[Samba] problems with login and browsing on 3.5.4 LDAP PDC

Gaiseric Vandal gaiseric.vandal at gmail.com
Tue Oct 19 07:47:31 MDT 2010 

Is your samba server also a WINS server?  That may help browsing issues.

Do you have "smb ports" defined in smb.conf?

The default is
  smb ports = 445 139


I found if I set

  smb ports = 139

some clients would have trouble locating shares or authenticating to 
servers.

wiki.samba.org should have the registry settings required to let Windows 
7 machines join on a Samba domain.

Also, make sure that you do have correct group mappings for the key well 
know windows groups  (including Administrators, Domain Admins, Users)
     # net groupmap list


I would concentrate on the XP machines first since they don't need the 
registry changes.

Also, the windows diagnostic tools (netdiag, dcdiag, nbtstat ?)  may 
help you determine which domain controller and master browser the client 
is using.




On 10/19/2010 02:02 AM, Eric A. Hall wrote:
> I was running 3.0.25c (I think) LDAP PDC for a couple of years and just
> tried swapping in a new 3.5.4 setup. I had some problems so I wiped all
> the entries and *.tdb files, and started from scratch.
>
> Problem in a nutshell: I can't browse the domain normally, nor can I logon
> to the domain. However I can access the server shares fine if I point to
> the server specifically. SOMETIMES this will then cause browsing to
> succeed as well.
>
> Normally I can see the domain in network neighborhood but if I click on I
> get the "domain is not accessible error". From a command prompt "net view
> /domain:DOMAIN" also typically produces an error 59. However if I "net
> view \\SERVER" then that works fine, and THEN I am sometimes able to
> successfully view the domain (about half the time sometimes more).
>
> I am able to successfully join machines to the domain (they show up in
> LDAP) but am unable to login to the domain from any of them. On XP/SP3
> boxes the error is "the system cannot log you on now because the domain
> DOMAIN is not available", while Windows 7 says "there are currently no
> logon servers available to service the logon request"
>
> I have looked at the smb/nmb/winbind logs at level 3 and near as I can
> tell everything is operating correctly although something seems to be
> crashing a lot--there are many entries about brl and lock database after
> unclean shutdown.
>
> I don't know SMB protocol very well but from watching some wireshark
> traces and reading the corresponding logs it looks like the nodes are
> negotiating IPC$ connection but not getting data. Client asks for copy 4,
> server offers copy 1, client negotiates TCP/IP session then closes, and
> everything starts over again. Perhaps once they authenticate (enough to
> view \\SERVER shares) the negotiation is reused and this is what works?
>
> Are there security permissions on IPC$ that need to be set?
>
> Where should I be looking and what should I be looking for?
>
> Thanks
>
>

More information about the samba mailing list