[Samba] Notebook cannot open session when disconnected after samba PDC upgrade

christophe Ancey cancey at iia.fr
Fri Jul 27 15:13:17 GMT 2007 

Hello, 

I have a problem with my XP SP2 notebook user after a server upgrade. 
I was running a samba 3.0.14a-3 on a debian server with PDC settings, I'd have 
to change the server, and now I'm running a samba 3.0.24-ubuntu1.2 on a 
ubuntu feisty server.
But now, when my notebook users are disconnected from the network and can't 
reach the samba/PDC server, they can't open a session anymore. They got an 
error message saying that the windows can't find the domain controller. 
The server is not using any roaming profiles.
The strange bit is that it was working before the upgrade.

I'll explain below, but if you got any link or information that may help me 
solve this issue, that would be great. I can't find the good google search 
words to find revelant informations :( And, as the error seems to originate 
from the windows XP SP2 clients, I don't think I'll get revelant errors 
logs  - no trolls intended ;)

The server is a simple PDC with no LDAP support.

WHat I did is the following : 
I'd set up the new samba server on the new computer by copying the smb.conf.
I'd replicated all the linux user and group with GID and GID > 1000 from the 
old server. 
I'd imported the samba users using pdbedit.
I'd rsynced all the users directory.
i'd testparmed the old smb.conf, finding error only on "tdbsam guest" 
parameters, on printer admin option and on a specific shared mapped for non 
PDC users. Nothing that seems revelant with this login issue.
I've joined the domain with 
	net rpc join (which was successfull)
	and I'd the SID from net rpc getsid
Finally I did set the new server as a BDC with 
    local master = no
    domain master = no
    preferred master=no
    domain logons = yes
    idmap uid = 10000-20000
    idmap gid = 10000-20000
I shutted down the PDC, switched the BDC to PDC and everything worked fine.
My users profiles didn't change, so I've assumed everything was ok. 

But, now, I got this problem, and I don't know if I did something the wrong 
way during my migration, or if there is an option in the smb.conf I didn't 
set right. So, thank's in advance :)

Here is the smb.conf, in case it might help.

[global]
   workgroup = domain.net
   server string = %h
   #%h server (Samba %v)

#### Debugging/Accounting ####
   log file = /var/log/samba/log.%m
   max log size = 1000
   syslog = 0
   panic action = /usr/share/samba/panic-action %d

####### Authentication #######
   security = user
   encrypt passwords = true
   passdb backend = tdbsam
   obey pam restrictions = yes
   guest account = guest
   unix password sync = yes
   passwd program = /usr/bin/passwd %u
   passwd chat = *Enter\snew\sUNIX\spassword:* %n\n 
*Retype\snew\sUNIX\spassword:* %n\n .

########## Printing ##########
   printing = cups
   printcap name = cups

######## File sharing ########
    local master = yes
    preferred master = yes

    domain master = yes
    domain logons = yes
    idmap uid = 10000-20000
    idmap gid = 10000-20000
    template shell = /bin/bash
    os level = 64
    logon drive =
    logon path = 
    logon script = logon.cmd
    add machine script = /usr/sbin/useradd -d /dev/null -g 
100 -s /bin/false  -M %u

############ Misc ############
   socket options = TCP_NODELAY
   lock spin count = 10
   lock spin time = 20

#======================= Share Definitions =======================

[homes]
   comment = Home Directories
   browseable = no
   writable = yes
   create mask = 0775
   directory mask = 0775
   locking = yes
[printers]
   comment = All Printers
   browseable = no
   path = /tmp
   printable = yes
   public = no
   writable = no
   printer admin = root, @domadm
   create mode = 0700
   invalid users = morassuti

[netlogon]
   comment = Network Logon Service
   path = /home/samba/netlogon
   guest ok = yes
   read only = yes
   write list = root, @domadm
   browsable = no
   invalid users = morassuti

[publique]
   comment = public shared directory
   writable = yes
   path = /home/samba/public_smb
   public = yes
   guest ok = no
   nt acl support = true
   invalid users = morassuti
   locking = yes
   create mask = 0777
   directory mask = 0777   
   oplocks = yes
   veto oplock files = /*.mdb/*.MDB/*.ldb/
   #share modes = no
   strict locking = yes

[Dossiers]
   comment = Repertoire dossier
   writable = yes
   locking = no
   path = /home/
   public = yes
   guest ok = no
   nt acl support = true
   hide files = /home/samba

[echange]
   comment = public shared directory
   writable = yes
   locking = no
   path = /home/guests
   public = yes
   guest ok = yes
   guest only = yes

[print$]
  comment = Printer Drivers
  path = /home/samba/printer_drivers
  browseable = yes
  guest ok = no
  read only = yes
  write list = root, @domadm
  invalid users = morassuti

More information about the samba mailing list