[Samba] internal error occurs while domain users try to access file
servers
Shunichi Ikuta
sikuta2 at yahoo.co.jp
Thu Apr 22 12:07:58 GMT 2004
Hello experts,
I have installed Samba3.0.1 for "Account Domain Controller(PDC)" and
openLDAP2.2.6 for backend database which stores user accounts.
There is Windows2000 Server for "Resource Domain controller" that
has a trust relationship with Samba "Account Domain Controller".
WINS service is running on "Resource Domain Controller" Windows2000
Server machine as well. A file server (Windows2000 Server) is prepared
and its machine account is registered to "Resource Domain Controller".
The problem I have is
"domain users are not able to access the file server machine(Windows
2000 Server)".
This file server is NOT Samba, it is Windows 2000 Server.
Below is the description of the Samba + LDAP environment.
== Operation System(OS) and installed software description ===
Machine No 1.
OS: Redhat Linux 9
Software: Samba3.0.1
Use: Samba PDC Account Domain Controller
Machine No 2.
OS: Solaris 8
Software: OpenLDAP2.2.6
Use: user and machine account directory server
Machine No 3.
OS: Windows 2000 Server
Use: Resource Domain Controller
Machine No 4.
OS: Windows 2000 Server
Use: Resource Domain Controller & WINS Server
Machine No 5.
OS: Windows 2000 Server
Use: File Server
Machine No 6.
OS: Windows 2000 Pro
Use: Client machine for domain users
== Windows Domain Model description =====
1. The model is "Single Master Domain Model"
2. "Resource Domain" trusts "Account Domain"
(Established a trust relationship)
3. Machine accounts for file server(Machine No 5)
and client(Machine No 6) are registered to "Resource
Domain"
4. A "Domain User" is registered to "Account Domain Controller"
== Other information ====================
1. The value of "Primary WINS server" for all the machines is
set to Machine No 4. The value of the attribute, "wins server"
in smb.conf for Samba is also set to Machine No 4.
== Problem description =================
The problem, which I have with above environment, is that an error
occurs when domain users try to access file server machine.
Because of that error, domain users are not able to access to
file server.
Following is the procedure for reproducing the problem.
Step 1. Log on a "Domain User" to "Account Domain(Samba PDC)"
using the client machine(Machine No 6)
Step 2. Open "Explorer". Go to "My Network Places" ->
"Entire Network" -> "Microsoft Windows Network" ->
"Resource Domain".
Step 3. You will see the file server machine icon(Machine
No 5). Double click the icon to browse its shared
directories and files.
Stop 4. Problem occurs! Unable to access the file server
(Machine No 5) and an error dialog pops up. The
message of the error dialog was
"Unable to access machine No 5.
Windows 2000 Internal Error has Occurred"
The problem occurs irregularly which makes me difficult to
determine the cause of the problem.
== Samba Configuration - smb.conf
(Some parameters cannot be displayed) ======
# Samba config file created using SWAT
# from 172.XXX.XXX.XXX.
# Date: YYYY/MM/DD hh:mm:ss
# Global parameters
[global]
security = user
encrypt passwords = Yes
dos charset = UTF8
display charset = UTF8
workgroup = (TEST DOMAIN NAME)
passdb backend = ldapsam:"ldap://(LDAP SERVER)" smbpasswd
ldap passwd sync = Yes
ldap ssl = start tls
log level = 100
log file = /var/samba/log/smb.log.%m
logon path =
logon home =
os level = 32
domain logons = Yes
domain master = Yes
preferred master = Yes
local master = Yes
wins support = no
wins server = 172.XXX.XXX.XXX # IPAddress for WINS Server
ldap suffix = dc=XXX,dc=XXX
ldap machine suffix = ou=People
ldap user suffix = ou=People
ldap group suffix = ou=Group
ldap admin dn = cn=Manager,dc=XXX,dc=XXX
browseable = no
writeable = no
guest account = guest
deadtime = 15
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
lm announce = Yes
[share]
path = /var/samba/share
browseable = yes
writeable = yes
guest ok = no
[netlogon]
path = /var/samba/netlogon
browseable = yes
writable = yes
guest ok = no
share modes = yes
[homes]
path = /var/samba/homes
browseable = yes
writeable = yes
guest ok = no
[profiles]
path = /var/samba/profiles
browseable = no
writeable = no
guest ok = no
== Log ==============
smb log for Resource Domain Controller
(/var/samba/log/smb.log.machine_no_3)
***********************************************************************
[YYYY/MM/DD 09:10:14, 5] rpc_parse/parse_prs.c:prs_ntstatus(665)
0194 status : NT_STATUS_OK
[YYYY/MM/DD 09:10:14, 5] rpc_server/srv_pipe.c:api_rpcTNP(1549)
api_rpcTNP: called NETLOGON successfully
[YYYY/MM/DD 09:10:14, 10] rpc_server/srv_pipe.c:api_rpcTNP(1560)
api_rpcTNP: rpc input buffer underflow (parse error?)
[YYYY/MM/DD 09:10:14, 5] rpc_parse/parse_prs.c:prs_uint8s(722)
0172 : 00 00 8a e3 13 71 02 f4 36 71 02 40 28 00 44 06 0e 00 60 cb 60 0d
[YYYY/MM/DD 09:10:14, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544)
free_pipe_context: destroying talloc pool of size 4906
[YYYY/MM/DD 09:10:14, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(880)
write_to_pipe: data_used = 432
[YYYY/MM/DD 09:10:14, 3] smbd/pipes.c:reply_pipe_write_and_X(199)
writeX-IPC pnum=7778 nwritten=448
smb log for Resource Domain Controller
(/var/samba/log/smb.log.machine_no_3)
***********************************************************************
[YYYY/MM/DD 09:10:13, 5] passdb/secrets.c:secrets_fetch_trusted_domain_password
(299)
secrets_fetch failed!
[YYYY/MM/DD 09:10:13, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (999, 514) - sec_ctx_stack_ndx = 0
[YYYY/MM/DD 09:10:13, 10] lib/gencache.c:gencache_get(286)
Cache entry with key = TDOM/Account_Domain couldn't be found
[YYYY/MM/DD 09:10:13, 5] libsmb/trustdom_cache.c:trustdom_cache_fetch(172)
no entry for trusted domain Account_Domain found.
[YYYY/MM/DD 09:10:13, 5] auth/auth_util.c:make_user_info(132)
attempting to make a user_info for Domain_User (Domain_User)
[YYYY/MM/DD 09:10:13, 5] auth/auth_util.c:make_user_info(142)
making strings for Domain_User's user_info struct
[YYYY/MM/DD 09:10:13, 5] auth/auth_util.c:make_user_info(184)
making blobs for Domain_User's user_info struct
=== Questions ===========
Q1) It there any possibility that the error log above could be the
cause of the problem which I have described ? I would like to
know whether the error log relates to my problem or not.
Q2) Is there any reported bugs that might be causing the problem
which I have described ?
(Is there any possible bug causing a problem accessing file
server from windows client machine ?)
Q3) Although I tried to explain the problem in detail but the description
above could be vague and is not so specific.
Is there anything I can do to provide more valuable
information to make this problem more specific and accurate ?
(Is there anything I can do to break down this problem ?)
Q4) What do these error log messages below mean and how do they possibly
occur ?
Error message 1 - api_rpcTNP: rpc input buffer underflow (parse
error?)
Error message 2 - secrets_fetch failed!
Error message 3 - no entry for trusted domain Account_Domain found.
Any advice or comment will be appreciated.
More information about the samba
mailing list