[Samba] Samba as PDC with XP Client - Logon requires reboot
Ngo Bao Thai
thai at dirox.net
Wed Oct 17 03:15:30 GMT 2007
- I have the same problem with Samba PDC (+ LDAP) as Ron Segal has. I am
using WINS because I have 2 subnets. I dont use roaming profiles. The
permission of netlogon directory is 755.
- I also have another problem although I've set the option in global "local
master = yes", but I often get the message from log.nmbd (every 15 min as
you already know):
process_local_master_announce: Server WINDOWS-BOX at IP 192.168.0.x is
announcing itself as a local master browser for workgroup MYDOMAIN and we
think we are master. Forcing election.
Samba name server PDC has stopped being a local master browser for
workgroup MYDOMAIN on subnet 192.168.0.xx
What do you think about these 2 problems guys. What do you recommend us to
fix? And how can you explain about them?
This is my smb.conf
workgroup = mydomain
server string = PDC
netbios name = PDC
interfaces = 127.0.0.0/8 192.168.0.0/255.255.0.0
smb ports = 445 139
log file = /var/log/samba/log.%m
log level = 3
max log size = 1000
syslog = 0
logon home =
logon path =
logon drive =
panic action = /usr/share/samba/panic-action %d
security = user
encrypt passwords = true
passdb backend = ldapsam:ldap://127.0.0.1
ldap suffix = dc=mydomain,dc=com
ldap machine suffix = ou=Computers
ldap user suffix = ou=Users
ldap idmap suffix = ou=Users
ldap group suffix = ou=Groups
ldap admin dn = cn=manager,dc=mydomain,dc=com
ldap delete dn = no
add machine script = /usr/sbin/smbldap-useradd -w "%u"
add user script = /usr/sbin/smbldap-useradd -m "%u"
delete user script = /usr/sbin/smbldap-userdel "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
delete group script = /usr/sbin/smbldap-groupdel "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
ldap passwd sync = yes
obey pam restrictions = yes
guest account = nobody
; invalid users = root
; passwd program = /usr/bin/passwd %u
; passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* .
; pam password change = no
preferred master = yes
domain master = yes
os level = 255
domain logons = yes
enable privileges = yes
local master = yes
wins support = yes
wins proxy = no
name resolve order = wins lmhosts host bcast
max wins ttl = 518400
min wins ttl = 21600
dns proxy = no
time server = yes
null passwords = no
hide unreadable = yes
hide dot files = yes
logon script = logon.cmd
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE SO_RCVBUF=8192
; comment = Home Directories
; browseable = no
; root preexec = /etc/samba/mk_sambadir "/home/%u" "%u" "%g"
; guest ok = no
; inherit permissions = yes
comment = Network Logon Service
path = /home/samba/netlogon
browseable = no
guest ok = yes
writable = no
share modes = no
comment = All Printers
browseable = no
path = /var/spool/samba
printable = yes
public = no
writable = no
create mode = 0700
comment = Printer Drivers
path = /var/lib/samba/printers
browseable = yes
read only = yes
guest ok = no
Ngo Bao Thai
----- Original Message -----
From: "Gary Dale" <garydale at torfree.net>
To: <samba at lists.samba.org>
Sent: Tuesday, October 16, 2007 4:55 AM
Subject: Re: [Samba] Samba as PDC with XP Client - Logon requires
reboot -Help Please
> Ron Segal wrote:
>> Hi, I'm running the latest version of Samba with a tdbsam backend,
>> configured not to use roaming profiles. Two different XP clients (SP2)
>> are joined to the domain ok but users can only logon by rebooting before
>> entering their logon details. When users logoff and try to logon again
>> (or logon as a different user on the same machine) they get the standard
>> message 'windows cannot connect to the domain either because the domain
>> controller is down or because your computer account was not found.
>> Please try again later .. ' etc. Have tried fiddling with registry
>> entries and permissions but can't get this problem to go away. Any
>> ideas on this would be appreciated. Cheers.
> Have you checked your netlogon and/or profiles Unix permissions? You
> generally need to set them very, very loose and let Samba handle the
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
More information about the samba