[Samba] A device attached to the system is not functioning (smbd -V 3.5.x)

Todd E Thomas todd_dsm at ssiresults.com
Sun Nov 14 16:22:56 MST 2010


Howdy,

I'm having one last problem with my Samba PDC with an ldap backend. When 
I add a machine to the domain I get the error, on my Win7 test client, 
that says:

The following error occurred attempting to join the domain "office":
A device attached to the system is not functioning.

Here are some particulars:
# smbd -V
Version 3.5.6 (configured sernet repo to install latest packages)

I'm using OpenLDAP v2.4.23

# cat /etc/redhat-release
CentOS release 5.5 (Final)

The Win7 client is a VM in VirtualBox. It does, in fact, have a device 
with no driver (sound card).
---

After adding the client to the domain and entering UN/PW, these are 
logged entries:

Nov 14 16:37:26 hostname smbd[18542]: [2010/11/14 16:37:26.344804,  2] 
param/loadparm.c:7859(do_section)
Nov 14 16:37:26 hostname smbd[18542]:   Processing section "[admingear]"
Nov 14 16:37:26 hostname smbd[18542]: [2010/11/14 16:37:26.345033,  2] 
param/loadparm.c:7859(do_section)
Nov 14 16:37:26 hostname smbd[18542]:   Processing section "[apps]"
Nov 14 16:37:26 hostname smbd[18542]: [2010/11/14 16:37:26.345199,  2] 
param/loadparm.c:7859(do_section)
Nov 14 16:37:26 hostname smbd[18542]:   Processing section "[docs]"
Nov 14 16:37:26 hostname smbd[18542]: [2010/11/14 16:37:26.345352,  2] 
param/loadparm.c:7859(do_section)
Nov 14 16:37:26 hostname smbd[18542]:   Processing section "[homes]"
Nov 14 16:37:26 hostname smbd[18542]: [2010/11/14 16:37:26.345543,  2] 
param/loadparm.c:7859(do_section)
Nov 14 16:37:26 hostname smbd[18542]:   Processing section "[netlogon]"
Nov 14 16:37:26 hostname smbd[18542]: [2010/11/14 16:37:26.345689,  2] 
param/loadparm.c:7859(do_section)
Nov 14 16:37:26 hostname smbd[18542]:   Processing section "[printers]"
Nov 14 16:37:26 hostname smbd[18542]: [2010/11/14 16:37:26.346143,  2] 
param/loadparm.c:7859(do_section)
Nov 14 16:37:26 hostname smbd[18542]:   Processing section "[print$]"
Nov 14 16:37:26 hostname smbd[18542]: [2010/11/14 16:37:26.431008,  1] 
param/loadparm.c:7605(lp_do_parameter)
Nov 14 16:37:26 hostname smbd[18542]:   WARNING: The "printer admin" 
option is deprecated
Nov 14 16:37:26 hostname smbd[18542]: [2010/11/14 16:37:26.498046,  2] 
param/loadparm.c:7859(do_section)
Nov 14 16:37:26 hostname smbd[18542]:   Processing section "[public]"
Nov 14 16:37:26 hostname smbd[18542]: [2010/11/14 16:37:26.573629,  2] 
printing/print_cups.c:550(cups_async_callback)
Nov 14 16:37:26 hostname smbd[18542]:   cups_async_callback: failed to 
read a new printer list
Nov 14 16:37:26 hostname smbd[18542]: [2010/11/14 16:37:26.649941,  2] 
printing/print_cups.c:550(cups_async_callback)
Nov 14 16:37:26 hostname smbd[18542]:   cups_async_callback: failed to 
read a new printer list
Nov 14 16:37:26 hostname smbd[18542]: [2010/11/14 16:37:26.701745,  2] 
lib/interface.c:340(add_interface)
Nov 14 16:37:26 hostname smbd[18542]:   added interface lo ip=127.0.0.1 
bcast=127.255.255.255 netmask=255.0.0.0
Nov 14 16:37:26 hostname smbd[18542]: [2010/11/14 16:37:26.768676,  2] 
lib/interface.c:340(add_interface)
Nov 14 16:37:26 hostname smbd[18542]:   added interface eth0 ip=10.0.0.4 
bcast=10.0.0.255 netmask=255.255.255.0
Nov 14 16:37:26 hostname smbd[18542]: [2010/11/14 16:37:26.838027,  2] 
lib/access.c:406(check_access)
Nov 14 16:37:26 hostname smbd[18542]:   Allowed connection from 
10.0.0.203 (10.0.0.203)
Nov 14 16:37:26 hostname smbd[18542]: [2010/11/14 16:37:26.912057,  2] 
smbd/reply.c:554(reply_special)
Nov 14 16:37:26 hostname smbd[18542]:   netbios connect: 
name1=ZERVER         0x20 name2=7TEST1         0x0
Nov 14 16:37:26 hostname smbd[18542]: [2010/11/14 16:37:26.978893,  2] 
smbd/reply.c:565(reply_special)
Nov 14 16:37:27 hostname smbd[18542]:   netbios connect: local=zerver 
remote=7test1, name type = 0
Nov 14 16:37:34 hostname smbd[18542]: [2010/11/14 16:37:34.575662,  2] 
smbd/sesssetup.c:1391(setup_new_vc_session)
Nov 14 16:37:34 hostname smbd[18542]:   setup_new_vc_session: New VC == 
0, if NT4.x compatible we would close all old resources.
Nov 14 16:37:34 hostname smbd[18542]: [2010/11/14 16:37:34.589383,  2] 
smbd/sesssetup.c:1391(setup_new_vc_session)
Nov 14 16:37:34 hostname smbd[18542]:   setup_new_vc_session: New VC == 
0, if NT4.x compatible we would close all old resources.
Nov 14 16:37:34 hostname smbd[18542]: [2010/11/14 16:37:34.590067,  2] 
lib/smbldap.c:950(smbldap_open_connection)
Nov 14 16:37:34 hostname smbd[18542]:   smbldap_open_connection: 
connection opened
Nov 14 16:37:34 hostname smbd[18542]: [2010/11/14 16:37:34.593216,  2] 
passdb/pdb_ldap.c:572(init_sam_from_ldap)
Nov 14 16:37:34 hostname smbd[18542]:   init_sam_from_ldap: Entry found 
for user: root
Nov 14 16:37:34 hostname smbd[18542]: [2010/11/14 16:37:34.597839,  2] 
passdb/pdb_ldap.c:2446(init_group_from_ldap)
Nov 14 16:37:34 hostname smbd[18542]:   init_group_from_ldap: Entry 
found for group: 10002
Nov 14 16:37:34 hostname smbd[18542]: [2010/11/14 16:37:34.604253,  2] 
auth/auth.c:304(check_ntlm_password)
Nov 14 16:37:34 hostname smbd[18542]:   check_ntlm_password:  
authentication for user [admin] -> [root] -> [root] succeeded
Nov 14 16:37:34 hostname smbd[18542]: [2010/11/14 16:37:34.605279,  2] 
passdb/pdb_ldap.c:572(init_sam_from_ldap)
Nov 14 16:37:34 hostname smbd[18542]:   init_sam_from_ldap: Entry found 
for user: root
Nov 14 16:37:34 hostname smbd[18542]: [2010/11/14 16:37:34.649251,  2] 
lib/access.c:406(check_access)
Nov 14 16:37:34 hostname smbd[18542]:   Allowed connection from 
10.0.0.203 (10.0.0.203)
Nov 14 16:37:38 hostname smbd[18542]: [2010/11/14 16:37:38.054891,  2] 
rpc_server/srv_samr_nt.c:4124(_samr_LookupDomain)
Nov 14 16:37:38 hostname smbd[18542]:   Returning domain sid for domain 
OFFICE -> S-1-5-21-341473964-3919201715-2767564749
Nov 14 16:37:38 hostname smbd[18542]: [2010/11/14 16:37:38.406066,  2] 
lib/smbldap_util.c:277(smbldap_search_domain_info)
Nov 14 16:37:38 hostname smbd[18542]:   smbldap_search_domain_info: 
Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=OFFICE))]
Nov 14 16:37:38 hostname smbd[18542]: [2010/11/14 16:37:38.453986,  2] 
passdb/pdb_ldap.c:1200(init_ldap_from_sam)
Nov 14 16:37:38 hostname smbd[18542]:   init_ldap_from_sam: Setting 
entry for user: 7TEST1$
Nov 14 16:37:38 hostname smbd[18542]: [2010/11/14 16:37:38.574143,  2] 
passdb/pdb_ldap.c:2384(ldapsam_add_sam_account)
Nov 14 16:37:38 hostname smbd[18542]:   ldapsam_add_sam_account: added: 
uid == 7TEST1$ in the LDAP database
Nov 14 16:37:38 hostname smbd[18542]: [2010/11/14 16:37:38.602310,  2] 
passdb/pdb_ldap.c:572(init_sam_from_ldap)
Nov 14 16:37:38 hostname smbd[18542]:   init_sam_from_ldap: Entry found 
for user: 7TEST1$
Nov 14 16:37:38 hostname smbd[18542]: [2010/11/14 16:37:38.608293,  2] 
passdb/pdb_ldap.c:572(init_sam_from_ldap)
Nov 14 16:37:38 hostname smbd[18542]:   init_sam_from_ldap: Entry found 
for user: 7TEST1$
Nov 14 16:37:38 hostname smbd[18542]: [2010/11/14 16:37:38.634266,  2] 
passdb/pdb_ldap.c:572(init_sam_from_ldap)
Nov 14 16:37:38 hostname smbd[18542]:   init_sam_from_ldap: Entry found 
for user: 7TEST1$
Nov 14 16:37:38 hostname smbd[18542]: [2010/11/14 16:37:38.635898,  2] 
passdb/pdb_ldap.c:1200(init_ldap_from_sam)
Nov 14 16:37:38 hostname smbd[18542]:   init_ldap_from_sam: Setting 
entry for user: 7TEST1$
Nov 14 16:37:38 hostname smbd[18542]: [2010/11/14 16:37:38.678490,  2] 
passdb/pdb_ldap.c:572(init_sam_from_ldap)
Nov 14 16:37:38 hostname smbd[18542]:   init_sam_from_ldap: Entry found 
for user: 7TEST1$
Nov 14 16:37:38 hostname smbd[18542]: [2010/11/14 16:37:38.744535,  2] 
passdb/pdb_ldap.c:572(init_sam_from_ldap)
Nov 14 16:37:38 hostname smbd[18542]:   init_sam_from_ldap: Entry found 
for user: 7TEST1$
Nov 14 16:37:45 hostname smbd[18286]: [2010/11/14 16:37:45.253240,  1] 
smbd/server.c:240(cleanup_timeout_fn)
Nov 14 16:37:45 hostname smbd[18286]:   Cleaning up brl and lock 
database after unclean shutdown

This is where the error occurs:
The following error occurred attempting to join the domain "office":
A device attached to the system is not functioning.

But, I've verified the workstation account is resident in the ldap 
database at this point:

# ldapsearch -x -H ldap://${FQDNAME} -b "${LDAPBASEDN}" 
"(&(uid=7TEST1$)(objectClass=sambaSamAccount))" -D cn=config -w 
${LDAPPASSWD}
# extended LDIF
#
# LDAPv3
# base <dc=domain,dc=tld> with scope subtree
# filter: (&(uid=7TEST1$)(objectClass=sambaSamAccount))
# requesting: ALL
#

# 7TEST1$, machines, domain.tld
dn: uid=7TEST1$,ou=machines,dc=domain,dc=tld
uid: 7TEST1$
sambaSID: S-1-5-21-341473964-3919201715-2767564749-1008
displayName: Workstation (7test1$)
objectClass: sambaSamAccount
objectClass: account
sambaAcctFlags: [W          ]
sambaNTPassword: 3E27124ADFFC14F8F96B48C49808C43A
sambaPwdLastSet: 1289775897

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

It is also resident in /etc/passwd. I'm not sure how to make samba stop 
adding it here yet :)

$ grep -i 7test1 /etc/passwd
7test1$:x:10016:100:Workstation (7test1$):/nohome:/sbin/nologin

Does anyone know how to make samba only write workstation accounts to 
ldap and not /etc/passwd?
---

If I were now to (on the Win7 client) click OK to the error and 
re-attempt to add the machine to the domain it would be joined without 
failure.

Nov 14 17:04:56 hostname smbd[18542]: [2010/11/14 17:04:56.250056,  2] 
lib/smbldap.c:950(smbldap_open_connection)
Nov 14 17:04:56 hostname smbd[18542]:   smbldap_open_connection: 
connection opened
Nov 14 17:04:56 hostname smbd[18542]: [2010/11/14 17:04:56.535673,  2] 
rpc_server/srv_samr_nt.c:4124(_samr_LookupDomain)
Nov 14 17:04:56 hostname smbd[18542]:   Returning domain sid for domain 
OFFICE -> S-1-5-21-341473964-3919201715-2767564749
Nov 14 17:04:56 hostname smbd[18542]: [2010/11/14 17:04:56.540337,  2] 
passdb/pdb_ldap.c:572(init_sam_from_ldap)
Nov 14 17:04:56 hostname smbd[18542]:   init_sam_from_ldap: Entry found 
for user: 7TEST1$
Nov 14 17:04:56 hostname smbd[18542]: [2010/11/14 17:04:56.554429,  2] 
passdb/pdb_ldap.c:572(init_sam_from_ldap)
Nov 14 17:04:56 hostname smbd[18542]:   init_sam_from_ldap: Entry found 
for user: 7TEST1$
Nov 14 17:04:56 hostname smbd[18542]: [2010/11/14 17:04:56.569368,  2] 
passdb/pdb_ldap.c:1200(init_ldap_from_sam)
Nov 14 17:04:56 hostname smbd[18542]:   init_ldap_from_sam: Setting 
entry for user: 7TEST1$
Nov 14 17:04:56 hostname smbd[18542]: [2010/11/14 17:04:56.599912,  2] 
passdb/pdb_ldap.c:2061(ldapsam_update_sam_account)
Nov 14 17:04:56 hostname smbd[18542]:   ldapsam_update_sam_account: 
successfully modified uid = 7TEST1$ in the LDAP database
Nov 14 17:04:56 hostname smbd[18542]: [2010/11/14 17:04:56.602703,  2] 
passdb/pdb_ldap.c:572(init_sam_from_ldap)
Nov 14 17:04:56 hostname smbd[18542]:   init_sam_from_ldap: Entry found 
for user: 7TEST1$
Nov 14 17:04:56 hostname smbd[18542]: [2010/11/14 17:04:56.604196,  2] 
passdb/pdb_ldap.c:1200(init_ldap_from_sam)
Nov 14 17:04:56 hostname smbd[18542]:   init_ldap_from_sam: Setting 
entry for user: 7TEST1$
Nov 14 17:04:56 hostname smbd[18542]: [2010/11/14 17:04:56.941592,  2] 
passdb/pdb_ldap.c:2061(ldapsam_update_sam_account)
Nov 14 17:04:56 hostname smbd[18542]:   ldapsam_update_sam_account: 
successfully modified uid = 7TEST1$ in the LDAP database
Nov 14 17:04:57 hostname smbd[18542]: [2010/11/14 17:04:57.031499,  2] 
passdb/pdb_ldap.c:572(init_sam_from_ldap)
Nov 14 17:04:57 hostname smbd[18542]:   init_sam_from_ldap: Entry found 
for user: 7TEST1$
Nov 14 17:04:57 hostname smbd[18542]: [2010/11/14 17:04:57.072269,  2] 
passdb/pdb_ldap.c:1200(init_ldap_from_sam)
Nov 14 17:04:57 hostname smbd[18542]:   init_ldap_from_sam: Setting 
entry for user: 7TEST1$
Nov 14 17:04:57 hostname smbd[18542]: [2010/11/14 17:04:57.199951,  2] 
passdb/pdb_ldap.c:2061(ldapsam_update_sam_account)
Nov 14 17:04:57 hostname smbd[18542]:   ldapsam_update_sam_account: 
successfully modified uid = 7TEST1$ in the LDAP database
Nov 14 17:04:57 hostname smbd[18542]: [2010/11/14 17:04:57.268142,  2] 
passdb/pdb_ldap.c:572(init_sam_from_ldap)
Nov 14 17:04:57 hostname smbd[18542]:   init_sam_from_ldap: Entry found 
for user: 7TEST1$
Nov 14 17:04:57 hostname smbd[18542]: [2010/11/14 17:04:57.313315,  2] 
passdb/pdb_ldap.c:572(init_sam_from_ldap)
Nov 14 17:04:57 hostname smbd[18542]:   init_sam_from_ldap: Entry found 
for user: 7TEST1$
Nov 14 17:04:57 hostname smbd[18542]: [2010/11/14 17:04:57.359135,  2] 
passdb/pdb_ldap.c:1200(init_ldap_from_sam)
Nov 14 17:04:57 hostname smbd[18542]:   init_ldap_from_sam: Setting 
entry for user: 7TEST1$
Nov 14 17:04:57 hostname smbd[18542]: [2010/11/14 17:04:57.491592,  2] 
passdb/pdb_ldap.c:2061(ldapsam_update_sam_account)
Nov 14 17:04:57 hostname smbd[18542]:   ldapsam_update_sam_account: 
successfully modified uid = 7TEST1$ in the LDAP database
Nov 14 17:05:00 hostname smbd[18542]: [2010/11/14 17:05:00.966683,  2] 
lib/access.c:406(check_access)
Nov 14 17:05:00 hostname smbd[18542]:   Allowed connection from 
10.0.0.203 (10.0.0.203)
Nov 14 17:05:00 hostname smbd[18542]: [2010/11/14 17:05:00.979326,  2] 
passdb/pdb_ldap.c:572(init_sam_from_ldap)
Nov 14 17:05:00 hostname smbd[18542]:   init_sam_from_ldap: Entry found 
for user: 7TEST1$
Nov 14 17:05:00 hostname smbd[18542]: [2010/11/14 17:05:00.982879,  2] 
../libcli/auth/credentials.c:307(netlogon_creds_server_check_internal)
Nov 14 17:05:00 hostname smbd[18542]:   credentials check failed
Nov 14 17:05:00 hostname smbd[18542]: [2010/11/14 17:05:00.982981,  0] 
rpc_server/srv_netlog_nt.c:714(_netr_ServerAuthenticate3)
Nov 14 17:05:00 hostname smbd[18542]:   _netr_ServerAuthenticate3: 
netlogon_creds_server_check failed. Rejecting auth request from client 
7TEST1 machine account 7TEST1$
Nov 14 17:05:00 hostname smbd[18542]: [2010/11/14 17:05:00.988057,  2] 
passdb/pdb_ldap.c:572(init_sam_from_ldap)
Nov 14 17:05:00 hostname smbd[18542]:   init_sam_from_ldap: Entry found 
for user: 7TEST1$
Nov 14 17:05:08 hostname smbd[18542]: [2010/11/14 17:05:08.502178,  2] 
auth/auth.c:314(check_ntlm_password)
Nov 14 17:05:08 hostname smbd[18542]:   check_ntlm_password:  
Authentication for user [7TEST1] -> [7TEST1] FAILED with error 
NT_STATUS_NO_SUCH_USER

After this I get a message, on the Win7 client, that says: Welcome to 
the domain: OFFICE.

The message: "Authentication for user [7TEST1] -> [7TEST1] FAILED with 
error NT_STATUS_NO_SUCH_USER" is just confusing.
---

I'm not really sure what I'm doing wrong here. I can say that the 
attached smb.conf file is from a samba 3.0x install with a few additions 
to make it work quickly within my test environment (ldap ssl = off, 
etc). Its performed without fail for quite a long time.

If someone could shed some light on:
   q1: why does this error occur? and
   q2: how do I configure samba ignore it? or, maybe better
   q3: is there a better, more 'correct', solution for this problem?

that would be helpful. The lack of a sound card driver doesn't seem like 
a legitimate hold-up for adding a machine to the domain.

-- 
Thanks for the assist,

Todd E Thomas
"It's a frail music knits the world together."
-Robert Dana





More information about the samba mailing list