[Samba] Windows Vista Woes PLZ help

James james at nttmcl.com
Thu Sep 20 16:23:09 GMT 2007 

Hi guys i asked about this a couple days ago but i'm guessing everyone 
glanced over it.

So here's my problem.
I have a SambaPDC with LDAP
With WinXP i can join/login the domain fine.
With WinVista i can join the domain but can't login to it after i join 
to the domain. It gives me an RPC failure. I noticed that it doesn't 
seem to even find the PDC.
I don't even get any transaction in my Samba log after i've ramped up 
the log level.
I also do a tcpdump and the first time i try to login i'll get some type 
of transaction but if i try again it won't even attempt to send packets 
to my PDC

I've already changed the ntlmv2 parameter in the vista machine.

Thanks in Advance
-James

Here's my Samba smb.conf:
[global]
workgroup = PDC-TEST
netbios name = vm00
server string = Samba %v


##### Domain Directives #####
os level = 65
preferred master = yes
domain master = yes
domain logons = yes
local master = yes
logon drive = Z:
#logon home = \\%L\%U
#logon path = \\%L\profiles\%U
name resolve order = wins lmhosts host bcast
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
wins support = yes
#interfaces = eth1

##### Generic Directives #####
hide dot files = yes
security = user
max log size = 1000
log level = 256
syslog = 1
username map = /etc/samba/smbusers

# Windows Vista Stuff
client lanman auth = no
client ntlmv2 auth = yes

#passdb backend = tdbsam
##### LDAP Directives #####
passdb backend = ldapsam:"ldap://ldap-master-test.example.com"
ldap suffix = dc=example,dc=com
ldap admin dn = cn=admin,dc=example,dc=com
ldap user suffix = ou=People
ldap group suffix = ou=Group
ldap machine suffix = ou=Hosts
ldap idmap suffix = ou=Idmap
idmap uid = 10000-20000
idmap gid = 10000-20000

add user script = /usr/sbin/smbldap-useradd -a -m "%u"
add machine script = /usr/sbin/smbldap-useradd -a -w "%u"
add group script = /usr/sbin/smbldap-groupadd -a -p "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"

passwd program = /usr/sbin/smbldap-passwd -u %u
passwd chat = "Changing password for*\nNew password*" %n\n "*Retype new 
password*" %n\n"


###### Comment Out to Disable PASSWD Sync #####
ldap passwd sync = yes
encrypt passwords = true

[homes]
   comment = Home Directories
   browseable = no
   writable = yes
   create mask = 0700
   directory mask = 0700
#   valid users = %S

[netlogon]
        path = /home/samba/netlogon
        guest ok = yes
        browseable = No

[profiles]
        path = /home/samba/profiles/
        read only = no
        create mask = 0600
        directory mask = 0700
        browseable = No
        guest ok = Yes
        profile acls = yes
        csc policy = disable
        # next line is a great way to secure the profiles
        #force user = %U
        # next line allows administrator to access all profiles
        #valid users = %U @"Domain Admins"

More information about the samba mailing list