[Samba] problems with login and browsing on 3.5.4 LDAP PDC

Eric A. Hall ehall at ntrg.com
Tue Oct 19 00:02:26 MDT 2010 

I was running 3.0.25c (I think) LDAP PDC for a couple of years and just
tried swapping in a new 3.5.4 setup. I had some problems so I wiped all
the entries and *.tdb files, and started from scratch.

Problem in a nutshell: I can't browse the domain normally, nor can I logon
to the domain. However I can access the server shares fine if I point to
the server specifically. SOMETIMES this will then cause browsing to
succeed as well.

Normally I can see the domain in network neighborhood but if I click on I
get the "domain is not accessible error". From a command prompt "net view
/domain:DOMAIN" also typically produces an error 59. However if I "net
view \\SERVER" then that works fine, and THEN I am sometimes able to
successfully view the domain (about half the time sometimes more).

I am able to successfully join machines to the domain (they show up in
LDAP) but am unable to login to the domain from any of them. On XP/SP3
boxes the error is "the system cannot log you on now because the domain
DOMAIN is not available", while Windows 7 says "there are currently no
logon servers available to service the logon request"

I have looked at the smb/nmb/winbind logs at level 3 and near as I can
tell everything is operating correctly although something seems to be
crashing a lot--there are many entries about brl and lock database after
unclean shutdown.

I don't know SMB protocol very well but from watching some wireshark
traces and reading the corresponding logs it looks like the nodes are
negotiating IPC$ connection but not getting data. Client asks for copy 4,
server offers copy 1, client negotiates TCP/IP session then closes, and
everything starts over again. Perhaps once they authenticate (enough to
view \\SERVER shares) the negotiation is reused and this is what works?

Are there security permissions on IPC$ that need to be set?

Where should I be looking and what should I be looking for?

Thanks

-- 
Eric A. Hall                                  http://www.eric-a-hall.com/
Network Technology Research Group                    http://www.ntrg.com/
Internet Core Protocols          http://www.oreilly.com/catalog/coreprot/

More information about the samba mailing list