[Samba] client/server signing disabled or not - domain Controller is down or unavailable

Kyle kl at attitia.com
Wed Oct 8 23:13:30 GMT 2008 

Hi Folks,

hoping someone can help me out please.

Using Samba 3.0.28-1.el5_2.1 on CentOS 5.2

I've read the samba docs wrt "incompatible settings between the Windows 
client and the Samba-3 server for schannel (secure channel) settings or 
smb signing". So, I've tried smb.conf with client/server 
signing/schannel at settings of 'yes', 'no' and 'auto' and with the XP 
settings;

"Domain member: Digitally encrypt or sign secure channel data (always)"
"Domain member: Digitally encrypr secure channel data (when possible)"
"Domain member: Digitally sign secure channel data (when possible)"

all set to both 'enabled' and 'disabled'.

Either way however, I continue to receive the;   "Windows cannot connect 
to the domain, either because the domain controller is down or otherwise 
unavailable, or because your computer account was not found...."

I have checked the passwd file to see the machine account was created. 
 From what I can read of passdb.tdb, the client's hostname certainly 
appears in the file. A 'net groupmap list' shows both PDC hostname and 
domain name SID are the same.

The only error I can find is in the individual host's log;

[2008/10/09 09:56:59, 2] smbd/sesssetup.c:setup_new_vc_session(1209)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close 
all old resources.
[2008/10/09 09:56:59, 2] smbd/sesssetup.c:setup_new_vc_session(1209)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close 
all old resources.
[2008/10/09 09:56:59, 2] smbd/service.c:make_connection_snum(605)
  guest user (from session setup) not permitted to access this share (IPC$)


I'm a bit stumped. smb.conf for appraisal is below. Can you help pls?

----------------------------------------------------------------------------------------
[global]
# Domain Controller
# -----------------
domain master = yes
domain logons = yes
security = user
os level = 95

# Domain Options
# --------------
passdb backend = tdbsam
admin users = @admins
unix password sync = yes
passwd program = /usr/bin/userpasswd %u
passwd chat = *password:* %n\n *password:* %n\n *successfully.*
netbios name = Bottlenose
workgroup = ATTITIA
server string =

bind interfaces only = yes
interfaces = lo eth1
smb ports = 139

guest account = nobody
encrypt passwords = yes
; smb passwd file = /etc/samba/smbpasswd
# Unix users can map to different SMB User names
; username map = /etc/samba/smbusers

syslog = false
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
dns proxy = no
utmp = yes
time server = yes
preserve case = yes
deadtime = 15

client signing = auto
server signing = auto
client schannel = auto
server schannel = auto

restrict anonymous = 2
hide unreadable = yes

# WINS / VPN
# ----------
wins support = yes

# Other handy directives
# ----------------------
preferred master = yes
# remote announce = 192.168.<x.x>
# remote browse sync =

# Logon options
# -------------
logon home = \\%N\%U
logon drive = H:
logon script = %U.cmd

# Disable roaming profiles
; logon home =
logon path =
# Enable roaming profiles
; logon home = \\%L\%U
; logon path = \\%L\profiles\%m\%u

# For low-risk security reasons on Win2000/WinXP networks (no Win98)
# Using the following line enables you to customise your configuration
# on a per machine basis. The %m gets replaced with the netbios name
# of the machine that is connecting
include = /etc/samba/%m.smb.conf

# Authconfig adds these
#----------------------
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
template shell = /bin/false

winbind use default domain = no

# PDC Scripts
#----
add user script = /usr/sbin/useradd -n -g smb-users -m %u
delete user script = /usr/sbin/userdel %u
add user to group script = /usr/sbin/usermod -G %g %u
add group script = /etc/samba/smbGrpAdd.sh "%g"
delete user from group script = /usr/sbin/userdel %u %g
delete group script = /usr/sbin/groupdel %g
add machine script = /usr/sbin/useradd -d /dev/null -n -g smb-hosts -c 
"Machine Account (%u)" -M -s /bin/false %u

# Printing
# --------
use client driver = yes
printcap name = /etc/printcap
load printers = yes

# Logging
# -------
log level = 2
log file = /var/log/samba/%m.log
max log size = 50

# ============================ Share Definitions 
==============================

[netlogon]
comment = Attitia LAN Logon
path = /home/samba/netlogon
guest ok = yes
writable = no
; share modes = no

[homes]
valid users = %S
read only = no
browseable = no

[public]
comment = Public Shared
path = /home/shares/pub
browseable = yes
guest only = yes
writable = yes
public = yes

[ftpsite]
comment = Public FTP Folder
path = /var/ftp/pub
browseable = yes
guest only = yes
writable = yes
public = yes

include = /etc/samba/shares.conf

# [profiles]
# path = /home/samba/profiles
# read only = No
# create mask = 0600
# directory mask = 0700
# hide unwriteable files = yes
## profile acls = Yes


-- 
------------------------------------------------------------------------
Kind Regards

Kyle

More information about the samba mailing list