[Samba] Samba as PDC with XP Client - Logon requires reboot -Help Please

Ngo Bao Thai thai at dirox.net
Wed Oct 17 03:15:30 GMT 2007 

Hi,

- I have the same problem  with Samba PDC (+ LDAP) as Ron Segal has. I am
using WINS because I have 2 subnets. I dont use roaming profiles. The
permission of netlogon directory is 755.
- I also have another problem although I've set the option in global "local
master =  yes", but I often get the message from log.nmbd (every 15 min as
you already know):
-----------snip-------------
  process_local_master_announce: Server WINDOWS-BOX at IP 192.168.0.x is
announcing itself as a local master browser for workgroup MYDOMAIN and we
think we are master. Forcing election.
[xxxxxx] nmbd/nmbd_become_lmb.c:unbecome_local_master_success(149)
  *****
  Samba name server PDC has stopped being a local master browser for
workgroup MYDOMAIN on subnet 192.168.0.xx
--------------snip----------------------------

What do you think about these 2 problems guys. What do you recommend us to
fix? And how can you explain about them?

================
This is my smb.conf
================
[global]
   workgroup = mydomain
   server string = PDC
   netbios name = PDC
   interfaces = 127.0.0.0/8 192.168.0.0/255.255.0.0
   smb ports = 445 139
   log file = /var/log/samba/log.%m
   log level = 3
   max log size = 1000
   syslog = 0
   logon home =
   logon path =
   logon drive =
   panic action = /usr/share/samba/panic-action %d
   security = user
   encrypt passwords = true

passdb backend = ldapsam:ldap://127.0.0.1
ldap suffix = dc=mydomain,dc=com
ldap machine suffix = ou=Computers
ldap user suffix = ou=Users
ldap idmap suffix = ou=Users
ldap group suffix = ou=Groups
ldap admin dn = cn=manager,dc=mydomain,dc=com
ldap delete dn = no
add machine script = /usr/sbin/smbldap-useradd -w "%u"
add user script = /usr/sbin/smbldap-useradd -m "%u"
delete user script = /usr/sbin/smbldap-userdel "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
delete group script = /usr/sbin/smbldap-groupdel "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
ldap passwd sync = yes

obey pam restrictions = yes
guest account = nobody
;   invalid users = root
 ;  passwd program = /usr/bin/passwd %u
  ; passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* .
;   pam password change = no

   preferred master = yes
   domain master = yes
   os level = 255
   domain logons = yes
   enable privileges = yes
   local master = yes
   wins support = yes
   wins proxy = no
   name resolve order = wins lmhosts host bcast
   max wins ttl = 518400
   min wins ttl = 21600
   dns proxy = no
   time server = yes
   null passwords = no
   hide unreadable = yes
   hide dot files = yes
   logon script = logon.cmd
  socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE SO_RCVBUF=8192
SO_SNDBUF=8192
;[homes]
 ; comment = Home Directories
 ; browseable = no
 ; root preexec = /etc/samba/mk_sambadir "/home/%u" "%u" "%g"
 ; guest ok = no
 ; inherit permissions = yes
[netlogon]
   comment = Network Logon Service
   path = /home/samba/netlogon
   browseable = no
   guest ok = yes
   writable = no
   share modes = no
[printers]
   comment = All Printers
   browseable = no
   path = /var/spool/samba
   printable = yes
   public = no
   writable = no
   create mode = 0700
[print$]
   comment = Printer Drivers
   path = /var/lib/samba/printers
   browseable = yes
   read only = yes
   guest ok = no
=========================

Thank you,
Ngo Bao Thai

----- Original Message ----- 
From: "Gary Dale" <garydale at torfree.net>
To: <samba at lists.samba.org>
Sent: Tuesday, October 16, 2007 4:55 AM
Subject: Re: [Samba] Samba as PDC with XP Client - Logon requires 
reboot -Help Please


> Ron Segal wrote:
>> Hi, I'm running the latest version of Samba with a tdbsam backend,
>> configured not to use roaming profiles. Two different XP clients (SP2)
>> are joined to the domain ok but users can only logon by rebooting before
>> entering their logon details.  When users logoff and try to logon again
>> (or logon as a different user on the same machine) they get the standard
>> message 'windows cannot connect to the domain either because the domain
>> controller is down or because your computer account was not found.
>> Please try again later .. ' etc.  Have tried fiddling with registry
>> entries and permissions but can't get this problem to go away.  Any
>> ideas on this would be appreciated. Cheers.
>>
> Have you checked your netlogon and/or profiles Unix permissions? You 
> generally need to set them very, very loose and let Samba handle the 
> security.
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list