[Samba] authentication problems after upgrade to samba 3.0.7-2.FC1

Craig White craigwhite at azapple.com
Wed Sep 15 04:07:47 GMT 2004 

On Tue, 2004-09-14 at 18:39, fsb wrote:
> good evening all,
> 
> i upgraded my last samba 2.2.7a (dog2) this afternoon and
> have run into
> problems.
> 
> first, the setup:
> windows 2000 clients
> three sites on three seperate subnets connected by t1
> through routers.  each
> site has a samba server that authenticates the users on its
> subnet.  the
> workgroup name for each server is dognet.  /etc/passwd,
> /etc/group, and
> smbpasswd are synced up manually.  users map drives to
> shares on all servers
> by logon script.  all servers are samba version 3.0.7-2.FC1
> on Fedora Core
> 1.
> 
> dog1 authenticates users on 192.168.1.0.  he is also the
> domain master.
> dog1 is also the wins server for dognet.
> from smb.conf of dog1:
> workgroup=dognet
>  netbios name=dog1
> security=user
> domain logons=yes
> os level=65
> preferred master=true
> domain master=true
> wins support=yes
> 
> dog2 authenticates users on 192.168.2.0.  he is a local
> master for
> 192.168.2.0.
> from smb.conf of dog2:
> workgroup=dognet
>  netbios name=dog2
> security=user
> domain logons=yes
> os level=65
> preferred master=true
> local master=true
> wins server=192.168.1.10
> 
> dog3 authenticates users on 192.168.3.0.  he is a local
> master for
> 192.168.3.0.
> from smb.conf of dog2:
> workgroup=dognet
>  netbios name=dog2
> security=user
> domain logons=yes
> os level=65
> preferred master=true
> local master=true
> wins server=192.168.1.10
> 
> dog1 and dog3 work as expected.  after upgrading dog2, i
> cannot authenticate
> clients on 192.168.2.0 to dog2.  The message on the client
> is:  The system
> cannot log you on because the domain DOGNET is not
> available.  dog2 is not
> available via network neighborhood, but i can ssh, ping,
> etc... into him.
> 
> in /var/log/samba/nmbd.log of dog2, i get the following
> messages when i
> restart smb:
> 
> add_domain_logon_names:  attempting to become logon server
> for workgroup
> DOGNET on subnet 192.168.2.10
> 
> add_domain_logon_names:  attempting to become logon server
> for workgroup
> DOGNET on unicast_subnet
> 
> become_logon_server_success:  samba is now a logon server
> for workgroup
> DOGNET on subnet unicast_subnet
> 
> become_logon_server_success:  samba is now a logon server
> for workgroup
> DOGNET on subnet 192.168.2.10
> 
> register_name_response:  WINS server at 192.168.1.10
> rejected our name
> registration of DOG2<20> IP 192.168.2.10 with error code 5.
> 
> my_name_register_failed:  Failed to register my name
> DOG2<20> on subnet
> unicast_subnet.
> 
> standard_fail_register:  Failed to register/refresh name
> DOG2<20> on subnet
> unicast_subnet
> 
> register_name_response:  WINS server at 192.168.1.10
> rejected our name
> registration of DOG2<03> IP 192.168.2.10 with error code 5.
> 
> my_name_register_failed:  Failed to register/refresh name
> DOG2<03> on subnet
> unicast_subnet
> 
> standard_fail_register:  Failed to register/refresh name
> DOG2<03> on subnet
> unicast_subnet
> 
> register_name_response:  WINS server at 192.168.1.10
> rejected our name
> registration of DOG2<00> IP 192.168.2.10 with error code 5.
> 
> my_name_register_failed:  Failed to register my name
> DOG2<00> on subnet
> unicast_subnet.
> 
> standard_fail_register:  Failed to register/refresh name
> DOG2<00> on subnet
> unicast_subnet
> 
> Samba name server DOG2 is now a local master browser for
> workgroup dognet on
> subnet 192.168.2.10
> 
> i do not get these messages when i restart smb on dog3.  the
> two prior
> upgrades (dog1 and dog3) went smoothly.
> 
> does anybody have any ideas where i can get dog2 up by 8:00
> tomorrow morning
> (local time is 20:30)?
----
firewall?

check wins.dat on dog1

cat /var/cache/samba/wins.dat #or wherever it may be located...

see if dog3 registers itself successfully. Is it possible that the
router connections between the subnet 192.168.3 and 192.168.1 have
different parameters than the subnet 192.168.2 and 192.168.1?

I'm not sure that I would have 3 different machines listed as 'preferred
master = yes' for the same domain - that doesn't seem to be playing by
the rules (multiple PDC).

Craig

More information about the samba mailing list