[Samba] Problems since upgrade from 3.0.23 to 3.0.25b

Jason Baker jbaker at glastender.com
Mon Jul 16 18:08:07 GMT 2007 

I have a working Samba PDC, I can log in and out from a windows xp 
workstation. I recently upgraded to 3.0.25b-33 and now, when I add a new 
user, I get:

    The system cannot log you on due to the following error:
    A device attached to the system is not fuctioning
    Please try again or consult your system administrator

I have network connectivity. I was able to join this machine to the 
domain through windows xp. I can log on to the domain from this machine 
with an existing user. All file and directory permissions are correct:

If I run the smbclient command I get:

    session setup failed: NT_STATUS_NO_LOGON_SERVERS

Samba is indeed running. If I run smbclient with an existing user I get:

Domain=[GLASTENDERNET] OS=[Unix] Server=[Samba 3.0.25b-SerNet-RedHat]

        Sharename       Type      Comment
        ---------       ----      -------
        IPC$            IPC       IPC Service (Glastender File Server)
        supervisors     Disk      Supervisors
        shadowrods      Disk      Shadowrods
        sales           Disk      Sales
        safety          Disk      Safety
        quality         Disk      Quality
        purchasing      Disk      Purchasing
        production      Disk      Production
        marketing       Disk      Marketing
        managers        Disk      Managers
        it              Disk      Infomation Systems
        human_resources Disk      Human Resources
        engineering     Disk      Engineering
        accounting      Disk      Accounting
        shared          Disk      Public Share
Domain=[GLASTENDERNET] OS=[Unix] Server=[Samba 3.0.25b-SerNet-RedHat]

        Server               Comment
        ---------            -------
        ASTER                Glastender Domain Controller running 
3.0.25b-Ser
        HENBANE              Glastender File Server

        Workgroup            Master
        ---------            -------
        GLASTENDERNET        ASTER

I found this entry in the domain controllers samba log:

    [2007/07/16 13:55:13, 5]
    rpc_server/srv_netlog_nt.c:_net_sam_logon_internal(934)
      _net_sam_logon: check_password returned status NT_STATUS_OK
    [2007/07/16 13:55:13, 1]
    rpc_server/srv_netlog_nt.c:_net_sam_logon_internal(1004)
      _net_sam_logon: user GLASTENDERNET\jrolfe has user sid
    S-1-5-21-3568796296-2565465778-716510536-3404
       but group sid S-1-5-21-1194936901-2368177035-684874509-513.
      The conflicting domain portions are not supported for NETLOGON calls
    <----------------------CUT---------------------->
    [2007/07/16 13:55:13, 5] rpc_parse/parse_prs.c:prs_ntstatus(769)
          001c status      : NT_STATUS_UNSUCCESSFUL
    [2007/07/16 13:55:13, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305)
      api_rpcTNP: called NETLOGON successfully

My smb.conf file:

[global]   
    unix charset = LOCALE
   workgroup = glastendernet
    netbios name = aster
    server string = Glastender Domain Controller running %v
    interfaces = eth1, lo
    bind interfaces only = yes
    os level = 255
    preferred master = yes
    local master = yes
    domain master = yes
   security = user
    time server = yes
    username map = /etc/samba/smbusers
    wins support = yes
    encrypt passwords = yes
    pam password change = yes   
    name resolve order = wins bcast hosts
    winbind nested groups = no
    passdb backend = ldapsam:ldap://aster.glastender.com
    ldap passwd sync = Yes
    ldap suffix = dc=glastender,dc=com
    ldap admin dn = cn=Manager,dc=glastender,dc=com
    ldap ssl = no
    ldap group suffix = ou=Groups
    ldap user suffix = ou=People
    ldap machine suffix = ou=People
    ldap idmap suffix = ou=Idmap
    idmap backend = ldap:ldap://aster.glastender.com
   idmap uid = 10000-20000
   idmap gid = 10000-20000
    map acl inherit = yes   
    add user script = /etc/smbldap-tools/smbldap-useradd -m "%u"
    #delete user script = /etc/smbldap-tools/smbldap-userdel "%u"
    add machine script = /etc/smbldap-tools/smbldap-useradd -w "%u"
    add group script = /etc/smbldap-tools/smbldap-groupadd -p "%g"
    #delete group script = /etc/smbldap-tools/smbldap-groupdel "%g"
    add user to group script = /etc/smbldap-tools/smbldap-groupmod -m 
"%u" "%g"
    delete user from group script = /etc/smbldap-tools/smbldap-groupmod 
-x "%u" "%g"
    set primary group script = /etc/smbldap-tools/smbldap-usermod -g 
"%g" "%u"
    domain logons = yes
    log file = /var/log/samba/log.%m
    log level = 5
    syslog = 0
    max log size = 50
    #smb ports = 139 445
    smb ports = 139
    hosts allow = 127.0.0.1 172.16.0.0/255.255.0.0
    # User profiles and home directories
    logon drive = U:
    logon path = \\%L\profiles\%U
    logon script = %U.bat
    large readwrite = no
        read raw = no
        write raw = no
        printcap name = /etc/printcap
        load printers = no
        printing =
   template shell = /bin/false
   winbind use default domain = no

#=========Shares=======
[homes]
    comment = Home Directories
    browseable = no
    read only = no
    write list = %U
    create mask = 0600
    directory mask = 0700
    force user = %U

[profiles]
    comment = Profile Share
    path = /var/lib/samba/profiles
    writeable = yes
    browseable = no
    profile acls = yes

[netlogon]
    path = /var/lib/samba/netlogon
    guest ok = yes
    locking = no

LDAP is also working fine. I'm at a loss to figure this out.

-- 

*Jason Baker
*/IT Coordinator/


*Glastender Inc.*
5400 North Michigan Road
Saginaw, Michigan 48604 USA
800.748.0423
Phone: 989.752.4275 ext. 228
Fax: 989.752.4444
www.glastender.com <http://www.glastender.com>

-----BEGIN GEEK CODE BLOCK----- 
Version: 3.1
GIT$ d- s: a C++$ LU+++$ P+ L++>L++++ !E--- W+++ N o? K?
w !O M !V PS PE++ Y? PGP- t 5? X+ R+ tv+ b- DI-- D++ G e+ h--- 
r+++ y+++
------END GEEK CODE BLOCK------

More information about the samba mailing list