[Samba] "Windows cannot obtain the domain controller name foryour
computer network" error on XP Pro SP2 clients for Samba 3.0.23dPDC
stephen mulcahy
smulcahy at aplpi.com
Thu Feb 8 15:01:16 GMT 2007
Hi Paul,
Thanks for your reply. I tried adding the following to lmhosts as suggested,
10.1.2.3 duck #PRE #DOM:APLPI
and rebooted but I'm still seeing the same error (should I disable the
WINS server I have enabled in samba to correctly verify this?). I would
note that on the client if I type 'net view \\duck' this consistently
works suggesting that name resolution is working (but is there a better
way of testing name resolution in a samba environment?)
I restarted samba with some additional logging and noted 2 things
1. Samba creates a log-file for the client with the ip address first and
then subsequently creates a log-file with the client name. Is this
normal or indicative of a problem?
2. I can clearly see the client successfully opening the NTConfig.POL
file (and the logon.cmd file) indicating that the client has connected
to and downloaded the policy file .. so the nature of the Event 1054
error is unclear to me ..
[2007/02/08 14:35:20, 2] smbd/reply.c:reply_tcon_and_X(711)
Serving IPC$ as a Dfs root
[2007/02/08 14:35:22, 2] smbd/reply.c:reply_tcon_and_X(711)
Serving IPC$ as a Dfs root
[2007/02/08 14:35:22, 2] auth/auth.c:check_ntlm_password(309)
check_ntlm_password: authentication for user [smulcahy] -> [smulcahy]
-> [smulcahy] succeeded
[2007/02/08 14:35:22, 2] smbd/reply.c:reply_tcon_and_X(711)
Serving IPC$ as a Dfs root
[2007/02/08 14:35:22, 2] auth/auth.c:check_ntlm_password(309)
check_ntlm_password: authentication for user [smulcahy] -> [smulcahy]
-> [smulcahy] succeeded
[2007/02/08 14:35:22, 1] smbd/service.c:make_connection_snum(950)
puck (10.7.44.30) connect to service netlogon initially as user
smulcahy (uid=1000, gid=1000) (pid 29041)
[2007/02/08 14:35:22, 2] smbd/reply.c:reply_tcon_and_X(711)
Serving netlogon as a Dfs root
[2007/02/08 14:35:22, 2] smbd/open.c:open_file(352)
smulcahy opened file NTConfig.POL read=Yes write=No (numopen=1)
[2007/02/08 14:35:22, 2] smbd/close.c:close_normal_file(344)
smulcahy closed file NTConfig.POL (numopen=0)
[2007/02/08 14:35:22, 1] smbd/service.c:make_connection_snum(950)
puck (10.7.44.30) connect to service smulcahy initially as user
smulcahy (uid=1000, gid=1000) (pid 29041)
[2007/02/08 14:35:22, 2] smbd/reply.c:reply_tcon_and_X(711)
Serving smulcahy as a Dfs root
[2007/02/08 14:35:23, 2] smbd/open.c:open_file(352)
smulcahy opened file logon.cmd read=Yes write=No (numopen=1)
[2007/02/08 14:35:23, 2] smbd/open.c:open_file(352)
smulcahy opened file logon.cmd read=Yes write=No (numopen=2)
Not sure if that is any help in the grand scheme of things but I'm
running out of ideas on how to resolve this.
Is it possible that something is being cached somewhere? I've tried
removing the machine from the domain (deleting the tdbsam entry with
pdbedit -x and the password entry for the machine) rejoining the client
to the domain in the hope that it might reset something but to no effect
-- are there additional steps I should perform to ensure there are no
traces of the client/domain membership remaining on either the client or
samba?
Thanks,
-stephen
Paul McGrath wrote:
> It could be a name resolving issue. Try creating a lmhosts file in the
> etc folder using the examples listed in the file. Copy lmhosts.sam
> lmhosts then edit the lmhosts file (it doesn't have an extension).
> 111.111.111.1 dc-server #PRE #DOM:mydomain
>
> Then reboot.
>
> If you don't have a WINS server and you havent entered this into your
> client then your best bet is to use the lmhosts file. Also helps if
> your clients are on different subnets.
> Regards
> Paul
>
>> -----Original Message-----
>> From: stephen mulcahy [mailto:smulcahy at aplpi.com]
>> Sent: Thursday 08 February 2007 10:29
>> To: samba at lists.samba.org
>> Subject: Re: [Samba] "Windows cannot obtain the domain
>> controller name foryour computer network" error on XP Pro SP2
>> clients for Samba 3.0.23dPDC
>>
>> Hi,
>>
>> Further debugging of this - I see that the logon.cmd is
>> successfully executed by the Windows XP client even as it
>> logs the 1054 Event -- the logon.cmd simply mounts some shares.
>>
>> Looking at the samba logs (default log level) I can't see any errors.
>>
>> Is this some browsing issue? Or a problem with name
>> resolution? Any suggestions on tools to diagnose this further
>> would be appreciated.
>>
>> Thanks,
>>
>> -stephen
>>
>> stephen mulcahy wrote:
>>> Hi,
>>>
>>> I've recently reinstalled our Samba server with a view to
>> getting it
>>> working as a PDC using the tdbsam backend. I've
>> successfully connected
>>> a number of XP Pro SP2 clients to the domain and can login
>> ok, but I'm
>>> have problems getting the clients to read/apply an
>> NTConfig.POL file I
>>> created following the instructions at
>>> http://www.pcc-services.com/custom_poledit.html
>>>
>>> I'm seeing the following error logged in the event log on
>> the XP Pro
>>> SP2 clients,
>>>
>>> Event ID: 1054
>>> Source: Userenv
>>> Type: Error
>>> Description: Windows cannot obtain the domain controller
>> name for your
>>> computer network. (The specified domain either does not
>> exist or exist
>>> or could not be contacted). Group Policy processing aborted. Data:
>>> (unavailable)
>>>
>>> Some Googling turns up the following
>>>
>>> http://support.microsoft.com/kb/840669
>>>
>>> and various other postings on this on the net. In response to those
>>> I've tried various combinations of the following,
>>>
>>> 1. Change from using DHCP to static IP on client.
>>> 2. Applied various registry hacks including turning DHCP
>> media sensing off.
>>> 3. Disabled various network card options such as media sensing.
>>> 4. Forced the card to 100Mbps/full duplex (rather than auto).
>>> 5. Upgraded to the latest network card drivers.
>>> 6. Downgraded to older network card drivers.
>>>
>>> I'm getting the same error message on 3 XP Pro SP2 clients which I
>>> test this on, all of which have gigabit broadcom cards (various
>>> different chipsets). The knowledge base article suggests this is a
>>> problem which occurs with gigabit cards .. short of trying
>> adding new
>>> network cards to the systems (some of which are laptops) -
>> does anyone
>>> have any suggestions on what I could try? I assumes others are
>>> successfully running with a similar config or are PDCs with tdbsam
>>> rare (or is that totally unrelated to the problems I'm
>> experiencing).
>>> I've also tried using a Samba PDC config from the HOWTO
>> rather than my
>>> own hand-crafted one (see below for both).
>>>
>>> Samba version is 3.0.23d running on 2.6.17-2-686 Debian
>> etch on Dell
>>> Poweredge 1600sc with an Intel Corporation 82540EM Gigabit Ethernet
>>> Controller (rev 02).
>>>
>>> I have a djbdns dhcp server on the network serving which references
>>> the samba server as a wins server.
>>>
>>> Thanks,
>>>
>>> -stephen
>>>
>>> Original PDC config
>>>
>>> [global]
>>> workgroup = XXXXX
>>> netbios name = XXXX
>>> server string = %h server (Samba %v)
>>> log file = /var/log/samba/log.%m
>>> max log size = 1000
>>> syslog = 0
>>> panic action = /usr/share/samba/panic-action %d
>>> security = user
>>> encrypt passwords = true
>>> passdb backend = tdbsam
>>> obey pam restrictions = yes
>>> guest account = nobody
>>> unix password sync = yes
>>> passwd program = /usr/bin/passwd %u
>>> pam password change = yes
>>> domain logons = yes
>>> os level = 40
>>> logon path = \\%L\profiles\%U
>>> logon drive = U:
>>> logon home = \\%L\%U
>>> logon script = logon.cmd
>>> add machine script = /usr/sbin/useradd -d
>> /var/lib/nobody -g 1015
>>> -s /bin/false %u
>>> load printers = yes
>>> printing = cups
>>> printcap name = cups
>>> socket options = TCP_NODELAY
>>> domain master = yes
>>> preferred master = yes
>>> wins support = yes
>>> idmap uid = 10000-20000
>>> idmap gid = 10000-20000
>>> template shell = /bin/bash
>>> smb ports = 445
>>>
>>> [homes]
>>> comment = Home Directories
>>> browseable = no
>>> writable = yes
>>> create mask = 0700
>>> directory mask = 0700
>>> hide files = /desktop.ini/ntuser.ini/NTUSER.*/RECYCLER/
>>>
>>> [printers]
>>> comment = All Printers
>>> browseable = no
>>> path = /var/spool/samba
>>> printable = yes
>>> public = no
>>> writable = no
>>> create mode = 0700
>>>
>>>
>>> # Windows clients look for this share name as a source of
>> downloadable
>>> # printer drivers [print$]
>>> comment = Printer Drivers
>>> path = /var/lib/samba/printers
>>> write list = root, @ntadmin
>>> printer admin = root, @ntadmin
>>>
>>> [netlogon]
>>> comment = Network Logon Service
>>> path = /var/lib/samba/netlogon
>>> guest ok = yes
>>> writable = no
>>> share modes = no
>>>
>>> # For profiles to work, create a user directory under the path #
>>> shown. i.e., mkdir -p /var/lib/samba/profiles/maryo [profiles]
>>> comment = Roaming Profile Share
>>> path = /var/lib/samba/profiles
>>> read only = No
>>> profile acls = Yes
>>>
>>>
>>> PDC config from HOWTO
>>>
>>> [global]
>>> workgroup = XXXX
>>> netbios name = XXXX
>>> passdb backend = tdbsam
>>> printcap name = cups
>>> add user script = /usr/sbin/useradd -m %u delete user script =
>>> /usr/sbin/userdel -r %u add group script = /usr/sbin/groupadd %g
>>> delete group script = /usr/sbin/groupdel %g add user to
>> group script =
>>> /usr/sbin/groupmod -A %u %g delete user from group script =
>>> /usr/sbin/groupmod -R %u %g add machine script =
>> /usr/sbin/useradd -s
>>> /bin/false -d /var/lib/nobody %u # Note: The following
>> specifies the
>>> default logon script.
>>> # Per user logon scripts can be specified in the user account using
>>> pdbedit logon script = scripts\logon.bat # This sets the default
>>> profile path. Set per user paths with pdbedit logon path =
>>> \\%L\Profiles\%U logon drive = H:
>>> logon home = \\%L\%U
>>> domain logons = Yes
>>> os level = 35
>>> preferred master = Yes
>>> domain master = Yes
>>> idmap uid = 15000-20000
>>> idmap gid = 15000-20000
>>> printing = cups
>>> wins support = yes
>>>
>>> [homes]
>>> comment = Home Directories
>>> valid users = %S
>>> read only = No
>>> browseable = No
>>>
>>> # Printing auto-share (makes printers available thru CUPS)
>> [printers]
>>> comment = All Printers path = /var/spool/samba printer admin = root
>>> create mask = 0600 guest ok = Yes printable = Yes browseable = No
>>>
>>> [print$]
>>> comment = Printer Drivers Share
>>> path = /var/lib/samba/drivers
>>> write list = root
>>> printer admin = root
>>>
>>> # Needed to support domain logons
>>> [netlogon]
>>> comment = Network Logon Service
>>> path = /var/lib/samba/netlogon
>>> admin users = root
>>> guest ok = Yes
>>> browseable = No
>>>
>>> # For profiles to work, create a user directory under the path #
>>> shown. i.e., mkdir -p /var/lib/samba/profiles/maryo
>> [Profiles] comment
>>> = Roaming Profile Share path = /var/lib/samba/profiles read
>> only = No
>>> profile acls = Yes
>>>
>>>
>>>
>> --
>> Stephen Mulcahy, Applepie Solutions Ltd, Innovation in
>> Business Center,
>> GMIT, Dublin Rd, Galway, Ireland. mailto:smulcahy at aplpi.com
>> mobile:+353.87.2930252 office:+353.91.751262 http://www.aplpi.com
>>
>>
--
Stephen Mulcahy, Applepie Solutions Ltd, Innovation in Business Center,
GMIT, Dublin Rd, Galway, Ireland. mailto:smulcahy at aplpi.com
mobile:+353.87.2930252 office:+353.91.751262 http://www.aplpi.com
More information about the samba
mailing list