[Samba] Win2k clients won't rejoin Samba PDC domain, "Remote Procedure Call Failed"?

Rune Tønnesen rune.tonnesen at bordings-friskole.dk
Thu Apr 27 21:58:33 GMT 2006 

wally skrev:
> Hey everyone, firstly thanks for your time, I've spent hours, a lot
> straight days too, for the last couple of weeks trying to solve this
> issue.  The only thing (afai can see) I've got left is asking the
> experts and formatting all the machines and starting over, the latter
> of which I'm not interesting in doing because it doesn't solve the
> issue (well it might make the problem go away, but I won't know what it
> was, and I don't consider that a solution).  So thanks for reading
> this, even if you've just got a "no idea I'm afraid, but I would
> suggest the following obvious things..." that'd be so appriciated.
> I've gotten to the point where I'm getting so frustrated and impatient
> I'm forgetting what I have / havn't tried already, so a fresh run would
> be great : )
>
> So, here we go.  I've setup a PDC for a small network.  I'm running
> Samba 3.0.14a-2 on FC5, with 256mb of RAM and other working hardware.
> I mean to say, I'm fairly certain its something I've misconfigured, not
> a hardware fault.  I've also upgraded Samba twice (while moving from
> FC4 to 5, and once again recently), neither of which solved the issue.
>
> So my smb.conf looks like this:
>
> // SOF
>
> # Global parameters
> [global]
>        workgroup = PLFCDOMAIN
>        server string = Fedora Linux running Samba 3.0.14a-2
>        passwd program = /usr/bin/passwd %U
>        passwd chat = *New*UNIX*password* %n\n
> *Retype*new*UNIX*password* %n\n $        unix password sync = Yes
>        log level = 2
>        acl compatibility = win2k
>        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>        add machine script = /usr/sbin/adduser -d / -g 600 -M -s
> /sbin/nologin $        logon script = %U.BAT
>        logon path = \\%N\profiles\%U
>        logon drive = Z:
>        domain logons = Yes
>        os level = 33
>        preferred master = Yes
>        domain master = Yes
>        wins support = Yes
> #       remote announce = 192.168.0.255/FILESERVER
>        profile acls = Yes
>
> [netlogon]
>        path = /var/lib/samba/netlogon
>        read only = No
>        guest ok = Yes
>
> [profiles]
>        comment = Profiles share
>        path = /home/
>        read only = No
>        create mask = 0751
>        directory mask = 0751
>        map system = Yes
>        map hidden = Yes
>
> // EOF
>
> (I've got some other shares too, if anybody is interested in seeing
> those I'll post them up too, otherwise I'll save the bytes in this
> message for now.)
>
> When I first set it up, I had it running with a Windows 2000 client (no
> SP patches applied) in the domain, and everyone could log on and off as
> they liked.  Everything was fine.  Then I joined another 2000 machine
> (for which I used the add machine script) which worked really neatly,
> and still everything worked fine.  Then I added an XP machine, which
> also joined perfectly happily.
>
> This is the point from which things must have gone wrong.
>
> I then applied SP4 to the FIRST of the two Windows 2000 machines.  I
> mucked about a bit with poledit to make a NTLogon.pol for the NTLOGON
> share, which worked like a dream.  I'd had a few users loging on and
> off of all the machines fine, all the shares worked as I wanted,
> everything seemed quite happy.
>
> Then I had a problem with a user not being able to write to a given
> share.  Turns out adding "profile acls = yes" to the Samba config fixed
> this (I found that out on the net), but before I discovered that I
> paniced and tried REMOVING the win2k machine from the domain, and
> readding it, which FAILED.  The message I received was "remote
> procedure call failed".  Ever since, I've not been able to join
> machines to the domain (I always get that error).
>
> Checking the Samba logs, nothing screams out at me.  Ocassionally I get
> an "INVALID PIPE <xyz>" (log level 3), but that isn't persistant
> (infact so little that I can't even find one to paste here right now).
> It also seems that I have to reboot the win2k machine to get it to try
> joining the domain again properly, if  that's of any relevance.
>
> I've followed the Samba HOWTO doc as best I can several times over,
> I've tried adding the machines by hand using "# smbpasswd -am plfc-01"
> (that being the name of one of the win2k machines) and that doesn't
> work, I've tried with and without the add machine script, both without
> it completely and with manually adding the UNIX user, I've really tried
> everything I can think of and then some, but I can't get it to join.
> This applies to ALL win2k machines (I've only got one XP one available,
> which I daren't disjoin the domain with incase it never goes back on
> because everyone uses it), I've tried several win2k machines which have
> never been on the network (fresh installs of 2k, even they won't touch
> it.
>
> The only thing (may be irrelevant, but my understanding of SMB and
> Samba is pretty limited), the smbpasswd file has very different entries
> for each of the computers:
>
> (this is the XP machine which is already added)
> generaloffice1$:507:XXXXXXXXXX
> XXXXXXXXXXXXXXXXXXXXXX:6623130B73710E84C2E897469708630A:[W
>         ]:LCT-443B967D:
>
> (this is the win2k machine which is also already added)
> plfc-03$:505:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:7A43E23FE67585145CD2F799BE224F21:[UW
>        ]:LCT-443B8092:
>
> (this is the win2k machine that I disconnected and tried to reconnect)
> plfc-06$:520:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[DW
>        ]:LCT-00000000:
>
>
> (this is a new win2k machine that I've tried to add today)
> plfc-02$:522:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[DW
>        ]:LCT-00000000:
>
>
> I've read loads on the net about Samba 2 having serious windows 2000
> issues, but not much about Samba 3, if anyone has *any* idea what my
> problem might be, even if you don't have a clue and just have some
> suggestions or want to know what my smbpasswd file looks like or
> whatever, please, I'd really appriciate hearing from you all!
>
> Thanks,
>
> Matthew Hall
>   
Hi Matthew

Rejoining machines to a domain can be tricky at best. I've had the same 
problem so here is my solution based on trial an error.

   1. the disjoined machine should joined to a workgroup with another
      name e.g. workgroup
   2. reboot the now totally disjoined machine. This way it should drop
      all connections to your domainserver
   3. rejoin the disjoined machine
   4. login as root and remove all old user profiles.

Now it should work.

-- 
Venlig Hilsen (Best Regards)
Rune Tønnesen

More information about the samba mailing list