[Samba] Sudden domain login problems from XP-pro sp2 clients,
info at intellitree.com
Wed Jan 19 16:33:59 GMT 2005
I am running Samba 3.0.7 on Gentoo Linux. The server is configured for
domain logins and roaming profiles, and there are about 40 Windows XP
Pro SP2 clients that login to the domain. This has been setup and
working perfectly since October, until this morning. Now, anytime a
client tries to login, they get this error:
"windows cannot connect to the domain, either because the domain
controller is down or otherwise unavailable, or because your computer
account was not found. Please try again later. If this message continues
to appear, contact your system administrator for assistance."
Samba is running fine, and if I login with a local account, I can pull
up the server via \\servername, can authenticate, and can access the
shares. It is logging in that fails.
Looking at the Event viewer on the client machines I see this following
"This computer could not authenticate with \\servername, a Windows
domain controller for domain DOMAIN, and therefore this computer might
deny logon requests. This inability to authenticate might be caused by
another computer on the same network using the same name or the password
for this computer account is not recognized. If this message appears
again, contact your system administrator."
There are a few SP1 machines still on the network, these do not have
this problem, so it does seem to be a SP2/Samba issue, but all these SP2
machines had no problem yesterday!
I have been seraching the net all morning. Here are some things I have
1. Edited the local security policy and setting Security settings ->
Local Policies -> Security options -> "Domain member: Digitally encrypt
or sign secure channel data (always)" to "Disabled
2. Verifiying signorseal reg patch is installed
3. Tried leaving and rejoining the domain. When I do this, I am able to
rejoin fine, it says "Welcome to the <domain> domain." Upon reboot, the
message becomes "The system cannot log you on because the domain
<DOMAIN> is not available"
4. Checking the error logs and turning the log level up first to 3 then
to 5. Can't see any messages that indicate what is wrong. I did see this
getpeername failed. Error was Transport endpoint is not connected"
Opon searches of that error, I have tried blocking port 445 (forcing to
use only 139) with iptables which has no effect.
5. Deleted /var/cache/samba and restarted to samba to recreate it.
6. Rebooted the server.
7. Setup clients to use WINS.
Nothing seems to be working, does anyone know what is going on? This is
huge problem here, no one can login and access their profiles, and so
they can't get to their e-mail, their files, etc etc etc and I am
majorly stressing out here. Any help will be ever so greatly appricated.
Thanks in advance,
More information about the samba