[Samba] "Windows cannot obtain the domain controller name foryour computer network" error on XP Pro SP2 clients for Samba 3.0.23dPDC

stephen mulcahy smulcahy at aplpi.com
Mon Feb 12 13:10:33 GMT 2007


Hi,

In effort to resolve the 1054 errors on the XP client, I tried to create
a new test domain on a separate server and join one of the XP clients to
that.

The joining process went smoothly (with one caveat below) but I notice
the same event is logged in the new domain. I notice that is it
preceeded by an AutoEnrollment error with event id 15 which is discussed
here - http://lists.linux.org.au/archives/lias/2002-November/msg00033.html

Is it possible that this is connected to my errors? Did I miss some
documentation in the Samba HOWTO relating to my XP client setup?

On a related note, when I restarted the XP client for the first time
after joining the new test domain, it displayed a dialog on the login
screen saying "Please wait while the domain list is created" which
stayed there for a few minutes. Is that normal or is it indicative of a
problem?

Finally, whats the most current recommended documentation for
configuring Samba with a tdbsam backend as a PDC? I'm wondering if
further reading of some fine manual may help me in my quest.

Thanks,

-stephen

stephen mulcahy wrote:
> Hi Paul,
> 
> Thanks for your reply. I tried adding the following to lmhosts as suggested,
> 
> 10.1.2.3 duck	#PRE #DOM:APLPI
> 
> and rebooted but I'm still seeing the same error (should I disable the
> WINS server I have enabled in samba to correctly verify this?). I would
> note that on the client if I type 'net view \\duck' this consistently
> works suggesting that name resolution is working (but is there a better
> way of testing name resolution in a samba environment?)
> 
> I restarted samba with some additional logging and noted 2 things
> 
> 1. Samba creates a log-file for the client with the ip address first and
> then subsequently creates a log-file with the client name. Is this
> normal or indicative of a problem?
> 
> 2. I can clearly see the client successfully opening the NTConfig.POL
> file (and the logon.cmd file) indicating that the client has connected
> to and downloaded the policy file .. so the nature of the Event 1054
> error is unclear to me ..
> 
> [2007/02/08 14:35:20, 2] smbd/reply.c:reply_tcon_and_X(711)
>   Serving IPC$ as a Dfs root
> [2007/02/08 14:35:22, 2] smbd/reply.c:reply_tcon_and_X(711)
>   Serving IPC$ as a Dfs root
> [2007/02/08 14:35:22, 2] auth/auth.c:check_ntlm_password(309)
>   check_ntlm_password:  authentication for user [smulcahy] -> [smulcahy]
> -> [smulcahy] succeeded
> [2007/02/08 14:35:22, 2] smbd/reply.c:reply_tcon_and_X(711)
>   Serving IPC$ as a Dfs root
> [2007/02/08 14:35:22, 2] auth/auth.c:check_ntlm_password(309)
>   check_ntlm_password:  authentication for user [smulcahy] -> [smulcahy]
> -> [smulcahy] succeeded
> [2007/02/08 14:35:22, 1] smbd/service.c:make_connection_snum(950)
>   puck (10.7.44.30) connect to service netlogon initially as user
> smulcahy (uid=1000, gid=1000) (pid 29041)
> [2007/02/08 14:35:22, 2] smbd/reply.c:reply_tcon_and_X(711)
>   Serving netlogon as a Dfs root
> [2007/02/08 14:35:22, 2] smbd/open.c:open_file(352)
>   smulcahy opened file NTConfig.POL read=Yes write=No (numopen=1)
> [2007/02/08 14:35:22, 2] smbd/close.c:close_normal_file(344)
>   smulcahy closed file NTConfig.POL (numopen=0)
> [2007/02/08 14:35:22, 1] smbd/service.c:make_connection_snum(950)
>   puck (10.7.44.30) connect to service smulcahy initially as user
> smulcahy (uid=1000, gid=1000) (pid 29041)
> [2007/02/08 14:35:22, 2] smbd/reply.c:reply_tcon_and_X(711)
>   Serving smulcahy as a Dfs root
> [2007/02/08 14:35:23, 2] smbd/open.c:open_file(352)
>   smulcahy opened file logon.cmd read=Yes write=No (numopen=1)
> [2007/02/08 14:35:23, 2] smbd/open.c:open_file(352)
>   smulcahy opened file logon.cmd read=Yes write=No (numopen=2)
> 
> Not sure if that is any help in the grand scheme of things but I'm
> running out of ideas on how to resolve this.
> 
> Is it possible that something is being cached somewhere? I've tried
> removing the machine from the domain (deleting the tdbsam entry with
> pdbedit -x and the password entry for the machine) rejoining the client
> to the domain in the hope that it might reset something but to no effect
> -- are there additional steps I should perform to ensure there are no
> traces of the client/domain membership remaining on either the client or
> samba?
> 
> Thanks,
> 
> -stephen
> 
> 
> Paul McGrath wrote:
>> It could be a name resolving issue.  Try creating a lmhosts file in the
>> etc folder using the examples listed in the file. Copy lmhosts.sam
>> lmhosts then edit the lmhosts file (it doesn't have an extension).
>> 111.111.111.1	dc-server	#PRE #DOM:mydomain
>>
>> Then reboot.
>>
>> If you don't have a WINS server and you havent entered this into your
>> client then your best bet is to use the lmhosts file.  Also helps if
>> your clients are on different subnets.
>> Regards
>> Paul
>>
>>> -----Original Message-----
>>> From: stephen mulcahy [mailto:smulcahy at aplpi.com] 
>>> Sent: Thursday 08 February 2007 10:29
>>> To: samba at lists.samba.org
>>> Subject: Re: [Samba] "Windows cannot obtain the domain 
>>> controller name foryour computer network" error on XP Pro SP2 
>>> clients for Samba 3.0.23dPDC
>>>
>>> Hi,
>>>
>>> Further debugging of this - I see that the logon.cmd is 
>>> successfully executed by the Windows XP client even as it 
>>> logs the 1054 Event -- the logon.cmd simply mounts some shares.
>>>
>>> Looking at the samba logs (default log level) I can't see any errors.
>>>
>>> Is this some browsing issue? Or a problem with name 
>>> resolution? Any suggestions on tools to diagnose this further 
>>> would be appreciated.
>>>
>>> Thanks,
>>>
>>> -stephen
>>>
>>> stephen mulcahy wrote:
>>>> Hi,
>>>>
>>>> I've recently reinstalled our Samba server with a view to 
>>> getting it 
>>>> working as a PDC using the tdbsam backend. I've 
>>> successfully connected 
>>>> a number of XP Pro SP2 clients to the domain and can login 
>>> ok, but I'm 
>>>> have problems getting the clients to read/apply an 
>>> NTConfig.POL file I 
>>>> created following the instructions at 
>>>> http://www.pcc-services.com/custom_poledit.html
>>>>
>>>> I'm seeing the following error logged in the event log on 
>>> the XP Pro 
>>>> SP2 clients,
>>>>
>>>> Event ID: 1054
>>>> Source: Userenv
>>>> Type: Error
>>>> Description: Windows cannot obtain the domain controller 
>>> name for your 
>>>> computer network. (The specified domain either does not 
>>> exist or exist 
>>>> or could not be contacted). Group Policy processing aborted. Data:
>>>> (unavailable)
>>>>
>>>> Some Googling turns up the following
>>>>
>>>> http://support.microsoft.com/kb/840669
>>>>
>>>> and various other postings on this on the net. In response to those 
>>>> I've tried various combinations of the following,
>>>>
>>>> 1. Change from using DHCP to static IP on client.
>>>> 2. Applied various registry hacks including turning DHCP 
>>> media sensing off.
>>>> 3. Disabled various network card options such as media sensing.
>>>> 4. Forced the card to 100Mbps/full duplex (rather than auto).
>>>> 5. Upgraded to the latest network card drivers.
>>>> 6. Downgraded to older network card drivers.
>>>>
>>>> I'm getting the same error message on 3 XP Pro SP2 clients which I 
>>>> test this on, all of which have gigabit broadcom cards (various 
>>>> different chipsets). The knowledge base article suggests this is a 
>>>> problem which occurs with gigabit cards .. short of trying 
>>> adding new 
>>>> network cards to the systems (some of which are laptops) - 
>>> does anyone 
>>>> have any suggestions on what I could try? I assumes others are 
>>>> successfully running with a similar config or are PDCs with tdbsam 
>>>> rare (or is that totally unrelated to the problems I'm 
>>> experiencing).
>>>> I've also tried using a Samba PDC config from the HOWTO 
>>> rather than my 
>>>> own hand-crafted one (see below for both).
>>>>
>>>> Samba version is 3.0.23d running on  2.6.17-2-686 Debian 
>>> etch on Dell 
>>>> Poweredge 1600sc with an Intel Corporation 82540EM Gigabit Ethernet 
>>>> Controller (rev 02).
>>>>
>>>> I have a djbdns dhcp server on the network serving which references 
>>>> the samba server as a wins server.
>>>>
>>>> Thanks,
>>>>
>>>> -stephen
>>>>
>>>> Original PDC config
>>>>
>>>> [global]
>>>>    workgroup = XXXXX
>>>>    netbios name = XXXX
>>>>    server string = %h server (Samba %v)
>>>>    log file = /var/log/samba/log.%m
>>>>    max log size = 1000
>>>>    syslog = 0
>>>>    panic action = /usr/share/samba/panic-action %d
>>>>    security = user
>>>>    encrypt passwords = true
>>>>    passdb backend = tdbsam
>>>>    obey pam restrictions = yes
>>>>    guest account = nobody
>>>>    unix password sync = yes
>>>>    passwd program = /usr/bin/passwd %u
>>>>    pam password change = yes
>>>>    domain logons = yes
>>>>    os level = 40
>>>>    logon path = \\%L\profiles\%U
>>>>    logon drive = U:
>>>>    logon home = \\%L\%U
>>>>    logon script = logon.cmd
>>>>    add machine script =  /usr/sbin/useradd -d 
>>> /var/lib/nobody -g 1015 
>>>> -s /bin/false  %u
>>>>    load printers = yes
>>>>    printing = cups
>>>>    printcap name = cups
>>>>    socket options = TCP_NODELAY
>>>>    domain master = yes
>>>>    preferred master = yes
>>>>    wins support = yes
>>>>    idmap uid = 10000-20000
>>>>    idmap gid = 10000-20000
>>>>    template shell = /bin/bash
>>>>    smb ports = 445
>>>>
>>>> [homes]
>>>>    comment = Home Directories
>>>>    browseable = no
>>>>    writable = yes
>>>>    create mask = 0700
>>>>    directory mask = 0700
>>>>    hide files = /desktop.ini/ntuser.ini/NTUSER.*/RECYCLER/
>>>>
>>>> [printers]
>>>>    comment = All Printers
>>>>    browseable = no
>>>>    path = /var/spool/samba
>>>>    printable = yes
>>>>    public = no
>>>>    writable = no
>>>>    create mode = 0700
>>>>
>>>>
>>>> # Windows clients look for this share name as a source of 
>>> downloadable 
>>>> # printer drivers [print$]
>>>>    comment = Printer Drivers
>>>>    path = /var/lib/samba/printers
>>>>    write list = root, @ntadmin
>>>>    printer admin = root, @ntadmin
>>>>
>>>> [netlogon]
>>>>    comment = Network Logon Service
>>>>    path = /var/lib/samba/netlogon
>>>>    guest ok = yes
>>>>    writable = no
>>>>    share modes = no
>>>>
>>>> # For profiles to work, create a user directory under the path # 
>>>> shown. i.e., mkdir -p /var/lib/samba/profiles/maryo [profiles]
>>>>    comment = Roaming Profile Share
>>>>    path = /var/lib/samba/profiles
>>>>    read only = No
>>>>    profile acls = Yes
>>>>
>>>>
>>>> PDC config from HOWTO
>>>>
>>>> [global]
>>>> workgroup = XXXX
>>>> netbios name = XXXX
>>>> passdb backend = tdbsam
>>>> printcap name = cups
>>>> add user script = /usr/sbin/useradd -m %u delete user script = 
>>>> /usr/sbin/userdel -r %u add group script = /usr/sbin/groupadd %g 
>>>> delete group script = /usr/sbin/groupdel %g add user to 
>>> group script = 
>>>> /usr/sbin/groupmod -A %u %g delete user from group script = 
>>>> /usr/sbin/groupmod -R %u %g add machine script = 
>>> /usr/sbin/useradd -s 
>>>> /bin/false -d /var/lib/nobody %u # Note: The following 
>>> specifies the 
>>>> default logon script.
>>>> # Per user logon scripts can be specified in the user account using 
>>>> pdbedit logon script = scripts\logon.bat # This sets the default 
>>>> profile path. Set per user paths with pdbedit logon path = 
>>>> \\%L\Profiles\%U logon drive = H:
>>>> logon home = \\%L\%U
>>>> domain logons = Yes
>>>> os level = 35
>>>> preferred master = Yes
>>>> domain master = Yes
>>>> idmap uid = 15000-20000
>>>> idmap gid = 15000-20000
>>>> printing = cups
>>>> wins support = yes
>>>>
>>>> [homes]
>>>> comment = Home Directories
>>>> valid users = %S
>>>> read only = No
>>>> browseable = No
>>>>
>>>> # Printing auto-share (makes printers available thru CUPS) 
>>> [printers] 
>>>> comment = All Printers path = /var/spool/samba printer admin = root 
>>>> create mask = 0600 guest ok = Yes printable = Yes browseable = No
>>>>
>>>> [print$]
>>>> comment = Printer Drivers Share
>>>> path = /var/lib/samba/drivers
>>>> write list = root
>>>> printer admin = root
>>>>
>>>> # Needed to support domain logons
>>>> [netlogon]
>>>> comment = Network Logon Service
>>>> path = /var/lib/samba/netlogon
>>>> admin users = root
>>>> guest ok = Yes
>>>> browseable = No
>>>>
>>>> # For profiles to work, create a user directory under the path # 
>>>> shown. i.e., mkdir -p /var/lib/samba/profiles/maryo 
>>> [Profiles] comment 
>>>> = Roaming Profile Share path = /var/lib/samba/profiles read 
>>> only = No 
>>>> profile acls = Yes
>>>>
>>>>
>>>>
>>> -- 
>>> Stephen Mulcahy, Applepie Solutions Ltd, Innovation in 
>>> Business Center,
>>>    GMIT, Dublin Rd, Galway, Ireland.      mailto:smulcahy at aplpi.com
>>>   mobile:+353.87.2930252  office:+353.91.751262  http://www.aplpi.com
>>>
>>>
> 

-- 
Stephen Mulcahy, Applepie Solutions Ltd, Innovation in Business Center,
   GMIT, Dublin Rd, Galway, Ireland.      mailto:smulcahy at aplpi.com
  mobile:+353.87.2930252  office:+353.91.751262  http://www.aplpi.com


More information about the samba mailing list