[Samba] Windows clients losing connection to Samba 3.0.27 PDC on FC7 i386

Rubin Bennett rbennett at thatitguy.com
Tue Nov 27 17:46:40 GMT 2007

Hello all...

I have a site of about 50 pcs connected to a Samba domain controller.
The domain has been running flawlessly for several years through several
upgrades, and the last one (From Fedora Core 4/ Samba 3.0.23a to FC7/
Samba 3.0.27) seems to have caused something to come unglued.

The Workstations are periodically booting up in the morning and being
unable to contact the domain controller.  The Samba server is giving
failed authentication errors for the workstation itself (not the
username/ password) in log.{workstation}.

The upgrade was done nearly a month ago, and roughly 1/2 of the
workstations in the network were unable to connect the following
morning.  It happened again last week and about 10 more workstations
were affected.  And it happened again today, where 1 workstation and a
member server (Win2003r2) lost their credentials.  This time it was a
really bad deal because the member server runs an application that is
mission critical and therefore no one was able to work until it was

In all cases, the users are able to log in by disconnecting their
network cable and rebooting, then logging in with the cached credentials
on the workstations.  Reconnecting the NIC after login allowed the users
to connect to network resources on the Samba PDC, and work until a
reboot.  A 'permanent' fix is to unjoin the PC from the domain and
rejoin again.

I had assumed that the issue was caused by the upgrade somehow, and that
once every system had been re-joined it would go away.  However, the
workstation from this morning had been unjoined and rejoined once before
and now I fear that the issue will keep cropping up all over the place.

Ideas, suggestions, flames?  I've copied my smb.conf below for your
review as well.

Thanks very much in advance,

  workgroup = WORKGROUP
  netbios name = Server
  server string = Network File Server
  printcap name = cups
  enable privileges = yes
  load printers = yes
  printcap cache time = 60
  printing = cups
  keepalive = 10000
  log file = /var/log/samba/log.%m
  max log size = 50

  log level = 3
  security = user
  encrypt passwords = Yes
  map to guest = bad user
  os level = 65
  domain master = yes
  preferred master = yes
  passdb backend = tdbsam

  pam password change = yes
  socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192
  add machine script = /usr/sbin/useradd -d /dev/null -g 200
-s /bin/false -M  %u

  oplocks = no
  level2 oplocks = no
  domain logons = Yes
  logon script = login%G.bat
  logon drive = Z:
  logon home = \\server\%U
  logon path = \\server\profiles\%U
  wins support = Yes
  name resolve order = wins hosts bcast
  hide unreadable = Yes

# Added in an attempt to fix broken tdbsam backend...
  idmap uid = 10000-20000
  idmap gid = 10000-20000

  dns proxy = yes

#============================ Share Definitions
  comment = Home Directories
  create mask = 0700
  directory mask = 0700
  browseable = No
  writable = yes

   comment = Netlogon Scripts
   path = /var/lib/samba/netlogon
   comment = Network Logon Service
   path = /var/lib/samba/netlogon
   guest ok = yes
   writable = no

  comment = All Printers
  path = /var/spool/samba
  browseable = no
  guest ok = yes
  writable = no
  printable = yes
  create mode = 0700
  ;print command = lpr-cups -P %p -o raw %s -r
   use client driver = yes

  path = /var/lib/samba/printers
  read only = yes
  browseable = yes
  force group = noyle
  write list = @noyle root
  guest ok = yes
  inherit permissions = yes

  path = /var/lib/samba/profiles
  browseable = no
  read only = No
  guest ok = yes
  writable = yes
  create mask = 0600
  directory mask = 0700
  root preexec = PROFILE='/var/lib/samba/profiles/%u'; if [ ! -e
                then mkdir -pm700 $PROFILE; chown '%u':'%g' $PROFILE;fi

More information about the samba mailing list