[Samba] problems with samba as pdc.

Steve Holdoway steve at greengecko.co.nz
Wed May 6 22:08:57 GMT 2009 

This is a really weird one. To the ( XP Pro ) client, I can join the domain, but can never log in. I've looked all over for a troubleshooting guide, but none have found the problem.

Help!!!

System: samba 3.3.4 on 64 bit debian lenny patched to current. Gigabit lan environment.

When Joining the domain ( over an openvpn connection ), the client log shows:

[2009/05/07 09:52:08,  0] lib/util_sock.c:read_socket_with_timeout(939)
[2009/05/07 09:52:08,  0] lib/util_sock.c:get_peer_addr_internal(1676)
  getpeername failed. Error was Transport endpoint is not connected
  read_socket_with_timeout: client 0.0.0.0 read error = Connection reset by peer.
[2009/05/07 09:52:08,  2] auth/auth.c:check_ntlm_password(308)
  check_ntlm_password:  authentication for user [administrator] -> [root] -> [root] succeeded
[2009/05/07 09:52:19,  2] auth/auth.c:check_ntlm_password(308)
  check_ntlm_password:  authentication for user [administrator] -> [root] -> [root] succeeded
[2009/05/07 09:52:23,  2] rpc_server/srv_samr_nt.c:_samr_LookupDomain(3479)
  Returning domain sid for domain DOMAIN -> S-1-5-21-3667122653-3695686155-1601600535
[2009/05/07 09:52:31,  0] smbd/service.c:make_connection_snum(897)
  make_connection: connection to IPC$ denied due to security descriptor.
[2009/05/07 09:52:31,  0] smbd/service.c:make_connection_snum(897)
  make_connection: connection to IPC$ denied due to security descriptor.


Error messages seen:

log.winbindd: ( my gut feeling is that if I sort this one, it'll all start working! )
[2009/05/07 09:36:22,  1] winbindd/winbindd_cm.c:cm_prepare_connection(967)
  failed tcon_X with NT_STATUS_ACCESS_DENIED

log.nmbd:
[2009/05/07 09:34:31,  2] nmbd/nmbd_browsesync.c:sync_with_dmb(151)
  sync_with_dmb:
  Initiating sync with domain master browser SERVER<20> at IP 192.168.xx.yyy for workgroup DOMAIN
[2009/05/07 09:49:33,  2] nmbd/nmbd_browsesync.c:announce_local_master_browser_to_domain_master_browser(107)
  announce_local_master_browser_to_domain_master_browser:
  We are both a domain and a local master browser for workgroup DOMAIN.  Do not announce to ourselves.

log.smbd shows nothing except printcap warnings.


When I attempt to log in to the domain I get the windows error message
"Windows cannot connect you to the domain, either because the domain controller is down or otherwise unavailable, or because youe computer account was not found. Please try again later. If this message continues to appear, contact your systems administrator for assistance."

log.winbindd:
[2009/05/07 09:59:41,  1] winbindd/winbindd_cm.c:cm_prepare_connection(967)
  failed tcon_X with NT_STATUS_ACCESS_DENIED

log.winbindd-idmap:
[2009/05/07 09:59:38,  1] winbindd/winbindd_cm.c:cm_prepare_connection(967)
  failed tcon_X with NT_STATUS_ACCESS_DENIED

log.wb-DOMAIN:
[2009/05/07 09:59:41,  1] winbindd/winbindd_cm.c:cm_prepare_connection(967)
  failed tcon_X with NT_STATUS_ACCESS_DENIED


log.nmbd:
[2009/05/07 09:59:41,  2] nmbd/nmbd_browsesync.c:sync_with_lmb(60)
  sync_with_lmb:
  Initiating sync with local master browser CLIENT<0x20> at IP 192.168.aaa.bbb for workgroup DOMAIN
[2009/05/07 09:59:41,  2] nmbd/nmbd_synclists.c:sync_browse_lists(186)
  Initiating browse sync for DOMAIN to CLIENT(192.168.aaa.bbb)
[2009/05/07 09:59:42,  2] nmbd/nmbd_synclists.c:complete_sync(304)
  sync with CLIENT(192.168.aaa.bbb) for workgroup DOMAIN completed (2 records)

log.smbd - nothing relevant again:

-- 
Steve Holdoway <steve at greengecko.co.nz>
http://www.greengecko.co.nz

More information about the samba mailing list