[Samba] "Windows cannot obtain the domain controller name foryour
computer network" error on XP Pro SP2 clients for Samba 3.0.23dPDC
stephen mulcahy
smulcahy at aplpi.com
Mon Feb 12 13:25:53 GMT 2007
Hi,
While perusing the SAMBA HOWTOs I decided to try some of the validation
steps including the wins test at
http://www.samba.org/samba/docs/man/Samba-Guide/secure.html#ch4valid
If I try the following,
1. start samba with "wins support = yes"
2. edit /etc/nsswitch.conf and change hosts to wins only.
3. ping the samba server and I get "unknown host" error.
Does this suggest my wins configuration is broken? I verified in this
case that nmbd was running and the log.nmbd doesn't contain any obvious
error messages.
Thanks,
-stephen
stephen mulcahy wrote:
> Hi,
>
> In effort to resolve the 1054 errors on the XP client, I tried to create
> a new test domain on a separate server and join one of the XP clients to
> that.
>
> The joining process went smoothly (with one caveat below) but I notice
> the same event is logged in the new domain. I notice that is it
> preceeded by an AutoEnrollment error with event id 15 which is discussed
> here - http://lists.linux.org.au/archives/lias/2002-November/msg00033.html
>
> Is it possible that this is connected to my errors? Did I miss some
> documentation in the Samba HOWTO relating to my XP client setup?
>
> On a related note, when I restarted the XP client for the first time
> after joining the new test domain, it displayed a dialog on the login
> screen saying "Please wait while the domain list is created" which
> stayed there for a few minutes. Is that normal or is it indicative of a
> problem?
>
> Finally, whats the most current recommended documentation for
> configuring Samba with a tdbsam backend as a PDC? I'm wondering if
> further reading of some fine manual may help me in my quest.
>
> Thanks,
>
> -stephen
>
> stephen mulcahy wrote:
>> Hi Paul,
>>
>> Thanks for your reply. I tried adding the following to lmhosts as suggested,
>>
>> 10.1.2.3 duck #PRE #DOM:APLPI
>>
>> and rebooted but I'm still seeing the same error (should I disable the
>> WINS server I have enabled in samba to correctly verify this?). I would
>> note that on the client if I type 'net view \\duck' this consistently
>> works suggesting that name resolution is working (but is there a better
>> way of testing name resolution in a samba environment?)
>>
>> I restarted samba with some additional logging and noted 2 things
>>
>> 1. Samba creates a log-file for the client with the ip address first and
>> then subsequently creates a log-file with the client name. Is this
>> normal or indicative of a problem?
>>
>> 2. I can clearly see the client successfully opening the NTConfig.POL
>> file (and the logon.cmd file) indicating that the client has connected
>> to and downloaded the policy file .. so the nature of the Event 1054
>> error is unclear to me ..
>>
>> [2007/02/08 14:35:20, 2] smbd/reply.c:reply_tcon_and_X(711)
>> Serving IPC$ as a Dfs root
>> [2007/02/08 14:35:22, 2] smbd/reply.c:reply_tcon_and_X(711)
>> Serving IPC$ as a Dfs root
>> [2007/02/08 14:35:22, 2] auth/auth.c:check_ntlm_password(309)
>> check_ntlm_password: authentication for user [smulcahy] -> [smulcahy]
>> -> [smulcahy] succeeded
>> [2007/02/08 14:35:22, 2] smbd/reply.c:reply_tcon_and_X(711)
>> Serving IPC$ as a Dfs root
>> [2007/02/08 14:35:22, 2] auth/auth.c:check_ntlm_password(309)
>> check_ntlm_password: authentication for user [smulcahy] -> [smulcahy]
>> -> [smulcahy] succeeded
>> [2007/02/08 14:35:22, 1] smbd/service.c:make_connection_snum(950)
>> puck (10.7.44.30) connect to service netlogon initially as user
>> smulcahy (uid=1000, gid=1000) (pid 29041)
>> [2007/02/08 14:35:22, 2] smbd/reply.c:reply_tcon_and_X(711)
>> Serving netlogon as a Dfs root
>> [2007/02/08 14:35:22, 2] smbd/open.c:open_file(352)
>> smulcahy opened file NTConfig.POL read=Yes write=No (numopen=1)
>> [2007/02/08 14:35:22, 2] smbd/close.c:close_normal_file(344)
>> smulcahy closed file NTConfig.POL (numopen=0)
>> [2007/02/08 14:35:22, 1] smbd/service.c:make_connection_snum(950)
>> puck (10.7.44.30) connect to service smulcahy initially as user
>> smulcahy (uid=1000, gid=1000) (pid 29041)
>> [2007/02/08 14:35:22, 2] smbd/reply.c:reply_tcon_and_X(711)
>> Serving smulcahy as a Dfs root
>> [2007/02/08 14:35:23, 2] smbd/open.c:open_file(352)
>> smulcahy opened file logon.cmd read=Yes write=No (numopen=1)
>> [2007/02/08 14:35:23, 2] smbd/open.c:open_file(352)
>> smulcahy opened file logon.cmd read=Yes write=No (numopen=2)
>>
>> Not sure if that is any help in the grand scheme of things but I'm
>> running out of ideas on how to resolve this.
>>
>> Is it possible that something is being cached somewhere? I've tried
>> removing the machine from the domain (deleting the tdbsam entry with
>> pdbedit -x and the password entry for the machine) rejoining the client
>> to the domain in the hope that it might reset something but to no effect
>> -- are there additional steps I should perform to ensure there are no
>> traces of the client/domain membership remaining on either the client or
>> samba?
>>
>> Thanks,
>>
>> -stephen
>>
>>
>> Paul McGrath wrote:
>>> It could be a name resolving issue. Try creating a lmhosts file in the
>>> etc folder using the examples listed in the file. Copy lmhosts.sam
>>> lmhosts then edit the lmhosts file (it doesn't have an extension).
>>> 111.111.111.1 dc-server #PRE #DOM:mydomain
>>>
>>> Then reboot.
>>>
>>> If you don't have a WINS server and you havent entered this into your
>>> client then your best bet is to use the lmhosts file. Also helps if
>>> your clients are on different subnets.
>>> Regards
>>> Paul
>>>
>>>> -----Original Message-----
>>>> From: stephen mulcahy [mailto:smulcahy at aplpi.com]
>>>> Sent: Thursday 08 February 2007 10:29
>>>> To: samba at lists.samba.org
>>>> Subject: Re: [Samba] "Windows cannot obtain the domain
>>>> controller name foryour computer network" error on XP Pro SP2
>>>> clients for Samba 3.0.23dPDC
>>>>
>>>> Hi,
>>>>
>>>> Further debugging of this - I see that the logon.cmd is
>>>> successfully executed by the Windows XP client even as it
>>>> logs the 1054 Event -- the logon.cmd simply mounts some shares.
>>>>
>>>> Looking at the samba logs (default log level) I can't see any errors.
>>>>
>>>> Is this some browsing issue? Or a problem with name
>>>> resolution? Any suggestions on tools to diagnose this further
>>>> would be appreciated.
>>>>
>>>> Thanks,
>>>>
>>>> -stephen
>>>>
>>>> stephen mulcahy wrote:
>>>>> Hi,
>>>>>
>>>>> I've recently reinstalled our Samba server with a view to
>>>> getting it
>>>>> working as a PDC using the tdbsam backend. I've
>>>> successfully connected
>>>>> a number of XP Pro SP2 clients to the domain and can login
>>>> ok, but I'm
>>>>> have problems getting the clients to read/apply an
>>>> NTConfig.POL file I
>>>>> created following the instructions at
>>>>> http://www.pcc-services.com/custom_poledit.html
>>>>>
>>>>> I'm seeing the following error logged in the event log on
>>>> the XP Pro
>>>>> SP2 clients,
>>>>>
>>>>> Event ID: 1054
>>>>> Source: Userenv
>>>>> Type: Error
>>>>> Description: Windows cannot obtain the domain controller
>>>> name for your
>>>>> computer network. (The specified domain either does not
>>>> exist or exist
>>>>> or could not be contacted). Group Policy processing aborted. Data:
>>>>> (unavailable)
>>>>>
>>>>> Some Googling turns up the following
>>>>>
>>>>> http://support.microsoft.com/kb/840669
>>>>>
>>>>> and various other postings on this on the net. In response to those
>>>>> I've tried various combinations of the following,
>>>>>
>>>>> 1. Change from using DHCP to static IP on client.
>>>>> 2. Applied various registry hacks including turning DHCP
>>>> media sensing off.
>>>>> 3. Disabled various network card options such as media sensing.
>>>>> 4. Forced the card to 100Mbps/full duplex (rather than auto).
>>>>> 5. Upgraded to the latest network card drivers.
>>>>> 6. Downgraded to older network card drivers.
>>>>>
>>>>> I'm getting the same error message on 3 XP Pro SP2 clients which I
>>>>> test this on, all of which have gigabit broadcom cards (various
>>>>> different chipsets). The knowledge base article suggests this is a
>>>>> problem which occurs with gigabit cards .. short of trying
>>>> adding new
>>>>> network cards to the systems (some of which are laptops) -
>>>> does anyone
>>>>> have any suggestions on what I could try? I assumes others are
>>>>> successfully running with a similar config or are PDCs with tdbsam
>>>>> rare (or is that totally unrelated to the problems I'm
>>>> experiencing).
>>>>> I've also tried using a Samba PDC config from the HOWTO
>>>> rather than my
>>>>> own hand-crafted one (see below for both).
>>>>>
>>>>> Samba version is 3.0.23d running on 2.6.17-2-686 Debian
>>>> etch on Dell
>>>>> Poweredge 1600sc with an Intel Corporation 82540EM Gigabit Ethernet
>>>>> Controller (rev 02).
>>>>>
>>>>> I have a djbdns dhcp server on the network serving which references
>>>>> the samba server as a wins server.
>>>>>
>>>>> Thanks,
>>>>>
>>>>> -stephen
>>>>>
>>>>> Original PDC config
>>>>>
>>>>> [global]
>>>>> workgroup = XXXXX
>>>>> netbios name = XXXX
>>>>> server string = %h server (Samba %v)
>>>>> log file = /var/log/samba/log.%m
>>>>> max log size = 1000
>>>>> syslog = 0
>>>>> panic action = /usr/share/samba/panic-action %d
>>>>> security = user
>>>>> encrypt passwords = true
>>>>> passdb backend = tdbsam
>>>>> obey pam restrictions = yes
>>>>> guest account = nobody
>>>>> unix password sync = yes
>>>>> passwd program = /usr/bin/passwd %u
>>>>> pam password change = yes
>>>>> domain logons = yes
>>>>> os level = 40
>>>>> logon path = \\%L\profiles\%U
>>>>> logon drive = U:
>>>>> logon home = \\%L\%U
>>>>> logon script = logon.cmd
>>>>> add machine script = /usr/sbin/useradd -d
>>>> /var/lib/nobody -g 1015
>>>>> -s /bin/false %u
>>>>> load printers = yes
>>>>> printing = cups
>>>>> printcap name = cups
>>>>> socket options = TCP_NODELAY
>>>>> domain master = yes
>>>>> preferred master = yes
>>>>> wins support = yes
>>>>> idmap uid = 10000-20000
>>>>> idmap gid = 10000-20000
>>>>> template shell = /bin/bash
>>>>> smb ports = 445
>>>>>
>>>>> [homes]
>>>>> comment = Home Directories
>>>>> browseable = no
>>>>> writable = yes
>>>>> create mask = 0700
>>>>> directory mask = 0700
>>>>> hide files = /desktop.ini/ntuser.ini/NTUSER.*/RECYCLER/
>>>>>
>>>>> [printers]
>>>>> comment = All Printers
>>>>> browseable = no
>>>>> path = /var/spool/samba
>>>>> printable = yes
>>>>> public = no
>>>>> writable = no
>>>>> create mode = 0700
>>>>>
>>>>>
>>>>> # Windows clients look for this share name as a source of
>>>> downloadable
>>>>> # printer drivers [print$]
>>>>> comment = Printer Drivers
>>>>> path = /var/lib/samba/printers
>>>>> write list = root, @ntadmin
>>>>> printer admin = root, @ntadmin
>>>>>
>>>>> [netlogon]
>>>>> comment = Network Logon Service
>>>>> path = /var/lib/samba/netlogon
>>>>> guest ok = yes
>>>>> writable = no
>>>>> share modes = no
>>>>>
>>>>> # For profiles to work, create a user directory under the path #
>>>>> shown. i.e., mkdir -p /var/lib/samba/profiles/maryo [profiles]
>>>>> comment = Roaming Profile Share
>>>>> path = /var/lib/samba/profiles
>>>>> read only = No
>>>>> profile acls = Yes
>>>>>
>>>>>
>>>>> PDC config from HOWTO
>>>>>
>>>>> [global]
>>>>> workgroup = XXXX
>>>>> netbios name = XXXX
>>>>> passdb backend = tdbsam
>>>>> printcap name = cups
>>>>> add user script = /usr/sbin/useradd -m %u delete user script =
>>>>> /usr/sbin/userdel -r %u add group script = /usr/sbin/groupadd %g
>>>>> delete group script = /usr/sbin/groupdel %g add user to
>>>> group script =
>>>>> /usr/sbin/groupmod -A %u %g delete user from group script =
>>>>> /usr/sbin/groupmod -R %u %g add machine script =
>>>> /usr/sbin/useradd -s
>>>>> /bin/false -d /var/lib/nobody %u # Note: The following
>>>> specifies the
>>>>> default logon script.
>>>>> # Per user logon scripts can be specified in the user account using
>>>>> pdbedit logon script = scripts\logon.bat # This sets the default
>>>>> profile path. Set per user paths with pdbedit logon path =
>>>>> \\%L\Profiles\%U logon drive = H:
>>>>> logon home = \\%L\%U
>>>>> domain logons = Yes
>>>>> os level = 35
>>>>> preferred master = Yes
>>>>> domain master = Yes
>>>>> idmap uid = 15000-20000
>>>>> idmap gid = 15000-20000
>>>>> printing = cups
>>>>> wins support = yes
>>>>>
>>>>> [homes]
>>>>> comment = Home Directories
>>>>> valid users = %S
>>>>> read only = No
>>>>> browseable = No
>>>>>
>>>>> # Printing auto-share (makes printers available thru CUPS)
>>>> [printers]
>>>>> comment = All Printers path = /var/spool/samba printer admin = root
>>>>> create mask = 0600 guest ok = Yes printable = Yes browseable = No
>>>>>
>>>>> [print$]
>>>>> comment = Printer Drivers Share
>>>>> path = /var/lib/samba/drivers
>>>>> write list = root
>>>>> printer admin = root
>>>>>
>>>>> # Needed to support domain logons
>>>>> [netlogon]
>>>>> comment = Network Logon Service
>>>>> path = /var/lib/samba/netlogon
>>>>> admin users = root
>>>>> guest ok = Yes
>>>>> browseable = No
>>>>>
>>>>> # For profiles to work, create a user directory under the path #
>>>>> shown. i.e., mkdir -p /var/lib/samba/profiles/maryo
>>>> [Profiles] comment
>>>>> = Roaming Profile Share path = /var/lib/samba/profiles read
>>>> only = No
>>>>> profile acls = Yes
>>>>>
>>>>>
>>>>>
>>>> --
>>>> Stephen Mulcahy, Applepie Solutions Ltd, Innovation in
>>>> Business Center,
>>>> GMIT, Dublin Rd, Galway, Ireland. mailto:smulcahy at aplpi.com
>>>> mobile:+353.87.2930252 office:+353.91.751262 http://www.aplpi.com
>>>>
>>>>
>
--
Stephen Mulcahy, Applepie Solutions Ltd, Innovation in Business Center,
GMIT, Dublin Rd, Galway, Ireland. mailto:smulcahy at aplpi.com
mobile:+353.87.2930252 office:+353.91.751262 http://www.aplpi.com
More information about the samba
mailing list