[Samba] PDC: random problems, especially NETLOGON script not always loading

L.P.H. van Belle l.v.belle at bazuin.nl
Mon Feb 4 08:18:16 GMT 2008


make sure your pcname resolving works, 

as i can see sofar, i think thats your problem.

Setup a Dynamic DNS on the PDC. ( dhcp + dhcp )

and to test this before you go to work.

fill in \windows\system32\drivers\etc\hosts 
servername 	IPADRESS

do this on all of the pc's 
and test again.

i bet this is your problem.

Louis


>-----Oorspronkelijk bericht-----
>Van: samba-bounces+belle=bazuin.nl at lists.samba.org 
>[mailto:samba-bounces+belle=bazuin.nl at lists.samba.org] Namens 
>Koen Linders
>Verzonden: vrijdag 1 februari 2008 12:03
>Aan: samba at lists.samba.org
>Onderwerp: [Samba] PDC: random problems,especially NETLOGON 
>script not always loading
>
>Debian Latest stable.
>Linux newton 2.6.18-4-686
>Samba 3.0.24
>PDC
>
>3Com 3812 Gigabit switch (connection between WinXP client & server)
>Others connect through 3Com 3225 100 Mbit -> 3Com 3812 -> Server
>
>Windows XP SP2 fully updated.
>F-Secure client security (look down for firewall settings)
>
>In advance, thanks for reading this. Any suggestions are welcome!
>
>I'm having a hard time here. I read a whole lot, browses, 
>searched. I try  
>to provide as much info as possible but if you need more, Let me know.
>The main problem is the "randomness". Or atleast it looks 
>random for me.
>
>People with mapped shares working for +1 year don't have connection  
>problems. So most of the time it seems to work fine.
>But i really want to troubleshoot & get all errors out.
>
>I guess the problem i describe next also is the cause of 
>random Roaming  
>profile problems, but lets not focus on that part, too many 
>random factors  
>in my opinion. And they were only a part of the test. It might 
>work if i  
>get this problem solved.
>
>I got a script in the netlogon mapping drives dynamically 
>depending on  
>groups.
>I don't want them permanent. I don't want a workaround!
>
>Everything works fine, most of the time...
>Sometimes it seems the test pc doesn't see the netlogon during boot.
>But it's still accesible when browsing to the share and is executable.
>
>Through policy i tried setting:
>1)I tried setting detecting slow network (1Gbit though) on.
>or
>2) Also run script synchronously
>No changes.
>
>Firewall:
>Even when i change allow all trafic to Samba server in both directions.
>
>Firewall has all necessary port open in both directions:
>SMB (TCP)		445	SMB over TCP/IP (TCP)	
>SMB (UDP)		445	SMB over TCP/IP (UDP)
>Windows Networking (1)	137-138	Both broadcast and multicast	
>Windows  
>network browsing	
>Windows Networking (2)	139	Windows file sharing and 
>network printers	
>WINS(1)			42	Both broadcast and 
>multicast	WINS / Windows Internet Name  
>Service (UDP)	
>WINS(2)			42	WINS / Windows Internet 
>Name Service (TCP)	
>
>Windows doesn't show an error in the log, except the 
>autoenrollment one,  
>which is normal (no AD).
>Samba log file when it goes wrong (a bit lower).
>
>The error when it goes wrong:
>
>1) Error writing 5 bytes to client. -1. (Connection reset by peer):
>=> has to do with client going over NETBIOS (139) & 445 and 
>closing one of  
>2 connections
>Nothing wrong here.
>The weird part: For test: i blocked 137-138-139 on firewall 
>and i couldn't  
>connect to samba share...
>
>Server is listening on both 139 & 445:
>
>netstat -an | egrep '(137|138|139|445)'
>tcp        0      0 0.0.0.0:139             0.0.0.0:*          
>     LISTEN
>tcp        0      0 0.0.0.0:445             0.0.0.0:*          
>     LISTEN
>tcp        0      0 192.168.1.2:139         192.168.1.59:1075        
>ESTABLISHED
>tcp        0      0 192.168.1.2:445         192.168.1.82:4409        
>ESTABLISHED
>tcp        0      0 192.168.1.2:445         192.168.1.4:40578        
>ESTABLISHED
>tcp        0      0 192.168.1.2:445         192.168.1.44:3465        
>ESTABLISHED
>tcp        0      0 192.168.1.2:139         192.168.1.109:1209       
>ESTABLISHED
>udp        0      0 192.168.1.2:137         0.0.0.0:*
>udp        0      0 0.0.0.0:137             0.0.0.0:*
>udp        0      0 192.168.1.2:138         0.0.0.0:*
>udp        0      0 0.0.0.0:138             0.0.0.0:*
>
>
>2) lib/util_sock.c:write_data(562)
>   write_data: write failure in writing to client 192.168.1.98. Error  
>Connection reset by peer
>=> Could this error point somewhere?
>
>Samba log:
>
>[2008/01/29 13:13:27, 0] lib/util_sock.c:get_peer_addr(1229)
>   getpeername failed. Error was Transport endpoint is not connected
>[2008/01/29 13:13:27, 0] lib/access.c:check_access(327)
>[2008/01/29 13:13:27, 0] lib/util_sock.c:get_peer_addr(1229)
>   getpeername failed. Error was Transport endpoint is not connected
>   Denied connection from  (0.0.0.0)
>[2008/01/29 13:13:27, 1] smbd/process.c:process_smb(1103)
>[2008/01/29 13:13:27, 0] lib/util_sock.c:get_peer_addr(1229)
>   getpeername failed. Error was Transport endpoint is not connected
>   Connection denied from 0.0.0.0
>[2008/01/29 13:13:27, 0] lib/util_sock.c:write_data(562)
>   write_data: write failure in writing to client 192.168.1.98. Error  
>Connection reset by peer
>[2008/01/29 13:13:27, 0] lib/util_sock.c:send_smb(769)
>   Error writing 5 bytes to client. -1. (Connection reset by peer)
>[2008/01/29 13:13:27, 1] smbd/service.c:make_connection_snum(950)
>   mpi057 (192.168.1.98) connect to service profiles initially 
>as user  
>verah (uid=1003, gid=1001) (pid 12835)
>[2008/01/29 13:13:27, 1] smbd/service.c:close_cnum(1150)
>   mpi057 (192.168.1.98) closed connection to service profiles
>[2008/01/29 13:13:30, 1] smbd/service.c:make_connection_snum(950)
>
>
>Smb.conf:
>
>#======================= Global Settings =======================
>
>[global]
>	netbios name = NEWTON
>	workgroup = KOCALM
>	domain master = yes
>	domain logons = yes
>	local master = yes
>  	preferred master = yes
>	os level = 65
>
>	wins support = yes
>	name resolve order = wins lmhosts host bcast
>
>	time server = yes
>
>	security = user
>	encrypt passwords = true
>
>	browse list = yes
>	browseable = no
>	max disk size = 20480
>
>	
>	# [globals] User and group related
>
>	idmap gid = 15000-20000
>	add group script = /usr/sbin/groupadd %g
>	delete group script = /usr/sbin/groupdel %g
>
>	idmap uid = 15000-20000
>	add user script = /usr/sbin/useradd -m %u
>	delete user script = /usr/sbin/userdel -r %u
>	
>	add machine script = /usr/sbin/useradd -s /bin/false -d 
>/dev/null -g  
>machines %u
>
>	passdb backend = tdbsam
>	hosts allow = 192.168.1. 127.0.0.1	
>
>#	logon home = \\NEWTON\%U			
>	logon path = \\NEWTON\profiles\%U 		
>	logon script = logon.bat	
>#	logon drive = H:
>	
>
>#	printing = cups
>	printcap name = cups
>
>[netlogon]
>    	comment = Network Logon Service
>    	path = /data/netlogon
>    	guest ok = yes
>	browseable = No
>
>-- 
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/listinfo/samba
>



More information about the samba mailing list