[Samba] PDC: random problems,
especially NETLOGON script not always loading
L.P.H. van Belle
l.v.belle at bazuin.nl
Mon Feb 4 08:18:16 GMT 2008
make sure your pcname resolving works,
as i can see sofar, i think thats your problem.
Setup a Dynamic DNS on the PDC. ( dhcp + dhcp )
and to test this before you go to work.
fill in \windows\system32\drivers\etc\hosts
servername IPADRESS
do this on all of the pc's
and test again.
i bet this is your problem.
Louis
>-----Oorspronkelijk bericht-----
>Van: samba-bounces+belle=bazuin.nl at lists.samba.org
>[mailto:samba-bounces+belle=bazuin.nl at lists.samba.org] Namens
>Koen Linders
>Verzonden: vrijdag 1 februari 2008 12:03
>Aan: samba at lists.samba.org
>Onderwerp: [Samba] PDC: random problems,especially NETLOGON
>script not always loading
>
>Debian Latest stable.
>Linux newton 2.6.18-4-686
>Samba 3.0.24
>PDC
>
>3Com 3812 Gigabit switch (connection between WinXP client & server)
>Others connect through 3Com 3225 100 Mbit -> 3Com 3812 -> Server
>
>Windows XP SP2 fully updated.
>F-Secure client security (look down for firewall settings)
>
>In advance, thanks for reading this. Any suggestions are welcome!
>
>I'm having a hard time here. I read a whole lot, browses,
>searched. I try
>to provide as much info as possible but if you need more, Let me know.
>The main problem is the "randomness". Or atleast it looks
>random for me.
>
>People with mapped shares working for +1 year don't have connection
>problems. So most of the time it seems to work fine.
>But i really want to troubleshoot & get all errors out.
>
>I guess the problem i describe next also is the cause of
>random Roaming
>profile problems, but lets not focus on that part, too many
>random factors
>in my opinion. And they were only a part of the test. It might
>work if i
>get this problem solved.
>
>I got a script in the netlogon mapping drives dynamically
>depending on
>groups.
>I don't want them permanent. I don't want a workaround!
>
>Everything works fine, most of the time...
>Sometimes it seems the test pc doesn't see the netlogon during boot.
>But it's still accesible when browsing to the share and is executable.
>
>Through policy i tried setting:
>1)I tried setting detecting slow network (1Gbit though) on.
>or
>2) Also run script synchronously
>No changes.
>
>Firewall:
>Even when i change allow all trafic to Samba server in both directions.
>
>Firewall has all necessary port open in both directions:
>SMB (TCP) 445 SMB over TCP/IP (TCP)
>SMB (UDP) 445 SMB over TCP/IP (UDP)
>Windows Networking (1) 137-138 Both broadcast and multicast
>Windows
>network browsing
>Windows Networking (2) 139 Windows file sharing and
>network printers
>WINS(1) 42 Both broadcast and
>multicast WINS / Windows Internet Name
>Service (UDP)
>WINS(2) 42 WINS / Windows Internet
>Name Service (TCP)
>
>Windows doesn't show an error in the log, except the
>autoenrollment one,
>which is normal (no AD).
>Samba log file when it goes wrong (a bit lower).
>
>The error when it goes wrong:
>
>1) Error writing 5 bytes to client. -1. (Connection reset by peer):
>=> has to do with client going over NETBIOS (139) & 445 and
>closing one of
>2 connections
>Nothing wrong here.
>The weird part: For test: i blocked 137-138-139 on firewall
>and i couldn't
>connect to samba share...
>
>Server is listening on both 139 & 445:
>
>netstat -an | egrep '(137|138|139|445)'
>tcp 0 0 0.0.0.0:139 0.0.0.0:*
> LISTEN
>tcp 0 0 0.0.0.0:445 0.0.0.0:*
> LISTEN
>tcp 0 0 192.168.1.2:139 192.168.1.59:1075
>ESTABLISHED
>tcp 0 0 192.168.1.2:445 192.168.1.82:4409
>ESTABLISHED
>tcp 0 0 192.168.1.2:445 192.168.1.4:40578
>ESTABLISHED
>tcp 0 0 192.168.1.2:445 192.168.1.44:3465
>ESTABLISHED
>tcp 0 0 192.168.1.2:139 192.168.1.109:1209
>ESTABLISHED
>udp 0 0 192.168.1.2:137 0.0.0.0:*
>udp 0 0 0.0.0.0:137 0.0.0.0:*
>udp 0 0 192.168.1.2:138 0.0.0.0:*
>udp 0 0 0.0.0.0:138 0.0.0.0:*
>
>
>2) lib/util_sock.c:write_data(562)
> write_data: write failure in writing to client 192.168.1.98. Error
>Connection reset by peer
>=> Could this error point somewhere?
>
>Samba log:
>
>[2008/01/29 13:13:27, 0] lib/util_sock.c:get_peer_addr(1229)
> getpeername failed. Error was Transport endpoint is not connected
>[2008/01/29 13:13:27, 0] lib/access.c:check_access(327)
>[2008/01/29 13:13:27, 0] lib/util_sock.c:get_peer_addr(1229)
> getpeername failed. Error was Transport endpoint is not connected
> Denied connection from (0.0.0.0)
>[2008/01/29 13:13:27, 1] smbd/process.c:process_smb(1103)
>[2008/01/29 13:13:27, 0] lib/util_sock.c:get_peer_addr(1229)
> getpeername failed. Error was Transport endpoint is not connected
> Connection denied from 0.0.0.0
>[2008/01/29 13:13:27, 0] lib/util_sock.c:write_data(562)
> write_data: write failure in writing to client 192.168.1.98. Error
>Connection reset by peer
>[2008/01/29 13:13:27, 0] lib/util_sock.c:send_smb(769)
> Error writing 5 bytes to client. -1. (Connection reset by peer)
>[2008/01/29 13:13:27, 1] smbd/service.c:make_connection_snum(950)
> mpi057 (192.168.1.98) connect to service profiles initially
>as user
>verah (uid=1003, gid=1001) (pid 12835)
>[2008/01/29 13:13:27, 1] smbd/service.c:close_cnum(1150)
> mpi057 (192.168.1.98) closed connection to service profiles
>[2008/01/29 13:13:30, 1] smbd/service.c:make_connection_snum(950)
>
>
>Smb.conf:
>
>#======================= Global Settings =======================
>
>[global]
> netbios name = NEWTON
> workgroup = KOCALM
> domain master = yes
> domain logons = yes
> local master = yes
> preferred master = yes
> os level = 65
>
> wins support = yes
> name resolve order = wins lmhosts host bcast
>
> time server = yes
>
> security = user
> encrypt passwords = true
>
> browse list = yes
> browseable = no
> max disk size = 20480
>
>
> # [globals] User and group related
>
> idmap gid = 15000-20000
> add group script = /usr/sbin/groupadd %g
> delete group script = /usr/sbin/groupdel %g
>
> idmap uid = 15000-20000
> add user script = /usr/sbin/useradd -m %u
> delete user script = /usr/sbin/userdel -r %u
>
> add machine script = /usr/sbin/useradd -s /bin/false -d
>/dev/null -g
>machines %u
>
> passdb backend = tdbsam
> hosts allow = 192.168.1. 127.0.0.1
>
># logon home = \\NEWTON\%U
> logon path = \\NEWTON\profiles\%U
> logon script = logon.bat
># logon drive = H:
>
>
># printing = cups
> printcap name = cups
>
>[netlogon]
> comment = Network Logon Service
> path = /data/netlogon
> guest ok = yes
> browseable = No
>
>--
>To unsubscribe from this list go to the following URL and read the
>instructions: https://lists.samba.org/mailman/listinfo/samba
>
More information about the samba
mailing list