[Samba] Win2k clients won't rejoin Samba PDC domain, "Remote Procedure Call Failed"?

wally wally.hall at gmail.com
Thu Apr 27 21:21:28 GMT 2006 

Hey everyone, firstly thanks for your time, I've spent hours, a lot
straight days too, for the last couple of weeks trying to solve this
issue.  The only thing (afai can see) I've got left is asking the
experts and formatting all the machines and starting over, the latter
of which I'm not interesting in doing because it doesn't solve the
issue (well it might make the problem go away, but I won't know what it
was, and I don't consider that a solution).  So thanks for reading
this, even if you've just got a "no idea I'm afraid, but I would
suggest the following obvious things..." that'd be so appriciated.
I've gotten to the point where I'm getting so frustrated and impatient
I'm forgetting what I have / havn't tried already, so a fresh run would
be great : )

So, here we go.  I've setup a PDC for a small network.  I'm running
Samba 3.0.14a-2 on FC5, with 256mb of RAM and other working hardware.
I mean to say, I'm fairly certain its something I've misconfigured, not
a hardware fault.  I've also upgraded Samba twice (while moving from
FC4 to 5, and once again recently), neither of which solved the issue.

So my smb.conf looks like this:

// SOF

# Global parameters
[global]
       workgroup = PLFCDOMAIN
       server string = Fedora Linux running Samba 3.0.14a-2
       passwd program = /usr/bin/passwd %U
       passwd chat = *New*UNIX*password* %n\n
*Retype*new*UNIX*password* %n\n $        unix password sync = Yes
       log level = 2
       acl compatibility = win2k
       socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
       add machine script = /usr/sbin/adduser -d / -g 600 -M -s
/sbin/nologin $        logon script = %U.BAT
       logon path = \\%N\profiles\%U
       logon drive = Z:
       domain logons = Yes
       os level = 33
       preferred master = Yes
       domain master = Yes
       wins support = Yes
#       remote announce = 192.168.0.255/FILESERVER
       profile acls = Yes

[netlogon]
       path = /var/lib/samba/netlogon
       read only = No
       guest ok = Yes

[profiles]
       comment = Profiles share
       path = /home/
       read only = No
       create mask = 0751
       directory mask = 0751
       map system = Yes
       map hidden = Yes

// EOF

(I've got some other shares too, if anybody is interested in seeing
those I'll post them up too, otherwise I'll save the bytes in this
message for now.)

When I first set it up, I had it running with a Windows 2000 client (no
SP patches applied) in the domain, and everyone could log on and off as
they liked.  Everything was fine.  Then I joined another 2000 machine
(for which I used the add machine script) which worked really neatly,
and still everything worked fine.  Then I added an XP machine, which
also joined perfectly happily.

This is the point from which things must have gone wrong.

I then applied SP4 to the FIRST of the two Windows 2000 machines.  I
mucked about a bit with poledit to make a NTLogon.pol for the NTLOGON
share, which worked like a dream.  I'd had a few users loging on and
off of all the machines fine, all the shares worked as I wanted,
everything seemed quite happy.

Then I had a problem with a user not being able to write to a given
share.  Turns out adding "profile acls = yes" to the Samba config fixed
this (I found that out on the net), but before I discovered that I
paniced and tried REMOVING the win2k machine from the domain, and
readding it, which FAILED.  The message I received was "remote
procedure call failed".  Ever since, I've not been able to join
machines to the domain (I always get that error).

Checking the Samba logs, nothing screams out at me.  Ocassionally I get
an "INVALID PIPE <xyz>" (log level 3), but that isn't persistant
(infact so little that I can't even find one to paste here right now).
It also seems that I have to reboot the win2k machine to get it to try
joining the domain again properly, if  that's of any relevance.

I've followed the Samba HOWTO doc as best I can several times over,
I've tried adding the machines by hand using "# smbpasswd -am plfc-01"
(that being the name of one of the win2k machines) and that doesn't
work, I've tried with and without the add machine script, both without
it completely and with manually adding the UNIX user, I've really tried
everything I can think of and then some, but I can't get it to join.
This applies to ALL win2k machines (I've only got one XP one available,
which I daren't disjoin the domain with incase it never goes back on
because everyone uses it), I've tried several win2k machines which have
never been on the network (fresh installs of 2k, even they won't touch
it.

The only thing (may be irrelevant, but my understanding of SMB and
Samba is pretty limited), the smbpasswd file has very different entries
for each of the computers:

(this is the XP machine which is already added)
generaloffice1$:507:XXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXX:6623130B73710E84C2E897469708630A:[W
        ]:LCT-443B967D:

(this is the win2k machine which is also already added)
plfc-03$:505:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:7A43E23FE67585145CD2F799BE224F21:[UW
       ]:LCT-443B8092:

(this is the win2k machine that I disconnected and tried to reconnect)
plfc-06$:520:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[DW
       ]:LCT-00000000:


(this is a new win2k machine that I've tried to add today)
plfc-02$:522:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[DW
       ]:LCT-00000000:


I've read loads on the net about Samba 2 having serious windows 2000
issues, but not much about Samba 3, if anyone has *any* idea what my
problem might be, even if you don't have a clue and just have some
suggestions or want to know what my smbpasswd file looks like or
whatever, please, I'd really appriciate hearing from you all!

Thanks,

Matthew Hall

More information about the samba mailing list