[Samba] Re: Windows clients losing connection to Samba 3.0.27 PDC
on FC7 i386
Patrick Rynhart
prynhart at gmail.com
Tue Nov 27 21:36:04 GMT 2007
Hi Rubin,
Do you have any trusted domains and (if so) are users logging into a
trusted domain ? If this is the case, I would start smbd, nmbd normally
(i.e. as daemons) but then run a single winbindd process in interactive
mode, debug level 10.
i.e.
winbind -i -d 10
Check beforehand that no other winbindd processes are running (i.e. ps
aux |grep winbindd). Then I would attempt to logon from a member
workstaion. View the debug output to see if you can track any problems.
Ctrl-Z (i.e. background) may help here ("fg" to resume) as there could
be a lot of output.
If you don't have any trusted domains (and therefore aren't running
winbindd) then the approach I take is very similar. Start nmbd normally
(i.e. as a background daemon) but then run smbd as an interactive
process, again in debug level 10 mode.
i.e.
smbd -i -d 10
From what you're describing, there may be a problem with the machine
account for the affected machines. Look for something like
NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE or some other NT STATUS code
(these are defined in source/include/nterr.h if you happen to have the
Samba source on your domain controller).
Regards,
Patrick
Rubin Bennett wrote:
> Hello all...
>
> I have a site of about 50 pcs connected to a Samba domain controller.
> The domain has been running flawlessly for several years through several
> upgrades, and the last one (From Fedora Core 4/ Samba 3.0.23a to FC7/
> Samba 3.0.27) seems to have caused something to come unglued.
>
> The Workstations are periodically booting up in the morning and being
> unable to contact the domain controller. The Samba server is giving
> failed authentication errors for the workstation itself (not the
> username/ password) in log.{workstation}.
>
> The upgrade was done nearly a month ago, and roughly 1/2 of the
> workstations in the network were unable to connect the following
> morning. It happened again last week and about 10 more workstations
> were affected. And it happened again today, where 1 workstation and a
> member server (Win2003r2) lost their credentials. This time it was a
> really bad deal because the member server runs an application that is
> mission critical and therefore no one was able to work until it was
> fixed.
>
> In all cases, the users are able to log in by disconnecting their
> network cable and rebooting, then logging in with the cached credentials
> on the workstations. Reconnecting the NIC after login allowed the users
> to connect to network resources on the Samba PDC, and work until a
> reboot. A 'permanent' fix is to unjoin the PC from the domain and
> rejoin again.
>
> I had assumed that the issue was caused by the upgrade somehow, and that
> once every system had been re-joined it would go away. However, the
> workstation from this morning had been unjoined and rejoined once before
> and now I fear that the issue will keep cropping up all over the place.
>
> Ideas, suggestions, flames? I've copied my smb.conf below for your
> review as well.
>
> Thanks very much in advance,
> Rubin
>
> /etc/samba/smb.conf
> [global]
> workgroup = WORKGROUP
> netbios name = Server
> server string = Network File Server
> printcap name = cups
> enable privileges = yes
> load printers = yes
> printcap cache time = 60
> printing = cups
> keepalive = 10000
> log file = /var/log/samba/log.%m
> max log size = 50
>
> log level = 3
> security = user
> encrypt passwords = Yes
> map to guest = bad user
> os level = 65
> domain master = yes
> preferred master = yes
> passdb backend = tdbsam
>
> pam password change = yes
> socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192
> add machine script = /usr/sbin/useradd -d /dev/null -g 200
> -s /bin/false -M %u
>
> oplocks = no
> level2 oplocks = no
> domain logons = Yes
> logon script = login%G.bat
> logon drive = Z:
> logon home = \\server\%U
> logon path = \\server\profiles\%U
> wins support = Yes
> name resolve order = wins hosts bcast
> hide unreadable = Yes
>
> # Added in an attempt to fix broken tdbsam backend...
> idmap uid = 10000-20000
> idmap gid = 10000-20000
>
> dns proxy = yes
>
> #============================ Share Definitions
> ==============================
> [homes]
> comment = Home Directories
> create mask = 0700
> directory mask = 0700
> browseable = No
> writable = yes
>
> [netlogon]
> comment = Netlogon Scripts
> path = /var/lib/samba/netlogon
> comment = Network Logon Service
> path = /var/lib/samba/netlogon
> guest ok = yes
> writable = no
>
> [printers]
> comment = All Printers
> path = /var/spool/samba
> browseable = no
> guest ok = yes
> writable = no
> printable = yes
> create mode = 0700
> ;print command = lpr-cups -P %p -o raw %s -r
> use client driver = yes
>
> [print$]
> path = /var/lib/samba/printers
> read only = yes
> browseable = yes
> force group = noyle
> write list = @noyle root
> guest ok = yes
> inherit permissions = yes
>
> [profiles]
> path = /var/lib/samba/profiles
> browseable = no
> read only = No
> guest ok = yes
> writable = yes
> create mask = 0600
> directory mask = 0700
> root preexec = PROFILE='/var/lib/samba/profiles/%u'; if [ ! -e
> $PROFILE ]; \
> then mkdir -pm700 $PROFILE; chown '%u':'%g' $PROFILE;fi
>
>
More information about the samba
mailing list