, I'm having very unsatisfacory performance
> with Samba as PDC and WinXP (Pro) clients.
> 
> Basically, XP machines seem to join the domain OK, but then fall off at
> random, and tell me that no domain controler is available, without any
> apparant network activity.
> 
> I'm using 2.2.8a, with "normal" encrypted passwords (no LDAP).
> 
> I have essentially the same setup at several sites.  I'm not the first
> point of contact at any of the sites, but unfortunately I'm responsible
> for making samba work at all of them.  Access to the sites (and direct
> experience of the problems as opposed to user reports) is relatively
> difficult.  Also the different sites have different first-port-of-call
> administrators, and probably very different usage patterns....
> 
> At one site ("the good site") there are around 13 XP workstations no
> other windows machines.  I seldom hear of any problems at this site.
> However I know the administrator here is routinely reinstalls XP (and
> re-joins the domain) whenever there is a problem.
> 
> I've also heard that they sometimes have the "can't log in" problem, and
> have solved it by re-joining the domain.  I'm not sure exactly how
> frequent this is because I'm not always told.
> 
> Historically most of the sites have been on 95/98, and most probably
> still have a majority of 98 machines, but lately most of them also have
> a few XP machines as well.
> 
> Again I am hamstrung by limited direct experience at these sites, but it
> appears that the "no domain controler" error happens at these sites too.
> Usually re-joining the domain solves this issue, but some clients seem
> not to be able to join the domain at all, or only after repeated
> attempts.
> 
> My setup runs a logon script, which syncs the workstation time and maps
> certain shares ("NET USE... etc.")  according to the user logged in.
> The scripts are different according to the windows client architecture.
> Win 95 script looks like:
> 
> NET TIME \\SERVER /YES /SET
> NET USE H: /home
> NET USE S: \\SERVER\STORAGE
> NET USE W: \\SERVER\WEBSITE
> ...
> (maps 11 drives)
> WinNT and Win2K scripts are the same:
> NET TIME \\SERVER /YES /SET
> NET USE H: \\SERVER\alex
> NET USE S: \\SERVER\STORAGE
> NET USE W: \\SERVER\WEBSITE
> ...
> (I assume XP appears as the 2K archetecture in the %a samba config
> variable substitution)
> 
> We have a problem with some XP machines which seem to be partially
> working... they log in but don't run the sripts.  They map the home
> drive as Z, but don't get any further....
> 
> I really need to get these problems sorted, if anyone can offer any
> general debugging advice please feel free.  I have tried a few
> times to go onsite and "sort it once and for all", spending many hours
> on it searching google etc. but always hitting a brick wall.  I've tried
> increasing the log level, packet dumps etc, but never get anything
> useful.
> 
> Alex
> 
> smb.conf follows:
> # Samba configuration file
> [global]
>    workgroup = WORKGROUP
>    debug level = 1
> #   interfaces = eth* ppp* _SAMBATUNLIF_
>    hosts allow = 127.0.0.1 : 192.168.2.0/255.255.255.0
>    hosts deny = 0.0.0.0/0.0.0.0
>    printing = bsd
>    printcap name = /etc/printcap
>    hide files = AppleVolumes
>    load printers = yes
>    guest account = nobody
> #   invalid users = root
>    security = user
>    server string = %h server (Samba %v)
> #   socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=4096 SO_RCVBUF=4096
>    encrypt passwords = yes
>    smbpasswd file = /etc/smbpasswd
>    wins support = yes
>    os level = 65
>    domain master = yes
>    local master = yes
>    preferred master = yes
>    logon script = %a\%U.bat
>    logon drive = Z:
>    logon home = "\\%N\%U\profile"
>    logon path = "\\%N\NTPROFILE\%U"
>    dns proxy = no
>    preserve case = yes
>    short preserve case = yes
>    domain logons = yes
>    unix password sync = false
>    add user script = /usr/sbin/useradd -d /dev/null -g users -s
> /bin/false %u
>    domain admin group = alex, blair, root
> 
> [homes]
>    comment = Home
>    browseable = no
>    read only = no
>    create mask = 0600
>    directory mask = 0700
> 
> [netlogon]
>    path = /var/shares/netlogon
>    writeable = no
>    guest ok = no
> 
> [ntprofile]
>    comment = NT Profiles
>    writable = yes
>    path = /var/shares/ntprofile
>    create mask = 600
>    directory mask = 700
> 
> [website]
>    comment = Web site
>    writeable = yes
>    valid users = @website
>    force group = website
>    path = /var/shares/website
>    create mask = 664
>    directory mask = 775
> 
> [intranet]
>    comment = Intranet
>    writeable = yes
>    valid users = @intranet
>    force group = intranet
>    path = /var/www
>    create mask = 664
>    directory mask = 775
> 
> [storage]
>    comment = Storage
>    writable = no
>    write list = @storage
>    force group = storage
>    path = /extra/storage
>    create mask = 664
>    directory mask = 775
> 
> ....
> (more shares)

-- 
Mal

http://mbeaton.id.au:5537/
:wq!

More information about the samba mailing list