[Samba] PDC cannot become master browser; cannot change passwords

Bruno La Torre b.latorre at sdslaw.com
Thu Jul 31 16:13:06 GMT 2008 

Kevin DeGraaf ha scritto:
> I am having two problems, possibly related, while performing 
> pre-deployment testing of a Samba/OpenLDAP PDC with data that was 
> vampired from an NT4 PDC.  The Samba server fails to become a local 
> master browser, and password change attempts (from a Windows client) 
> fail.
>
> I followed Samba-Guide/ntmigration.html (taking some liberties with 
> various items of configuration), ending with step #19.  No problems 
> were encountered.
>
> I isolated the server and a client on a separate network, promoted 
> Samba to a PDC (step #21), and started the Samba daemons.
>
> On the closed network are the following machines:
>
> Software: Debian Etch, Samba 3.0.24
> NetBIOS: SPACETIME
> Address: 192.168.1.2
> Netmask: 255.255.255.0
> Gateway: none
>
> Software: Windows XP Professional
> NetBIOS: ICE-LT021
> Address: 192.168.1.50
> Netmask: 255.255.255.0
> Gateway: none
> DNS: 192.168.1.2
> WINS: 192.168.1.2
>
> Here are my config files and logs:
>   http://kdegraaf.net/samba-wtf/smb.conf
>   http://kdegraaf.net/samba-wtf/slapd.conf
>   http://kdegraaf.net/samba-wtf/log.smbd
>   http://kdegraaf.net/samba-wtf/log.nmbd
>   http://kdegraaf.net/samba-wtf/log.192.168.1.50
>   http://kdegraaf.net/samba-wtf/log.ice-lt021
>
> The server is running dnscache on 192.168.1.2 and tinydns on 
> 127.0.0.1.  The client can ping the server by hostname, indicating 
> that DNS and basic TCP/IP are in working order.  The client can 
> successfully join the domain and log in.
>
> Problem #1:
>
> register_name_response: server at IP 192.168.1.50 rejected our name 
> registration of INTERCLEAN<1d> IP 192.168.1.2 with error code 6.
>
> become_local_master_fail2: failed to register name INTERCLEAN<1d> on 
> subnet 192.168.1.2. Failed to become a local master browser.
>
> unbecome_local_master_browser: unbecoming local master for workgroup 
> INTERCLEAN on subnet 192.168.1.2
>
> Seriously?  Clients can tell servers to stop being servers?  Imagine:
in the smb network every host can be a server, who is the server is who 
wins the election.
put  local master = yes in smb.conf and change os level = 255

> [CUT]
> Problem #2:
>
> I attempted to change my password from the Windows workstation.  The 
> request hung for 35 seconds and then I received an error: "The system 
> cannot change your password now because the domain INTERCLEAN is not 
> available."
>
>
I'm not sure but the admin must write on the tree ldap

> access to attr=userPassword,sambaNTPassword,sambaLMPassword,shadowLastChange
        by dn="cn=Manager,dc=interclean,dc=com" write
        by anonymous auth
>	by self write
>	by * auth

More information about the samba mailing list