[Samba] Sudden domain login problems from XP-pro sp2 clients, Please help!

henry info at intellitree.com
Wed Jan 19 16:33:59 GMT 2005


I am running Samba 3.0.7 on Gentoo Linux. The server is configured for 
domain logins and roaming profiles, and there are about 40 Windows XP 
Pro SP2 clients that login to the domain. This has been setup and 
working perfectly since October, until this morning. Now, anytime a 
client tries to login, they get this error:

"windows cannot connect to the domain, either because the domain 
controller is down or otherwise unavailable, or because your computer 
account was not found. Please try again later. If this message continues 
to appear, contact your system administrator for assistance."

Samba is running fine, and if I login with a local account, I can pull 
up the server via \\servername, can authenticate, and can access the 
shares. It is logging in that fails.

Looking at the Event viewer on the client machines I see this following 
error:

"This computer could not authenticate with \\servername, a Windows 
domain controller for domain DOMAIN, and therefore this computer might 
deny logon requests. This inability to authenticate might be caused by 
another computer on the same network using the same name or the password 
for this computer account is not recognized. If this message appears 
again, contact your system administrator."

There are a few SP1 machines still on the network, these do not have 
this problem, so it does seem to be a SP2/Samba issue, but all these SP2 
machines had no problem yesterday!

I have been seraching the net all morning. Here are some things I have 
tried:

1. Edited the local security policy and setting Security settings -> 
Local Policies -> Security options -> "Domain member: Digitally encrypt 
or sign secure channel data (always)" to "Disabled

2. Verifiying signorseal reg patch is installed

3. Tried leaving and rejoining the domain. When I do this, I am able to 
rejoin fine, it says "Welcome to the <domain> domain." Upon reboot, the 
message becomes "The system cannot log you on because the domain 
<DOMAIN> is not available"

4. Checking the error logs and turning the log level up first to 3 then 
to 5. Can't see any messages that indicate what is wrong. I did see this 
error: "lib/util_sock.c:get_peer_addr(1000)
   getpeername failed. Error was Transport endpoint is not connected"
Opon searches of that error, I have tried blocking port 445 (forcing to 
use only 139) with iptables which has no effect.

5. Deleted /var/cache/samba and restarted to samba to recreate it.

6. Rebooted the server.

7. Setup clients to use WINS.


Nothing seems to be working, does anyone know what is going on? This is 
  huge problem here, no one can login and access their profiles, and so 
they can't get to their e-mail, their files, etc etc etc and I am 
majorly stressing out here. Any help will be ever so greatly appricated.

Thanks in advance,
Henry


More information about the samba mailing list