[Samba] Win2k clients won't rejoin Samba PDC domain,
"Remote Procedure Call Failed"?
wally
wally.hall at gmail.com
Fri Apr 28 16:17:15 GMT 2006
Thanks everyone for the suggestions, unfortunally nothing has made any
difference. I've checked the registery of the machines for
"requiresignorseal" (Bill), which was already set as 0, I've tried
disjoining the machines to another workgroup, deleting the local profile
caches and rejoining (Rune), but unfortunally neither has made any
difference at all.
I checked my logs and found an example of the INVALID PIPE errors:
[2006/04/28 17:20:30, 2] smbd/sesssetup.c:setup_new_vc_session(608)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all
old resources.
[2006/04/28 17:20:30, 2] auth/auth.c:check_ntlm_password(305)
check_ntlm_password: authentication for user [root] -> [root] -> [root]
succeeded
[2006/04/28 17:20:30, 2] lib/access.c:check_access(324)
Allowed connection from (192.168.3.105)
[2006/04/28 17:20:30, 1] smbd/ipc.c:api_fd_reply(290)
api_fd_reply: INVALID PIPE HANDLE: 73f3
That's the kind of thing I'm talking about. Unless a samba dever beats me
to it (oh the sublty of that :D) I'm gunna crack open the samba source
listings and see what this api_fd_reply relates to more specifically, see if
that sheds any clues. I'm starting to be really convinced now that this is
a samba / configuration problem rather than the client machines themselves
as nothing I try on (both SP4 patched and unpatched) 2k machines makes no
difference, even though they were joining happily when I started.
Frustrating, but there can only be so many things it can be! Failing all,
next week I'm going to whaxor on Debian (which doesn't use SELinux, on the
theory that it could be *anything* causing the problem) and start crying...
:-)
Thanks everyone for the help, it is appriciated, and maybe even if it hasn't
helped me, it might someone else.
Cheers again,
Matthew Hall
On 4/28/06, Rune Tønnesen <rune.tonnesen at bordings-friskole.dk> wrote:
>
> wally skrev:
> > Thanks! I'm off to bed right now, so I'll give that a go first thing
> > tomorrow and see what happens. When you say remove all the old user
> > profiles, what specifically am I looking at removing? Is this
> > something local to the client (the contents of Documents and Settings)
> > or the NTUSER.DAT (or w/e it's called!) on the fileserver?
> >
> > Thanks again,
> >
> > Matthew
> >
> > On 4/27/06, *Rune Tønnesen* < rune.tonnesen at bordings-friskole.dk
> > <mailto:rune.tonnesen at bordings-friskole.dk>> wrote:
> >
> > wally skrev:
> > > Hey everyone, firstly thanks for your time, I've spent hours, a
> lot
> > > straight days too, for the last couple of weeks trying to solve
> this
> > > issue. The only thing (afai can see) I've got left is asking the
> > > experts and formatting all the machines and starting over, the
> > latter
> > > of which I'm not interesting in doing because it doesn't solve the
> > > issue (well it might make the problem go away, but I won't know
> > what it
> > > was, and I don't consider that a solution). So thanks for reading
> > > this, even if you've just got a "no idea I'm afraid, but I would
> > > suggest the following obvious things..." that'd be so appriciated.
> > > I've gotten to the point where I'm getting so frustrated and
> > impatient
> > > I'm forgetting what I have / havn't tried already, so a fresh
> > run would
> > > be great : )
> > >
> > > So, here we go. I've setup a PDC for a small network. I'm
> running
> > > Samba 3.0.14a-2 on FC5, with 256mb of RAM and other working
> > hardware.
> > > I mean to say, I'm fairly certain its something I've
> > misconfigured, not
> > > a hardware fault. I've also upgraded Samba twice (while moving
> from
> > > FC4 to 5, and once again recently), neither of which solved the
> > issue.
> > >
> > > So my smb.conf looks like this:
> > >
> > > // SOF
> > >
> > > # Global parameters
> > > [global]
> > > workgroup = PLFCDOMAIN
> > > server string = Fedora Linux running Samba 3.0.14a-2
> > > passwd program = /usr/bin/passwd %U
> > > passwd chat = *New*UNIX*password* %n\n
> > > *Retype*new*UNIX*password* %n\n $ unix password sync = Yes
> > > log level = 2
> > > acl compatibility = win2k
> > > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> > > add machine script = /usr/sbin/adduser -d / -g 600 -M -s
> > > /sbin/nologin $ logon script = %U.BAT
> > > logon path = \\%N\profiles\%U
> > > logon drive = Z:
> > > domain logons = Yes
> > > os level = 33
> > > preferred master = Yes
> > > domain master = Yes
> > > wins support = Yes
> > > # remote announce = 192.168.0.255/FILESERVER
> > <http://192.168.0.255/FILESERVER>
> > > profile acls = Yes
> > >
> > > [netlogon]
> > > path = /var/lib/samba/netlogon
> > > read only = No
> > > guest ok = Yes
> > >
> > > [profiles]
> > > comment = Profiles share
> > > path = /home/
> > > read only = No
> > > create mask = 0751
> > > directory mask = 0751
> > > map system = Yes
> > > map hidden = Yes
> > >
> > > // EOF
> > >
> > > (I've got some other shares too, if anybody is interested in
> seeing
> > > those I'll post them up too, otherwise I'll save the bytes in this
> > > message for now.)
> > >
> > > When I first set it up, I had it running with a Windows 2000
> > client (no
> > > SP patches applied) in the domain, and everyone could log on and
> > off as
> > > they liked. Everything was fine. Then I joined another 2000
> > machine
> > > (for which I used the add machine script) which worked really
> > neatly,
> > > and still everything worked fine. Then I added an XP machine,
> which
> > > also joined perfectly happily.
> > >
> > > This is the point from which things must have gone wrong.
> > >
> > > I then applied SP4 to the FIRST of the two Windows 2000
> machines. I
> > > mucked about a bit with poledit to make a NTLogon.pol for the
> > NTLOGON
> > > share, which worked like a dream. I'd had a few users loging on
> > and
> > > off of all the machines fine, all the shares worked as I wanted,
> > > everything seemed quite happy.
> > >
> > > Then I had a problem with a user not being able to write to a
> given
> > > share. Turns out adding "profile acls = yes" to the Samba
> > config fixed
> > > this (I found that out on the net), but before I discovered that I
> > > paniced and tried REMOVING the win2k machine from the domain, and
> > > readding it, which FAILED. The message I received was "remote
> > > procedure call failed". Ever since, I've not been able to join
> > > machines to the domain (I always get that error).
> > >
> > > Checking the Samba logs, nothing screams out at
> > me. Ocassionally I get
> > > an "INVALID PIPE <xyz>" (log level 3), but that isn't persistant
> > > (infact so little that I can't even find one to paste here right
> > now).
> > > It also seems that I have to reboot the win2k machine to get it
> > to try
> > > joining the domain again properly, if that's of any relevance.
> > >
> > > I've followed the Samba HOWTO doc as best I can several times
> over,
> > > I've tried adding the machines by hand using "# smbpasswd -am
> > plfc-01"
> > > (that being the name of one of the win2k machines) and that
> doesn't
> > > work, I've tried with and without the add machine script, both
> > without
> > > it completely and with manually adding the UNIX user, I've
> > really tried
> > > everything I can think of and then some, but I can't get it to
> join.
> > > This applies to ALL win2k machines (I've only got one XP one
> > available,
> > > which I daren't disjoin the domain with incase it never goes
> > back on
> > > because everyone uses it), I've tried several win2k machines
> > which have
> > > never been on the network (fresh installs of 2k, even they won't
> > touch
> > > it.
> > >
> > > The only thing (may be irrelevant, but my understanding of SMB and
> > > Samba is pretty limited), the smbpasswd file has very different
> > entries
> > > for each of the computers:
> > >
> > > (this is the XP machine which is already added)
> > > generaloffice1$:507:XXXXXXXXXX
> > > XXXXXXXXXXXXXXXXXXXXXX:6623130B73710E84C2E897469708630A:[W
> > > ]:LCT-443B967D:
> > >
> > > (this is the win2k machine which is also already added)
> > >
> >
> plfc-03$:505:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:7A43E23FE67585145CD2F799BE224F21:[UW
> >
> > > ]:LCT-443B8092:
> > >
> > > (this is the win2k machine that I disconnected and tried to
> > reconnect)
> > >
> >
> plfc-06$:520:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[DW
> > > ]:LCT-00000000:
> > >
> > >
> > > (this is a new win2k machine that I've tried to add today)
> > >
> >
> plfc-02$:522:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[DW
> > > ]:LCT-00000000:
> > >
> > >
> > > I've read loads on the net about Samba 2 having serious windows
> 2000
> > > issues, but not much about Samba 3, if anyone has *any* idea what
> my
> > > problem might be, even if you don't have a clue and just have some
> > > suggestions or want to know what my smbpasswd file looks like or
> > > whatever, please, I'd really appriciate hearing from you all!
> > >
> > > Thanks,
> > >
> > > Matthew Hall
> > >
> > Hi Matthew
> >
> > Rejoining machines to a domain can be tricky at best. I've had the
> > same
> > problem so here is my solution based on trial an error.
> >
> > 1. the disjoined machine should joined to a workgroup with
> another
> > name e.g. workgroup
> > 2. reboot the now totally disjoined machine. This way it should
> > drop
> > all connections to your domainserver
> > 3. rejoin the disjoined machine
> > 4. login as root and remove all old user profiles.
> >
> > Now it should work.
> >
> > --
> > Venlig Hilsen (Best Regards)
> > Rune Tønnesen
> >
> >
> >
> >
> > --
> > visit www.soggysoftware.co.uk <http://www.soggysoftware.co.uk>
> > pgp available at www.soggysoftware.co.uk/pgp
> > <http://www.soggysoftware.co.uk/pgp>
> Hi Matthew
>
> just remove user profiles except administrator, all users, and default
> user from
> Documents and Settings
>
> --
> Venlig Hilsen (Best Regards)
> Rune Tønnesen
>
>
--
visit www.soggysoftware.co.uk
pgp available at www.soggysoftware.co.uk/pgp
More information about the samba
mailing list