[Samba] internal error occurs while domain users try to access file servers

Shunichi Ikuta sikuta2 at yahoo.co.jp
Thu Apr 22 12:07:58 GMT 2004 

Hello experts,

I have installed Samba3.0.1 for "Account Domain Controller(PDC)" and 
openLDAP2.2.6 for backend database which stores user accounts. 
There is Windows2000 Server for "Resource Domain controller" that 
has a trust relationship with Samba "Account Domain Controller".
WINS service is running on "Resource Domain Controller" Windows2000 
Server machine as well. A file server (Windows2000 Server) is prepared 
and its machine account is registered to "Resource Domain Controller".


The problem I have is 

 "domain users are not able to access the file server machine(Windows 
  2000 Server)". 

This file server is NOT Samba, it is Windows 2000 Server.


Below is the description of the Samba + LDAP environment.

== Operation System(OS) and installed software description ===

Machine No 1. 
 OS: Redhat Linux 9
 Software: Samba3.0.1
 Use: Samba PDC Account Domain Controller

Machine No 2. 
 OS: Solaris 8
 Software: OpenLDAP2.2.6
 Use: user and machine account directory server

Machine No 3.
 OS: Windows 2000 Server
 Use: Resource Domain Controller

Machine No 4. 
 OS: Windows 2000 Server
 Use: Resource Domain Controller & WINS Server

Machine No 5.
 OS: Windows 2000 Server
 Use: File Server

Machine No 6.
 OS: Windows 2000 Pro
 Use: Client machine for domain users


== Windows Domain Model description =====

 1. The model is "Single Master Domain Model"
 2. "Resource Domain" trusts "Account Domain" 
    (Established a trust relationship)
 3. Machine accounts for file server(Machine No 5) 
    and client(Machine No 6) are registered to "Resource 
    Domain"
 4. A "Domain User" is registered to "Account Domain Controller"


== Other information ====================

 1. The value of "Primary WINS server" for all the machines is 
    set to Machine No 4.  The value of the attribute, "wins server" 
    in smb.conf for Samba is also set to Machine No 4. 


== Problem description =================

The problem, which I have with above environment, is that an error 
occurs when domain users try to access file server machine.
Because of that error, domain users are not able to access to 
file server.

Following is the procedure for reproducing the problem.

 Step 1. Log on a "Domain User" to "Account Domain(Samba PDC)" 
         using the client machine(Machine No 6)
 Step 2. Open "Explorer". Go to "My Network Places" -> 
         "Entire Network" -> "Microsoft Windows Network" ->
         "Resource Domain".
 Step 3. You will see the file server machine icon(Machine 
         No 5). Double click the icon to browse its shared 
         directories and files.
 Stop 4. Problem occurs! Unable to access the file server
         (Machine No 5) and an error dialog pops up. The
         message of the error dialog was 
         "Unable to access machine No 5.
          Windows 2000 Internal Error has Occurred"


The problem occurs irregularly which makes me difficult to 
determine the cause of the problem. 


== Samba Configuration - smb.conf 
   (Some parameters cannot be displayed) ======

# Samba config file created using SWAT
# from 172.XXX.XXX.XXX.
# Date: YYYY/MM/DD hh:mm:ss

# Global parameters
[global]
	security = user
	encrypt passwords = Yes
	dos charset = UTF8
	display charset = UTF8
	workgroup = (TEST DOMAIN NAME)
	passdb backend = ldapsam:"ldap://(LDAP SERVER)" smbpasswd
	ldap passwd sync = Yes
	ldap ssl = start tls
	log level = 100
	log file = /var/samba/log/smb.log.%m
	logon path =
	logon home =
	os level = 32
	domain logons = Yes
	domain master = Yes
	preferred master = Yes
	local master = Yes
	wins support = no
	wins server = 172.XXX.XXX.XXX # IPAddress for WINS Server
	ldap suffix = dc=XXX,dc=XXX
	ldap machine suffix = ou=People
	ldap user suffix = ou=People
	ldap group suffix = ou=Group
	ldap admin dn = cn=Manager,dc=XXX,dc=XXX
	browseable = no
	writeable  = no
	guest account = guest
	deadtime = 15
	socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
	lm announce = Yes

[share]
	path = /var/samba/share
	browseable = yes
	writeable  = yes
	guest ok   = no

[netlogon]
	path = /var/samba/netlogon
	browseable  = yes
	writable    = yes
	guest ok    = no
	share modes = yes

[homes]
	path = /var/samba/homes
	browseable = yes
	writeable  = yes
	guest ok   = no

[profiles]
	path = /var/samba/profiles
	browseable = no
	writeable  = no
	guest ok   = no



== Log ==============

smb log for Resource Domain Controller
(/var/samba/log/smb.log.machine_no_3)
***********************************************************************
[YYYY/MM/DD 09:10:14, 5] rpc_parse/parse_prs.c:prs_ntstatus(665)
      0194 status      : NT_STATUS_OK
[YYYY/MM/DD 09:10:14, 5] rpc_server/srv_pipe.c:api_rpcTNP(1549)
  api_rpcTNP: called NETLOGON successfully
[YYYY/MM/DD 09:10:14, 10] rpc_server/srv_pipe.c:api_rpcTNP(1560)
  api_rpcTNP: rpc input buffer underflow (parse error?)
[YYYY/MM/DD 09:10:14, 5] rpc_parse/parse_prs.c:prs_uint8s(722)
  0172 : 00 00 8a e3 13 71 02 f4 36 71 02 40 28 00 44 06 0e 00 60 cb 60 0d
[YYYY/MM/DD 09:10:14, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544)
  free_pipe_context: destroying talloc pool of size 4906
[YYYY/MM/DD 09:10:14, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(880)
  write_to_pipe: data_used = 432
[YYYY/MM/DD 09:10:14, 3] smbd/pipes.c:reply_pipe_write_and_X(199)
  writeX-IPC pnum=7778 nwritten=448


smb log for Resource Domain Controller
(/var/samba/log/smb.log.machine_no_3)
***********************************************************************
[YYYY/MM/DD 09:10:13, 5] passdb/secrets.c:secrets_fetch_trusted_domain_password
(299)
  secrets_fetch failed!
[YYYY/MM/DD 09:10:13, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
  pop_sec_ctx (999, 514) - sec_ctx_stack_ndx = 0
[YYYY/MM/DD 09:10:13, 10] lib/gencache.c:gencache_get(286)
  Cache entry with key = TDOM/Account_Domain couldn't be found
[YYYY/MM/DD 09:10:13, 5] libsmb/trustdom_cache.c:trustdom_cache_fetch(172)
  no entry for trusted domain Account_Domain found.
[YYYY/MM/DD 09:10:13, 5] auth/auth_util.c:make_user_info(132)
  attempting to make a user_info for Domain_User (Domain_User)
[YYYY/MM/DD 09:10:13, 5] auth/auth_util.c:make_user_info(142)
  making strings for Domain_User's user_info struct
[YYYY/MM/DD 09:10:13, 5] auth/auth_util.c:make_user_info(184)
  making blobs for Domain_User's user_info struct


=== Questions ===========

 Q1) It there any possibility that the error log above could be the 
     cause of the problem which I have described ? I would like to 
     know whether the error log relates to my problem or not.
 Q2) Is there any reported bugs that might be causing the problem 
     which I have described ? 
     (Is there any possible bug causing a problem accessing file 
      server from windows client machine ?)
 Q3) Although I tried to explain the problem in detail but the description 
     above could be vague and is not so specific. 
     Is there anything I can do to provide more valuable 
     information to make this problem more specific and accurate ? 
     (Is there anything I can do to break down this problem ?)
 Q4) What do these error log messages below mean and how do they possibly 
     occur ?
     Error message 1 - api_rpcTNP: rpc input buffer underflow (parse 
                       error?)
     Error message 2 - secrets_fetch failed!
     Error message 3 - no entry for trusted domain Account_Domain found.

Any advice or comment will be appreciated.

More information about the samba mailing list