[Samba] "Windows cannot obtain the domain controller name foryour
computer network" error on XP Pro SP2 clients for Samba 3.0.23dPDC
stephen mulcahy
smulcahy at aplpi.com
Mon Feb 12 13:10:33 GMT 2007
Hi,
In effort to resolve the 1054 errors on the XP client, I tried to create
a new test domain on a separate server and join one of the XP clients to
that.
The joining process went smoothly (with one caveat below) but I notice
the same event is logged in the new domain. I notice that is it
preceeded by an AutoEnrollment error with event id 15 which is discussed
here - http://lists.linux.org.au/archives/lias/2002-November/msg00033.html
Is it possible that this is connected to my errors? Did I miss some
documentation in the Samba HOWTO relating to my XP client setup?
On a related note, when I restarted the XP client for the first time
after joining the new test domain, it displayed a dialog on the login
screen saying "Please wait while the domain list is created" which
stayed there for a few minutes. Is that normal or is it indicative of a
problem?
Finally, whats the most current recommended documentation for
configuring Samba with a tdbsam backend as a PDC? I'm wondering if
further reading of some fine manual may help me in my quest.
Thanks,
-stephen
stephen mulcahy wrote:
> Hi Paul,
>
> Thanks for your reply. I tried adding the following to lmhosts as suggested,
>
> 10.1.2.3 duck #PRE #DOM:APLPI
>
> and rebooted but I'm still seeing the same error (should I disable the
> WINS server I have enabled in samba to correctly verify this?). I would
> note that on the client if I type 'net view \\duck' this consistently
> works suggesting that name resolution is working (but is there a better
> way of testing name resolution in a samba environment?)
>
> I restarted samba with some additional logging and noted 2 things
>
> 1. Samba creates a log-file for the client with the ip address first and
> then subsequently creates a log-file with the client name. Is this
> normal or indicative of a problem?
>
> 2. I can clearly see the client successfully opening the NTConfig.POL
> file (and the logon.cmd file) indicating that the client has connected
> to and downloaded the policy file .. so the nature of the Event 1054
> error is unclear to me ..
>
> [2007/02/08 14:35:20, 2] smbd/reply.c:reply_tcon_and_X(711)
> Serving IPC$ as a Dfs root
> [2007/02/08 14:35:22, 2] smbd/reply.c:reply_tcon_and_X(711)
> Serving IPC$ as a Dfs root
> [2007/02/08 14:35:22, 2] auth/auth.c:check_ntlm_password(309)
> check_ntlm_password: authentication for user [smulcahy] -> [smulcahy]
> -> [smulcahy] succeeded
> [2007/02/08 14:35:22, 2] smbd/reply.c:reply_tcon_and_X(711)
> Serving IPC$ as a Dfs root
> [2007/02/08 14:35:22, 2] auth/auth.c:check_ntlm_password(309)
> check_ntlm_password: authentication for user [smulcahy] -> [smulcahy]
> -> [smulcahy] succeeded
> [2007/02/08 14:35:22, 1] smbd/service.c:make_connection_snum(950)
> puck (10.7.44.30) connect to service netlogon initially as user
> smulcahy (uid=1000, gid=1000) (pid 29041)
> [2007/02/08 14:35:22, 2] smbd/reply.c:reply_tcon_and_X(711)
> Serving netlogon as a Dfs root
> [2007/02/08 14:35:22, 2] smbd/open.c:open_file(352)
> smulcahy opened file NTConfig.POL read=Yes write=No (numopen=1)
> [2007/02/08 14:35:22, 2] smbd/close.c:close_normal_file(344)
> smulcahy closed file NTConfig.POL (numopen=0)
> [2007/02/08 14:35:22, 1] smbd/service.c:make_connection_snum(950)
> puck (10.7.44.30) connect to service smulcahy initially as user
> smulcahy (uid=1000, gid=1000) (pid 29041)
> [2007/02/08 14:35:22, 2] smbd/reply.c:reply_tcon_and_X(711)
> Serving smulcahy as a Dfs root
> [2007/02/08 14:35:23, 2] smbd/open.c:open_file(352)
> smulcahy opened file logon.cmd read=Yes write=No (numopen=1)
> [2007/02/08 14:35:23, 2] smbd/open.c:open_file(352)
> smulcahy opened file logon.cmd read=Yes write=No (numopen=2)
>
> Not sure if that is any help in the grand scheme of things but I'm
> running out of ideas on how to resolve this.
>
> Is it possible that something is being cached somewhere? I've tried
> removing the machine from the domain (deleting the tdbsam entry with
> pdbedit -x and the password entry for the machine) rejoining the client
> to the domain in the hope that it might reset something but to no effect
> -- are there additional steps I should perform to ensure there are no
> traces of the client/domain membership remaining on either the client or
> samba?
>
> Thanks,
>
> -stephen
>
>
> Paul McGrath wrote:
>> It could be a name resolving issue. Try creating a lmhosts file in the
>> etc folder using the examples listed in the file. Copy lmhosts.sam
>> lmhosts then edit the lmhosts file (it doesn't have an extension).
>> 111.111.111.1 dc-server #PRE #DOM:mydomain
>>
>> Then reboot.
>>
>> If you don't have a WINS server and you havent entered this into your
>> client then your best bet is to use the lmhosts file. Also helps if
>> your clients are on different subnets.
>> Regards
>> Paul
>>
>>> -----Original Message-----
>>> From: stephen mulcahy [mailto:smulcahy at aplpi.com]
>>> Sent: Thursday 08 February 2007 10:29
>>> To: samba at lists.samba.org
>>> Subject: Re: [Samba] "Windows cannot obtain the domain
>>> controller name foryour computer network" error on XP Pro SP2
>>> clients for Samba 3.0.23dPDC
>>>
>>> Hi,
>>>
>>> Further debugging of this - I see that the logon.cmd is
>>> successfully executed by the Windows XP client even as it
>>> logs the 1054 Event -- the logon.cmd simply mounts some shares.
>>>
>>> Looking at the samba logs (default log level) I can't see any errors.
>>>
>>> Is this some browsing issue? Or a problem with name
>>> resolution? Any suggestions on tools to diagnose this further
>>> would be appreciated.
>>>
>>> Thanks,
>>>
>>> -stephen
>>>
>>> stephen mulcahy wrote:
>>>> Hi,
>>>>
>>>> I've recently reinstalled our Samba server with a view to
>>> getting it
>>>> working as a PDC using the tdbsam backend. I've
>>> successfully connected
>>>> a number of XP Pro SP2 clients to the domain and can login
>>> ok, but I'm
>>>> have problems getting the clients to read/apply an
>>> NTConfig.POL file I
>>>> created following the instructions at
>>>> http://www.pcc-services.com/custom_poledit.html
>>>>
>>>> I'm seeing the following error logged in the event log on
>>> the XP Pro
>>>> SP2 clients,
>>>>
>>>> Event ID: 1054
>>>> Source: Userenv
>>>> Type: Error
>>>> Description: Windows cannot obtain the domain controller
>>> name for your
>>>> computer network. (The specified domain either does not
>>> exist or exist
>>>> or could not be contacted). Group Policy processing aborted. Data:
>>>> (unavailable)
>>>>
>>>> Some Googling turns up the following
>>>>
>>>> http://support.microsoft.com/kb/840669
>>>>
>>>> and various other postings on this on the net. In response to those
>>>> I've tried various combinations of the following,
>>>>
>>>> 1. Change from using DHCP to static IP on client.
>>>> 2. Applied various registry hacks including turning DHCP
>>> media sensing off.
>>>> 3. Disabled various network card options such as media sensing.
>>>> 4. Forced the card to 100Mbps/full duplex (rather than auto).
>>>> 5. Upgraded to the latest network card drivers.
>>>> 6. Downgraded to older network card drivers.
>>>>
>>>> I'm getting the same error message on 3 XP Pro SP2 clients which I
>>>> test this on, all of which have gigabit broadcom cards (various
>>>> different chipsets). The knowledge base article suggests this is a
>>>> problem which occurs with gigabit cards .. short of trying
>>> adding new
>>>> network cards to the systems (some of which are laptops) -
>>> does anyone
>>>> have any suggestions on what I could try? I assumes others are
>>>> successfully running with a similar config or are PDCs with tdbsam
>>>> rare (or is that totally unrelated to the problems I'm
>>> experiencing).
>>>> I've also tried using a Samba PDC config from the HOWTO
>>> rather than my
>>>> own hand-crafted one (see below for both).
>>>>
>>>> Samba version is 3.0.23d running on 2.6.17-2-686 Debian
>>> etch on Dell
>>>> Poweredge 1600sc with an Intel Corporation 82540EM Gigabit Ethernet
>>>> Controller (rev 02).
>>>>
>>>> I have a djbdns dhcp server on the network serving which references
>>>> the samba server as a wins server.
>>>>
>>>> Thanks,
>>>>
>>>> -stephen
>>>>
>>>> Original PDC config
>>>>
>>>> [global]
>>>> workgroup = XXXXX
>>>> netbios name = XXXX
>>>> server string = %h server (Samba %v)
>>>> log file = /var/log/samba/log.%m
>>>> max log size = 1000
>>>> syslog = 0
>>>> panic action = /usr/share/samba/panic-action %d
>>>> security = user
>>>> encrypt passwords = true
>>>> passdb backend = tdbsam
>>>> obey pam restrictions = yes
>>>> guest account = nobody
>>>> unix password sync = yes
>>>> passwd program = /usr/bin/passwd %u
>>>> pam password change = yes
>>>> domain logons = yes
>>>> os level = 40
>>>> logon path = \\%L\profiles\%U
>>>> logon drive = U:
>>>> logon home = \\%L\%U
>>>> logon script = logon.cmd
>>>> add machine script = /usr/sbin/useradd -d
>>> /var/lib/nobody -g 1015
>>>> -s /bin/false %u
>>>> load printers = yes
>>>> printing = cups
>>>> printcap name = cups
>>>> socket options = TCP_NODELAY
>>>> domain master = yes
>>>> preferred master = yes
>>>> wins support = yes
>>>> idmap uid = 10000-20000
>>>> idmap gid = 10000-20000
>>>> template shell = /bin/bash
>>>> smb ports = 445
>>>>
>>>> [homes]
>>>> comment = Home Directories
>>>> browseable = no
>>>> writable = yes
>>>> create mask = 0700
>>>> directory mask = 0700
>>>> hide files = /desktop.ini/ntuser.ini/NTUSER.*/RECYCLER/
>>>>
>>>> [printers]
>>>> comment = All Printers
>>>> browseable = no
>>>> path = /var/spool/samba
>>>> printable = yes
>>>> public = no
>>>> writable = no
>>>> create mode = 0700
>>>>
>>>>
>>>> # Windows clients look for this share name as a source of
>>> downloadable
>>>> # printer drivers [print$]
>>>> comment = Printer Drivers
>>>> path = /var/lib/samba/printers
>>>> write list = root, @ntadmin
>>>> printer admin = root, @ntadmin
>>>>
>>>> [netlogon]
>>>> comment = Network Logon Service
>>>> path = /var/lib/samba/netlogon
>>>> guest ok = yes
>>>> writable = no
>>>> share modes = no
>>>>
>>>> # For profiles to work, create a user directory under the path #
>>>> shown. i.e., mkdir -p /var/lib/samba/profiles/maryo [profiles]
>>>> comment = Roaming Profile Share
>>>> path = /var/lib/samba/profiles
>>>> read only = No
>>>> profile acls = Yes
>>>>
>>>>
>>>> PDC config from HOWTO
>>>>
>>>> [global]
>>>> workgroup = XXXX
>>>> netbios name = XXXX
>>>> passdb backend = tdbsam
>>>> printcap name = cups
>>>> add user script = /usr/sbin/useradd -m %u delete user script =
>>>> /usr/sbin/userdel -r %u add group script = /usr/sbin/groupadd %g
>>>> delete group script = /usr/sbin/groupdel %g add user to
>>> group script =
>>>> /usr/sbin/groupmod -A %u %g delete user from group script =
>>>> /usr/sbin/groupmod -R %u %g add machine script =
>>> /usr/sbin/useradd -s
>>>> /bin/false -d /var/lib/nobody %u # Note: The following
>>> specifies the
>>>> default logon script.
>>>> # Per user logon scripts can be specified in the user account using
>>>> pdbedit logon script = scripts\logon.bat # This sets the default
>>>> profile path. Set per user paths with pdbedit logon path =
>>>> \\%L\Profiles\%U logon drive = H:
>>>> logon home = \\%L\%U
>>>> domain logons = Yes
>>>> os level = 35
>>>> preferred master = Yes
>>>> domain master = Yes
>>>> idmap uid = 15000-20000
>>>> idmap gid = 15000-20000
>>>> printing = cups
>>>> wins support = yes
>>>>
>>>> [homes]
>>>> comment = Home Directories
>>>> valid users = %S
>>>> read only = No
>>>> browseable = No
>>>>
>>>> # Printing auto-share (makes printers available thru CUPS)
>>> [printers]
>>>> comment = All Printers path = /var/spool/samba printer admin = root
>>>> create mask = 0600 guest ok = Yes printable = Yes browseable = No
>>>>
>>>> [print$]
>>>> comment = Printer Drivers Share
>>>> path = /var/lib/samba/drivers
>>>> write list = root
>>>> printer admin = root
>>>>
>>>> # Needed to support domain logons
>>>> [netlogon]
>>>> comment = Network Logon Service
>>>> path = /var/lib/samba/netlogon
>>>> admin users = root
>>>> guest ok = Yes
>>>> browseable = No
>>>>
>>>> # For profiles to work, create a user directory under the path #
>>>> shown. i.e., mkdir -p /var/lib/samba/profiles/maryo
>>> [Profiles] comment
>>>> = Roaming Profile Share path = /var/lib/samba/profiles read
>>> only = No
>>>> profile acls = Yes
>>>>
>>>>
>>>>
>>> --
>>> Stephen Mulcahy, Applepie Solutions Ltd, Innovation in
>>> Business Center,
>>> GMIT, Dublin Rd, Galway, Ireland. mailto:smulcahy at aplpi.com
>>> mobile:+353.87.2930252 office:+353.91.751262 http://www.aplpi.com
>>>
>>>
>
--
Stephen Mulcahy, Applepie Solutions Ltd, Innovation in Business Center,
GMIT, Dublin Rd, Galway, Ireland. mailto:smulcahy at aplpi.com
mobile:+353.87.2930252 office:+353.91.751262 http://www.aplpi.com
More information about the samba
mailing list