[Samba] Win XP logon issues

Jeffrey D. Means meaje at meanspc.com
Fri Jun 6 00:12:37 GMT 2003 

Jeffrey D. Means wrote:

> when trying to log on to my samba server (3.0a24 with LDAP)  I get a 
> message about the domain not being available or the machine account is 
> not available.  In the event log this is what the Netlogon service 
> reports about the error.
>
> ---
> The domain of this computer, MEANSPC has been downgraded from Windows 
> 2000 or newer to Windows NT4 or older. The computer cannot function 
> properly in this case for authentication purposes. This computer needs 
> to rejoin the domain. The following error occurred:
> There are currently no logon servers available to service the logon 
> request.
> ---
>
> Is this a issue with my Win XP Pro box or the samba server.  I have 
> broken the machine from the domain and rejoined it several times 
> trying to fix this issue to no avail.  I have applied the registry 
> patch for win xp and am now at a loss as to what to try next.
>
> --- smb.conf  [Global Section]
> # Global parameters
> [global]
>        workgroup = MEANSPC
>        netbios name = BAST
>        server string = Authentication Server
>        encrypt passwords = Yes
>        update encrypted = Yes
> #       obey pam restrictions = Yes
> #       pam password change = Yes
>        restrict anonymous = Yes
>        time server = Yes
>        socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192
>        add user script = /usr/sbin/useradd -s /bin/false -d /dev/null 
> -g 509 -c "%U" -M %u;passwd -l %u
>        add machine script = /usr/sbin/useradd -s /bin/false -d 
> /dev/null -g 509 -c "%m Machine" '%m$';passwd -l '%m$'
> #       delete user script = smbpasswd -x %u;userdel %u
>        message command = cat %s>/dev/lp0
> #       use spnego = no
>
> # LDAP
>        passdb backend = ldapsam:ldap://bast.picotech.net/
>        ldap suffix = o=smb,dc=meanspc,dc=com
>        ldap admin dn = "cn=root,o=smb,dc=meanspc,dc=com"
> #       ldap machine suffix = ou=Computers
> #       ldap user suffix = ou=Users
>        ldap ssl = no
>
> # Debugging
>        debug pid = Yes
>        debug uid = Yes
>        debug timestamp = Yes
>        log level = 1
>        log file = /var/log/samba/samba.log
>        max log size = 50
>        panic action = echo 
> "*******************************************************\nSamba Panic 
> !!!!!\n**************$
>
> # Logon Info
>        logon script = netlogon.bat
>        logon path = \\bast\profiles\%u
>        logon home = \\bast\%u
>        logon drive = Z:
>
> # Become PDC
>        os level = 255
>        lm announce = True
>        preferred master = True
>        domain master = True
>        domain logons = yes
>        dns proxy = No
>        wins proxy = Yes
>        wins support = Yes
>        null passwords = Yes
>
> # Admin Stuff
>        admin users = @smbadmin
>        write list = @smbadmin
>        map system = Yes
>        map hidden = Yes
>        delete readonly = Yes
>        hosts allow = 192.168. localhost 127.0.0.1
>        interfaces = eth0
>        bind interfaces only = Yes
>        large readwrite = Yes
>        min protocol = LANMAN1
>        fstype = NTFS
>        nt acl support = yes
>
>
-- samba.log for an actual logon attempt
[root at bast root]# cat /var/log/samba/samba.log
[2003/06/05 18:05:17, 3, pid=10120, effective(0, 0), real(0, 0)] 
auth/auth.c:check_ntlm_password(216)
  check_ntlm_password:  Checking password for unmapped user 
[]\[]@[JEFF-WS] with the new password interface
[2003/06/05 18:05:17, 3, pid=10120, effective(0, 0), real(0, 0)] 
auth/auth.c:check_ntlm_password(219)
  check_ntlm_password:  mapped user is: [MEANSPC]\[]@[JEFF-WS]
[2003/06/05 18:05:17, 3, pid=10120, effective(0, 0), real(0, 0)] 
smbd/sec_ctx.c:push_sec_ctx(256)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2003/06/05 18:05:17, 3, pid=10120, effective(0, 0), real(0, 0)] 
smbd/uid.c:push_conn_ctx(287)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2003/06/05 18:05:17, 3, pid=10120, effective(0, 0), real(0, 0)] 
smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2003/06/05 18:05:17, 2, pid=10120, effective(0, 0), real(0, 0)] 
passdb/pdb_ldap.c:ldapsam_search_suffix(948)
  ldapsam_search_suffix: searching 
for:[(&(sambaSID=S-1-5-21-720503001-857626571-2809650969-501)(objectclass=sambaSamAccount))]
[2003/06/05 18:05:17, 3, pid=10120, effective(0, 0), real(0, 0)] 
smbd/sec_ctx.c:pop_sec_ctx(386)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2003/06/05 18:05:17, 3, pid=10120, effective(0, 0), real(0, 0)] 
smbd/sec_ctx.c:push_sec_ctx(256)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2003/06/05 18:05:17, 3, pid=10120, effective(0, 0), real(0, 0)] 
smbd/uid.c:push_conn_ctx(287)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2003/06/05 18:05:17, 3, pid=10120, effective(0, 0), real(0, 0)] 
smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2003/06/05 18:05:17, 2, pid=10120, effective(0, 0), real(0, 0)] 
passdb/pdb_ldap.c:ldapsam_search_suffix(948)
  ldapsam_search_suffix: searching 
for:[(&(uid=)(objectclass=sambaSamAccount))]
[2003/06/05 18:05:17, 3, pid=10120, effective(0, 0), real(0, 0)] 
smbd/sec_ctx.c:pop_sec_ctx(386)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2003/06/05 18:05:17, 3, pid=10120, effective(0, 0), real(0, 0)] 
auth/auth_sam.c:check_sam_security(437)
  Couldn't find user '' in passdb file.
[2003/06/05 18:05:17, 2, pid=10120, effective(0, 0), real(0, 0)] 
auth/auth.c:check_ntlm_password(301)
  check_ntlm_password:  Authentication for user [] -> [] FAILED with 
error NT_STATUS_NO_SUCH_USER
[2003/06/05 18:05:20, 3, pid=10120, effective(0, 0), real(0, 0)] 
smbd/process.c:process_smb(882)
  Transaction 8 of length 246
[2003/06/05 18:05:20, 3, pid=10120, effective(0, 0), real(0, 0)] 
smbd/process.c:switch_message(676)
  switch message SMBsesssetupX (pid 10120)
[2003/06/05 18:05:20, 3, pid=10120, effective(0, 0), real(0, 0)] 
smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2003/06/05 18:05:20, 3, pid=10120, effective(0, 0), real(0, 0)] 
smbd/sesssetup.c:reply_sesssetup_and_X(534)
  wct=12 flg2=0xc807
[2003/06/05 18:05:20, 3, pid=10120, effective(0, 0), real(0, 0)] 
smbd/sesssetup.c:reply_sesssetup_and_X_spnego(446)
  Doing spnego session setup
[2003/06/05 18:05:20, 3, pid=10120, effective(0, 0), real(0, 0)] 
smbd/sesssetup.c:reply_sesssetup_and_X_spnego(470)
  NativeOS=[Windows 2002 2600 Service Pack 1] NativeLanMan=[Windows 2002 
5.1]
[2003/06/05 18:05:20, 3, pid=10120, effective(0, 0), real(0, 0)] 
smbd/sesssetup.c:reply_spnego_negotiate(351)
  Got OID 1 3 6 1 4 1 311 2 2 10
[2003/06/05 18:05:20, 3, pid=10120, effective(0, 0), real(0, 0)] 
smbd/sesssetup.c:reply_spnego_negotiate(358)
  Got secblob of size 46
[2003/06/05 18:05:20, 3, pid=10120, effective(0, 0), real(0, 0)] 
libsmb/ntlmssp.c:debug_ntlmssp_flags(33)
  Got NTLMSSP neg_flags=0xe008b297
[2003/06/05 18:05:20, 3, pid=10120, effective(0, 0), real(0, 0)] 
smbd/process.c:process_smb(882)
  Transaction 9 of length 252
[2003/06/05 18:05:20, 3, pid=10120, effective(0, 0), real(0, 0)] 
smbd/process.c:switch_message(676)
  switch message SMBsesssetupX (pid 10120)
[2003/06/05 18:05:20, 3, pid=10120, effective(0, 0), real(0, 0)] 
smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2003/06/05 18:05:20, 3, pid=10120, effective(0, 0), real(0, 0)] 
smbd/sesssetup.c:reply_sesssetup_and_X(534)
  wct=12 flg2=0xc807
[2003/06/05 18:05:20, 3, pid=10120, effective(0, 0), real(0, 0)] 
smbd/sesssetup.c:reply_sesssetup_and_X_spnego(446)
  Doing spnego session setup
[2003/06/05 18:05:20, 3, pid=10120, effective(0, 0), real(0, 0)] 
smbd/sesssetup.c:reply_sesssetup_and_X_spnego(470)
  NativeOS=[Windows 2002 2600 Service Pack 1] NativeLanMan=[Windows 2002 
5.1]
[2003/06/05 18:05:20, 3, pid=10120, effective(0, 0), real(0, 0)] 
libsmb/ntlmssp.c:ntlmssp_server_auth(284)
  Got user=[] domain=[] workstation=[JEFF-WS] len1=1 len2=0
[2003/06/05 18:05:20, 3, pid=10120, effective(0, 0), real(0, 0)] 
auth/auth.c:check_ntlm_password(216)
  check_ntlm_password:  Checking password for unmapped user 
[]\[]@[JEFF-WS] with the new password interface
[2003/06/05 18:05:20, 3, pid=10120, effective(0, 0), real(0, 0)] 
auth/auth.c:check_ntlm_password(219)
  check_ntlm_password:  mapped user is: [MEANSPC]\[]@[JEFF-WS]
[2003/06/05 18:05:20, 3, pid=10120, effective(0, 0), real(0, 0)] 
smbd/sec_ctx.c:push_sec_ctx(256)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2003/06/05 18:05:20, 3, pid=10120, effective(0, 0), real(0, 0)] 
smbd/uid.c:push_conn_ctx(287)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2003/06/05 18:05:20, 3, pid=10120, effective(0, 0), real(0, 0)] 
smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2003/06/05 18:05:20, 2, pid=10120, effective(0, 0), real(0, 0)] 
passdb/pdb_ldap.c:ldapsam_search_suffix(948)
  ldapsam_search_suffix: searching 
for:[(&(sambaSID=S-1-5-21-720503001-857626571-2809650969-501)(objectclass=sambaSamAccount))]
[2003/06/05 18:05:20, 3, pid=10120, effective(0, 0), real(0, 0)] 
smbd/sec_ctx.c:pop_sec_ctx(386)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2003/06/05 18:05:20, 3, pid=10120, effective(0, 0), real(0, 0)] 
smbd/sec_ctx.c:push_sec_ctx(256)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2003/06/05 18:05:20, 3, pid=10120, effective(0, 0), real(0, 0)] 
smbd/uid.c:push_conn_ctx(287)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2003/06/05 18:05:20, 3, pid=10120, effective(0, 0), real(0, 0)] 
smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2003/06/05 18:05:20, 2, pid=10120, effective(0, 0), real(0, 0)] 
passdb/pdb_ldap.c:ldapsam_search_suffix(948)
  ldapsam_search_suffix: searching 
for:[(&(uid=)(objectclass=sambaSamAccount))]
[2003/06/05 18:05:20, 3, pid=10120, effective(0, 0), real(0, 0)] 
smbd/sec_ctx.c:pop_sec_ctx(386)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2003/06/05 18:05:20, 3, pid=10120, effective(0, 0), real(0, 0)] 
auth/auth_sam.c:check_sam_security(437)
  Couldn't find user '' in passdb file.
[2003/06/05 18:05:20, 2, pid=10120, effective(0, 0), real(0, 0)] 
auth/auth.c:check_ntlm_password(301)
  check_ntlm_password:  Authentication for user [] -> [] FAILED with 
error NT_STATUS_NO_SUCH_USER
[2003/06/05 18:06:20, 3, pid=10120, effective(0, 0), real(0, 0)] 
smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2003/06/05 18:07:20, 3, pid=10120, effective(0, 0), real(0, 0)] 
smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2003/06/05 18:07:20, 2, pid=10120, effective(0, 0), real(0, 0)] 
smbd/process.c:timeout_processing(1126)
  Closing idle connection
[2003/06/05 18:07:20, 3, pid=10120, effective(0, 0), real(0, 0)] 
smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2003/06/05 18:07:20, 2, pid=10120, effective(0, 0), real(0, 0)] 
smbd/server.c:exit_server(558)
  Closing connections
[2003/06/05 18:07:20, 3, pid=10120, effective(0, 0), real(0, 0)] 
smbd/connection.c:yield_connection(61)
  Yielding connection to
[2003/06/05 18:07:20, 3, pid=10120, effective(0, 0), real(0, 0)] 
smbd/server.c:exit_server(601)
  Server exit (normal exit)
  process_logon_packet: SAMLOGON request from JEFF-WS(192.168.100.2) for 
, returning logon svr \\BAST domain MEANSPC code 13 token=ffff
[root at bast root]#
---

I hope this helps someone find the domain controler missing error.

More information about the samba mailing list