[Samba] samba domain controller

Rodney Richison rodney at rcrcomputing.com
Tue May 23 22:03:25 GMT 2006


I tried to post this in the debian group, but my mail never appeared there..

Am attempting to do a test install of samba as a primary domain
controller. I can see the shares and navigate them.
However, when I attempt to join the domain, WinXP says "username could
not be found".
I have a root user with a password. I can see it's shares as well if I
use the root name and password.
So the problem appears to be ONLY when I try to join. I'll post some
logs for /var/logs/samba/log.0.0.0.0 as they may be a hint.


[2006/05/23 09:56:15, 0] lib/util_sock.c:get_peer_addr(1150)
  getpeername failed. Error was Transport endpoint is not connected
[2006/05/23 09:56:15, 0] lib/access.c:check_access(328)
[2006/05/23 09:56:15, 0] lib/util_sock.c:get_peer_addr(1150)
  getpeername failed. Error was Transport endpoint is not connected
  Denied connection from  (0.0.0.0)
[2006/05/23 09:56:15, 1] smbd/process.c:process_smb(1084)
[2006/05/23 09:56:15, 0] lib/util_sock.c:get_peer_addr(1150)
  getpeername failed. Error was Transport endpoint is not connected
  Connection denied from 0.0.0.0
[2006/05/23 09:56:15, 0] lib/util_sock.c:write_socket_data(430)
  write_socket_data: write failure. Error = Connection reset by peer
[2006/05/23 09:56:15, 0] lib/util_sock.c:write_socket(455)
  write_socket: Error writing 5 bytes to socket 27: ERRNO = Connection
reset by peer
[2006/05/23 09:56:15, 0] lib/util_sock.c:send_smb(647)
  Error writing 5 bytes to client. -1. (Connection reset by peer)
r writing 5 bytes to client. -1. (Connection reset by peer)
[2006/05/23 09:56:15, 0] lib/util_sock.c:send_smb(647)
  Error writing 5 bytes to client. -1. (Connection reset by peer)
r writing 5 bytes to client. -1. (Connection reset by peer)

Below is my smb.conf file.

[global]
# the domain name
workgroup = pdc
smb passwd file = /etc/samba/smbpasswd

# the server's name
netbios name = file-server

# comment describing what the machine is
server string = the file server

# workstations will set their time by this server
time server = yes

# security and logging settings
security = user ; this must be 'user' on a PDC
# allow connections only from the local machine and the 10.0.0.* address
range:
# (you'll want to change this if your network uses a different
addressing range)
hosts allow = 127.0.0.1 192.168.1.
# don't allow connections from any other IP address ranges than defined
by 'hosts allow':
hosts deny 0.0.0.0/0
# only allow connections from ethernet cards and the loopback address:
interfaces = eth* lo
bind interfaces only = yes

# for Windows 2000 encrypted passwords
encrypt passwords = yes

# provide logon scripts, home directories etc aswell as authentication
domain logons = yes

log file = /var/log/samba/log.%m
# log level = 2

# put a capping on the size (in kB) of the log file
max log size = 50

# PDC and master browser settings
os level = 64 ; ensure this machine consulted 1st regarding current
browse list
preferred master = yes
local master = yes
domain master = yes ; This is the Primary Domain Controller

# automatedly add a Linux and Samba machine account
add user script = /usr/sbin/useradd -d /dev/null -g machines -s
/bin/false -M %u


# user profiles and home directory
# the local path to which the home ([HOMES]) directory will be connected
logon drive = H:

# where 'profiles' = [profiles] further on
logon path = \\%L\profiles\%U

logon script = netlogon.bat ; logon script, location defined in [NETLOGON]

# define user mappings between this system and Windows systems.
# without this you get asked for a password even if none is required
# username map = /etc/samba/users.map
# but if you've created SMB users on here you don't need it

# fine-tuning Samba for increased speed on Linux systems
# SO_KEEPALIVE - sends a probe every 4 hours to check that a connection
is still active. if the connection does not respond, it is closed
# TCP_NODELAY -
# IPTOS_LOWDELAY -
# SO_SNDBUF=14596 - 14596 is roughly the best in most ciscumstances, it
may be able to be tuned better for your system
# SO_RCVBUF=14596 - same reason as above
socket options = TCP_NODELAY, IPTOS_LOWDELAY, SO_KEEPALIVE,
SO_SNDBUF=14596, SO_RCVBUF=14596

# keep the case when saving; when looking for a file
# matching is done without regard to case, as expected by Windows
preserve case = yes
short preserve case = yes
case sensitive = no

# check every 30 seconds to see if client has disconnected
# I've used 30 so that the Samba server can be restarted and
# maybe the connections won't be lost
keep alive = 30

#sync Unix passwords from Windows workstations using PAM
unix password sync = yes
pam password change = yes

# printing
printing = BSD
print command = /usr/bin/lpr -r %s
min print space = 2000

# --- shares ---

[printers]
# (picks up all printers specified in /etc/printcap)

# tell Samba its a printer share, not a disk share
printable = yes

# printer = lp
read only = yes
guest ok = yes

[profiles]
comment = users' profile directories
path = /home/samba/profiles
read only = no
browseable = no
create mask = 0600 ; rwx-xxx-xxx only the user can read/write files
directory mask = 0700 ; rwx-xxx-xxx directories must be executable if
they are to be navigated

# [root]
# for administration purposes
# path = /
# browseable = yes
# browseable was no
# writeable = yes
# valid users = @admins

[homes]
# 'logon drive' won't work without this section
# if you want to set the home directory somewhere other than the Unix home:
# path =
volume = HOME
comment = home directories
read only = no
# don't display a 'homes' share as well as the '%U' share
browseable = no
public = no
create mode = 0750

[programs]
# map P: to this. use it to install programs to
# and to point programs to that don't like using UNC
comment = installed programs
path = /usr/windows
read only = yes
write list = @admins
browseable = yes

[shared]
comment = shared space for everyone
path = /home/bank/shared
read only = no
browseable = yes

# match Unix permissions set on files
force create mode = 0660

# match Unix permissions set on the directory
force directory mode = 3770

[cdrom]
comment = Server's CD-ROM
path = /cdrom
read only = yes
# speed up file access as this is a read-only file system
locking = no

[NETLOGON]
# required for Windows authentication

comment = The domain logon service
path = /home/netlogon
read only = yes
# 'read only' can be changed to 'no' whilst you edit this file
# but revert back to 'yes' for normal secure operation
browseable = no
write list = @admins









More information about the samba mailing list