[Samba] "Windows cannot obtain the domain controller name foryour computer network" error on XP Pro SP2 clients for Samba 3.0.23dPDC

stephen mulcahy smulcahy at aplpi.com
Mon Feb 12 13:25:53 GMT 2007


Hi,

While perusing the SAMBA HOWTOs I decided to try some of the validation
steps including the wins test at
http://www.samba.org/samba/docs/man/Samba-Guide/secure.html#ch4valid

If I try the following,

1. start samba with "wins support = yes"
2. edit /etc/nsswitch.conf and change hosts to wins only.
3. ping the samba server and I get "unknown host" error.

Does this suggest my wins configuration is broken? I verified in this
case that nmbd was running and the log.nmbd doesn't contain any obvious
error messages.

Thanks,

-stephen

stephen mulcahy wrote:
> Hi,
> 
> In effort to resolve the 1054 errors on the XP client, I tried to create
> a new test domain on a separate server and join one of the XP clients to
> that.
> 
> The joining process went smoothly (with one caveat below) but I notice
> the same event is logged in the new domain. I notice that is it
> preceeded by an AutoEnrollment error with event id 15 which is discussed
> here - http://lists.linux.org.au/archives/lias/2002-November/msg00033.html
> 
> Is it possible that this is connected to my errors? Did I miss some
> documentation in the Samba HOWTO relating to my XP client setup?
> 
> On a related note, when I restarted the XP client for the first time
> after joining the new test domain, it displayed a dialog on the login
> screen saying "Please wait while the domain list is created" which
> stayed there for a few minutes. Is that normal or is it indicative of a
> problem?
> 
> Finally, whats the most current recommended documentation for
> configuring Samba with a tdbsam backend as a PDC? I'm wondering if
> further reading of some fine manual may help me in my quest.
> 
> Thanks,
> 
> -stephen
> 
> stephen mulcahy wrote:
>> Hi Paul,
>>
>> Thanks for your reply. I tried adding the following to lmhosts as suggested,
>>
>> 10.1.2.3 duck	#PRE #DOM:APLPI
>>
>> and rebooted but I'm still seeing the same error (should I disable the
>> WINS server I have enabled in samba to correctly verify this?). I would
>> note that on the client if I type 'net view \\duck' this consistently
>> works suggesting that name resolution is working (but is there a better
>> way of testing name resolution in a samba environment?)
>>
>> I restarted samba with some additional logging and noted 2 things
>>
>> 1. Samba creates a log-file for the client with the ip address first and
>> then subsequently creates a log-file with the client name. Is this
>> normal or indicative of a problem?
>>
>> 2. I can clearly see the client successfully opening the NTConfig.POL
>> file (and the logon.cmd file) indicating that the client has connected
>> to and downloaded the policy file .. so the nature of the Event 1054
>> error is unclear to me ..
>>
>> [2007/02/08 14:35:20, 2] smbd/reply.c:reply_tcon_and_X(711)
>>   Serving IPC$ as a Dfs root
>> [2007/02/08 14:35:22, 2] smbd/reply.c:reply_tcon_and_X(711)
>>   Serving IPC$ as a Dfs root
>> [2007/02/08 14:35:22, 2] auth/auth.c:check_ntlm_password(309)
>>   check_ntlm_password:  authentication for user [smulcahy] -> [smulcahy]
>> -> [smulcahy] succeeded
>> [2007/02/08 14:35:22, 2] smbd/reply.c:reply_tcon_and_X(711)
>>   Serving IPC$ as a Dfs root
>> [2007/02/08 14:35:22, 2] auth/auth.c:check_ntlm_password(309)
>>   check_ntlm_password:  authentication for user [smulcahy] -> [smulcahy]
>> -> [smulcahy] succeeded
>> [2007/02/08 14:35:22, 1] smbd/service.c:make_connection_snum(950)
>>   puck (10.7.44.30) connect to service netlogon initially as user
>> smulcahy (uid=1000, gid=1000) (pid 29041)
>> [2007/02/08 14:35:22, 2] smbd/reply.c:reply_tcon_and_X(711)
>>   Serving netlogon as a Dfs root
>> [2007/02/08 14:35:22, 2] smbd/open.c:open_file(352)
>>   smulcahy opened file NTConfig.POL read=Yes write=No (numopen=1)
>> [2007/02/08 14:35:22, 2] smbd/close.c:close_normal_file(344)
>>   smulcahy closed file NTConfig.POL (numopen=0)
>> [2007/02/08 14:35:22, 1] smbd/service.c:make_connection_snum(950)
>>   puck (10.7.44.30) connect to service smulcahy initially as user
>> smulcahy (uid=1000, gid=1000) (pid 29041)
>> [2007/02/08 14:35:22, 2] smbd/reply.c:reply_tcon_and_X(711)
>>   Serving smulcahy as a Dfs root
>> [2007/02/08 14:35:23, 2] smbd/open.c:open_file(352)
>>   smulcahy opened file logon.cmd read=Yes write=No (numopen=1)
>> [2007/02/08 14:35:23, 2] smbd/open.c:open_file(352)
>>   smulcahy opened file logon.cmd read=Yes write=No (numopen=2)
>>
>> Not sure if that is any help in the grand scheme of things but I'm
>> running out of ideas on how to resolve this.
>>
>> Is it possible that something is being cached somewhere? I've tried
>> removing the machine from the domain (deleting the tdbsam entry with
>> pdbedit -x and the password entry for the machine) rejoining the client
>> to the domain in the hope that it might reset something but to no effect
>> -- are there additional steps I should perform to ensure there are no
>> traces of the client/domain membership remaining on either the client or
>> samba?
>>
>> Thanks,
>>
>> -stephen
>>
>>
>> Paul McGrath wrote:
>>> It could be a name resolving issue.  Try creating a lmhosts file in the
>>> etc folder using the examples listed in the file. Copy lmhosts.sam
>>> lmhosts then edit the lmhosts file (it doesn't have an extension).
>>> 111.111.111.1	dc-server	#PRE #DOM:mydomain
>>>
>>> Then reboot.
>>>
>>> If you don't have a WINS server and you havent entered this into your
>>> client then your best bet is to use the lmhosts file.  Also helps if
>>> your clients are on different subnets.
>>> Regards
>>> Paul
>>>
>>>> -----Original Message-----
>>>> From: stephen mulcahy [mailto:smulcahy at aplpi.com] 
>>>> Sent: Thursday 08 February 2007 10:29
>>>> To: samba at lists.samba.org
>>>> Subject: Re: [Samba] "Windows cannot obtain the domain 
>>>> controller name foryour computer network" error on XP Pro SP2 
>>>> clients for Samba 3.0.23dPDC
>>>>
>>>> Hi,
>>>>
>>>> Further debugging of this - I see that the logon.cmd is 
>>>> successfully executed by the Windows XP client even as it 
>>>> logs the 1054 Event -- the logon.cmd simply mounts some shares.
>>>>
>>>> Looking at the samba logs (default log level) I can't see any errors.
>>>>
>>>> Is this some browsing issue? Or a problem with name 
>>>> resolution? Any suggestions on tools to diagnose this further 
>>>> would be appreciated.
>>>>
>>>> Thanks,
>>>>
>>>> -stephen
>>>>
>>>> stephen mulcahy wrote:
>>>>> Hi,
>>>>>
>>>>> I've recently reinstalled our Samba server with a view to 
>>>> getting it 
>>>>> working as a PDC using the tdbsam backend. I've 
>>>> successfully connected 
>>>>> a number of XP Pro SP2 clients to the domain and can login 
>>>> ok, but I'm 
>>>>> have problems getting the clients to read/apply an 
>>>> NTConfig.POL file I 
>>>>> created following the instructions at 
>>>>> http://www.pcc-services.com/custom_poledit.html
>>>>>
>>>>> I'm seeing the following error logged in the event log on 
>>>> the XP Pro 
>>>>> SP2 clients,
>>>>>
>>>>> Event ID: 1054
>>>>> Source: Userenv
>>>>> Type: Error
>>>>> Description: Windows cannot obtain the domain controller 
>>>> name for your 
>>>>> computer network. (The specified domain either does not 
>>>> exist or exist 
>>>>> or could not be contacted). Group Policy processing aborted. Data:
>>>>> (unavailable)
>>>>>
>>>>> Some Googling turns up the following
>>>>>
>>>>> http://support.microsoft.com/kb/840669
>>>>>
>>>>> and various other postings on this on the net. In response to those 
>>>>> I've tried various combinations of the following,
>>>>>
>>>>> 1. Change from using DHCP to static IP on client.
>>>>> 2. Applied various registry hacks including turning DHCP 
>>>> media sensing off.
>>>>> 3. Disabled various network card options such as media sensing.
>>>>> 4. Forced the card to 100Mbps/full duplex (rather than auto).
>>>>> 5. Upgraded to the latest network card drivers.
>>>>> 6. Downgraded to older network card drivers.
>>>>>
>>>>> I'm getting the same error message on 3 XP Pro SP2 clients which I 
>>>>> test this on, all of which have gigabit broadcom cards (various 
>>>>> different chipsets). The knowledge base article suggests this is a 
>>>>> problem which occurs with gigabit cards .. short of trying 
>>>> adding new 
>>>>> network cards to the systems (some of which are laptops) - 
>>>> does anyone 
>>>>> have any suggestions on what I could try? I assumes others are 
>>>>> successfully running with a similar config or are PDCs with tdbsam 
>>>>> rare (or is that totally unrelated to the problems I'm 
>>>> experiencing).
>>>>> I've also tried using a Samba PDC config from the HOWTO 
>>>> rather than my 
>>>>> own hand-crafted one (see below for both).
>>>>>
>>>>> Samba version is 3.0.23d running on  2.6.17-2-686 Debian 
>>>> etch on Dell 
>>>>> Poweredge 1600sc with an Intel Corporation 82540EM Gigabit Ethernet 
>>>>> Controller (rev 02).
>>>>>
>>>>> I have a djbdns dhcp server on the network serving which references 
>>>>> the samba server as a wins server.
>>>>>
>>>>> Thanks,
>>>>>
>>>>> -stephen
>>>>>
>>>>> Original PDC config
>>>>>
>>>>> [global]
>>>>>    workgroup = XXXXX
>>>>>    netbios name = XXXX
>>>>>    server string = %h server (Samba %v)
>>>>>    log file = /var/log/samba/log.%m
>>>>>    max log size = 1000
>>>>>    syslog = 0
>>>>>    panic action = /usr/share/samba/panic-action %d
>>>>>    security = user
>>>>>    encrypt passwords = true
>>>>>    passdb backend = tdbsam
>>>>>    obey pam restrictions = yes
>>>>>    guest account = nobody
>>>>>    unix password sync = yes
>>>>>    passwd program = /usr/bin/passwd %u
>>>>>    pam password change = yes
>>>>>    domain logons = yes
>>>>>    os level = 40
>>>>>    logon path = \\%L\profiles\%U
>>>>>    logon drive = U:
>>>>>    logon home = \\%L\%U
>>>>>    logon script = logon.cmd
>>>>>    add machine script =  /usr/sbin/useradd -d 
>>>> /var/lib/nobody -g 1015 
>>>>> -s /bin/false  %u
>>>>>    load printers = yes
>>>>>    printing = cups
>>>>>    printcap name = cups
>>>>>    socket options = TCP_NODELAY
>>>>>    domain master = yes
>>>>>    preferred master = yes
>>>>>    wins support = yes
>>>>>    idmap uid = 10000-20000
>>>>>    idmap gid = 10000-20000
>>>>>    template shell = /bin/bash
>>>>>    smb ports = 445
>>>>>
>>>>> [homes]
>>>>>    comment = Home Directories
>>>>>    browseable = no
>>>>>    writable = yes
>>>>>    create mask = 0700
>>>>>    directory mask = 0700
>>>>>    hide files = /desktop.ini/ntuser.ini/NTUSER.*/RECYCLER/
>>>>>
>>>>> [printers]
>>>>>    comment = All Printers
>>>>>    browseable = no
>>>>>    path = /var/spool/samba
>>>>>    printable = yes
>>>>>    public = no
>>>>>    writable = no
>>>>>    create mode = 0700
>>>>>
>>>>>
>>>>> # Windows clients look for this share name as a source of 
>>>> downloadable 
>>>>> # printer drivers [print$]
>>>>>    comment = Printer Drivers
>>>>>    path = /var/lib/samba/printers
>>>>>    write list = root, @ntadmin
>>>>>    printer admin = root, @ntadmin
>>>>>
>>>>> [netlogon]
>>>>>    comment = Network Logon Service
>>>>>    path = /var/lib/samba/netlogon
>>>>>    guest ok = yes
>>>>>    writable = no
>>>>>    share modes = no
>>>>>
>>>>> # For profiles to work, create a user directory under the path # 
>>>>> shown. i.e., mkdir -p /var/lib/samba/profiles/maryo [profiles]
>>>>>    comment = Roaming Profile Share
>>>>>    path = /var/lib/samba/profiles
>>>>>    read only = No
>>>>>    profile acls = Yes
>>>>>
>>>>>
>>>>> PDC config from HOWTO
>>>>>
>>>>> [global]
>>>>> workgroup = XXXX
>>>>> netbios name = XXXX
>>>>> passdb backend = tdbsam
>>>>> printcap name = cups
>>>>> add user script = /usr/sbin/useradd -m %u delete user script = 
>>>>> /usr/sbin/userdel -r %u add group script = /usr/sbin/groupadd %g 
>>>>> delete group script = /usr/sbin/groupdel %g add user to 
>>>> group script = 
>>>>> /usr/sbin/groupmod -A %u %g delete user from group script = 
>>>>> /usr/sbin/groupmod -R %u %g add machine script = 
>>>> /usr/sbin/useradd -s 
>>>>> /bin/false -d /var/lib/nobody %u # Note: The following 
>>>> specifies the 
>>>>> default logon script.
>>>>> # Per user logon scripts can be specified in the user account using 
>>>>> pdbedit logon script = scripts\logon.bat # This sets the default 
>>>>> profile path. Set per user paths with pdbedit logon path = 
>>>>> \\%L\Profiles\%U logon drive = H:
>>>>> logon home = \\%L\%U
>>>>> domain logons = Yes
>>>>> os level = 35
>>>>> preferred master = Yes
>>>>> domain master = Yes
>>>>> idmap uid = 15000-20000
>>>>> idmap gid = 15000-20000
>>>>> printing = cups
>>>>> wins support = yes
>>>>>
>>>>> [homes]
>>>>> comment = Home Directories
>>>>> valid users = %S
>>>>> read only = No
>>>>> browseable = No
>>>>>
>>>>> # Printing auto-share (makes printers available thru CUPS) 
>>>> [printers] 
>>>>> comment = All Printers path = /var/spool/samba printer admin = root 
>>>>> create mask = 0600 guest ok = Yes printable = Yes browseable = No
>>>>>
>>>>> [print$]
>>>>> comment = Printer Drivers Share
>>>>> path = /var/lib/samba/drivers
>>>>> write list = root
>>>>> printer admin = root
>>>>>
>>>>> # Needed to support domain logons
>>>>> [netlogon]
>>>>> comment = Network Logon Service
>>>>> path = /var/lib/samba/netlogon
>>>>> admin users = root
>>>>> guest ok = Yes
>>>>> browseable = No
>>>>>
>>>>> # For profiles to work, create a user directory under the path # 
>>>>> shown. i.e., mkdir -p /var/lib/samba/profiles/maryo 
>>>> [Profiles] comment 
>>>>> = Roaming Profile Share path = /var/lib/samba/profiles read 
>>>> only = No 
>>>>> profile acls = Yes
>>>>>
>>>>>
>>>>>
>>>> -- 
>>>> Stephen Mulcahy, Applepie Solutions Ltd, Innovation in 
>>>> Business Center,
>>>>    GMIT, Dublin Rd, Galway, Ireland.      mailto:smulcahy at aplpi.com
>>>>   mobile:+353.87.2930252  office:+353.91.751262  http://www.aplpi.com
>>>>
>>>>
> 

-- 
Stephen Mulcahy, Applepie Solutions Ltd, Innovation in Business Center,
   GMIT, Dublin Rd, Galway, Ireland.      mailto:smulcahy at aplpi.com
  mobile:+353.87.2930252  office:+353.91.751262  http://www.aplpi.com


More information about the samba mailing list