[Samba] Browsing slow on samba server joined to Win2003 ADS: "Username DOMAIN\MACHINE$ is invalid on this sytem"

Stewart Loving-Gibbard sloving-gibbard at uswest.net
Sat Aug 20 18:30:09 GMT 2005 

Domain server: Windows 2003 Server SP1 ("Unagi")
Domain Name: SIMPLE.COM
Short Domain name: SEAWORLD
Server I'm having problems with: Samba 3.0.14a running on Debian (2.6 
kernel) ("Saba")
Client: Windows XP SP2 ("Pudge")

I've been struggling with slow browsing on a new Samba install for a 
week. I've re-installed Samba from the ground up several times, and now 
have a very minimal configuration that still shows extreme slowness 
browsing.

I just timed it -- it took me 75 seconds for the subfolder I wanted in 
the share MP3Library to finally open up.

Here's some log.smbd, at log level 1:

[2005/08/20 10:52:35, 0] smbd/server.c:main(798)
   smbd version 3.0.14a-Debian started.
   Copyright Andrew Tridgell and the Samba Team 1992-2004
[2005/08/20 10:52:35, 0] printing/pcap.c:pcap_cache_reload(149)
   Unable to open printcap file /etc/printcap for read!
[2005/08/20 10:52:35, 0] printing/pcap.c:pcap_cache_reload(149)
   Unable to open printcap file /etc/printcap for read!
[2005/08/20 10:52:36, 1] smbd/service.c:make_connection_snum(642)
   pudge (10.0.0.12) connect to service MP3Library initially as user 
stew (uid=1000, gid=1000) (pid 2304)
[2005/08/20 10:52:36, 1] smbd/sesssetup.c:reply_spnego_kerberos(250)
   Username SEAWORLD\PUDGE$ is invalid on this system
[2005/08/20 10:52:36, 1] smbd/sesssetup.c:reply_spnego_kerberos(250)
   Username SEAWORLD\PUDGE$ is invalid on this system
[2005/08/20 10:52:36, 1] smbd/sesssetup.c:reply_spnego_kerberos(250)
   Username SEAWORLD\PUDGE$ is invalid on this system
[2005/08/20 10:52:36, 1] smbd/sesssetup.c:reply_spnego_kerberos(250)
   Username SEAWORLD\PUDGE$ is invalid on this system

There are several hundred more of those "Username..is invalid on this 
system" messages.

If I map the drive directly like this:

C:\WINDOWS\system32>net use k: \\saba\MP3Library
The command completed successfully.

Browsing the k: drive is snappy. Same thing if I use the IP address of 
the server instead of the hostname.

I've been through Chapter 13 - Troubleshooting Techniques. Nearly all of 
it works as I'd expect, but there is one problem:

saba:/var/log/samba# smbclient -L unagi -N
Anonymous login successful
Domain=[SEAWORLD] OS=[Windows Server 2003 3790 Service Pack 1] 
Server=[Windows Server 2003 5.2]

         Sharename       Type      Comment
         ---------       ----      -------
Error returning browse list: NT_STATUS_ACCESS_DENIED
Anonymous login successful
Domain=[SEAWORLD] OS=[Windows Server 2003 3790 Service Pack 1] 
Server=[Windows Server 2003 5.2]

         Server               Comment
         ---------            -------
         PUDGE                Stew's Main Desktop
         SABA                 saba server (Samba 3.0.14a-Debian)
         UNAGI

         Workgroup            Master
         ---------            -------
         SEAWORLD             UNAGI


I don't know if that NT_STATUS_ACCESS_DENIED is significant, but I don't 
see it in the troubleshooting guide.

Here are some excerpts from smbd.log messages at log level 9 when the 
server is browsing slowly. If I haven't given enough detail here, I'm 
happy to email the whole thing, or post more.

[2005/08/20 11:18:21, 3] smbd/sesssetup.c:reply_spnego_kerberos(179)
   Ticket name is [PUDGE$@SIMPLE.COM]
[2005/08/20 11:18:21, 5] lib/username.c:Get_Pwnam(293)
   Finding user SEAWORLD\PUDGE$
[2005/08/20 11:18:21, 5] lib/username.c:Get_Pwnam_internals(223)
   Trying _Get_Pwnam(), username as lowercase is seaworld\pudge$
[2005/08/20 11:18:21, 5] lib/username.c:Get_Pwnam_internals(230)
   Trying _Get_Pwnam(), username as given is SEAWORLD\PUDGE$
[2005/08/20 11:18:21, 5] lib/username.c:Get_Pwnam_internals(247)
   Checking combinations of 0 uppercase letters in seaworld\pudge$
[2005/08/20 11:18:21, 5] lib/username.c:Get_Pwnam_internals(251)
   Get_Pwnam_internals didn't find user [SEAWORLD\PUDGE$]!
[2005/08/20 11:18:21, 5] lib/username.c:Get_Pwnam(293)
   Finding user PUDGE$
[2005/08/20 11:18:21, 5] lib/username.c:Get_Pwnam_internals(223)
   Trying _Get_Pwnam(), username as lowercase is pudge$
[2005/08/20 11:18:21, 5] lib/username.c:Get_Pwnam_internals(230)
   Trying _Get_Pwnam(), username as given is PUDGE$
[2005/08/20 11:18:21, 5] lib/username.c:Get_Pwnam_internals(247)
   Checking combinations of 0 uppercase letters in pudge$
[2005/08/20 11:18:21, 5] lib/username.c:Get_Pwnam_internals(251)
   Get_Pwnam_internals didn't find user [PUDGE$]!
[2005/08/20 11:18:21, 1] smbd/sesssetup.c:reply_spnego_kerberos(250)
   Username SEAWORLD\PUDGE$ is invalid on this system
[2005/08/20 11:18:21, 3] smbd/error.c:error_packet(105)
   error string = No such file or directory
[2005/08/20 11:18:21, 3] smbd/error.c:error_packet(129)
   error packet at smbd/sesssetup.c(255) cmd=115 (SMBsesssetupX) 
NT_STATUS_LOGON_FAILURE

--------------------------------------------------------------------
smb.conf:
--------------------------------------------------------------------

#======================= Global Settings =======================

[global]

## Browsing/Identification ###

# Change this to the workgroup/NT-domain name your Samba server will
    workgroup = seaworld
    realm = SIMPLE.COM
    security = ADS
    server string = %h server (Samba %v)
    encrypt passwords = true

[MP3Library]
     public = yes
     comment = MP3 Library
     write list = stew
     path = /home/big_areca_raid/MP3Library

----------------------------------------------------------------
kb5.conf:
-----------------------------------------------------------------

[libdefaults]
    default_realm = SIMPLE.COM

[realms]
     SIMPLE.COM = {
        kdc = unagi.simple.com
     }

[domain_realms]
       .kerberos.server = SIMPLE.COM


I have tried many things suggested online, but none seem like a perfect 
fit for my circumstances, and more importantly none of them seem to help.

I hope that is enough detail. All suggestions welcome!

More information about the samba mailing list