[Samba] SAMBA 3.6.6 PDC domain not available / no challenge sent to client

Ralf Gorholt ralf.gorholt at gmx.de
Mon Apr 29 12:37:32 MDT 2013

Dear all,

I am new to this list so please excuse me if my posting should not 
correspond 100% to the rules. Furthermore, even if I use SAMBA since 
many years, I have only a very basic knowledge of this software.

I am experiencing a problem with my SAMBA primary domain controller that 
I have migrated from an openSUSE server to LinuxMint Debian Edition 
201303 a week ago. I am able to join a new PC to the domain (up to now, 
I have only tried one with Windows XP) but when I want to log on, I get 
a message like: The system could not log you on because the domain XXX 
is not available (it is a german message and says "domain" and not 
"domain controller"). Google has found a lot of postings concerning this 
problem but they concern mainly LDAP backends and none of the proposed 
solutions worked for me. Most liekly I have done something absolutely 

What I have done so far:

I have set up the SAMBA server, version is 3.6.6 with tdb backend. I 
have copied the smb.conf, passdb.tdb and secrets.tdb from the old 
installation. Perhaps this was wrong, but in the past this has worked. I 
wanted to avoid changes of the SIDs of the domain and the users/groups 
so that I did not need to reinstall my PCs...

For the PCs that are already in the domain everything seems ok, even if 
there are error messages in the log files for the PCs running Windows 7, 
but that was already the case on the old server (e.g. [2013/04/27 
14:16:04.751908,  0] 
   _netr_ServerAuthenticate3: netlogon_creds_server_check failed. 
Rejecting auth request from client XXXXX machine account XXXXX$)

The new PC can join the domain and it seems to be in the domain because 
I can see it with pdbedit:

# pdbedit -L -v -u vm1$
Unix username:        VM1$
NT username:
Account Flags:        [W          ]
User SID:             S-1-5-21-3864121432-1942842389-509402871-1023
Primary Group SID:    S-1-5-21-3864121432-1942842389-509402871-513
Full Name:            VM1$
Home Directory:       \\matrix\homes
HomeDir Drive:        H:
Logon Script:         startup.bat vm1_  matrix
Profile Path:
Domain:               MYDOMAIN
Account desc:
Munged dial:
Logon time:           0
Logoff time:          Mi, 06 Feb 2036 16:06:39 CET
Kickoff time:         Mi, 06 Feb 2036 16:06:39 CET
Password last set:    Mo, 29 Apr 2013 20:02:42 CEST
Password can change:  Mo, 29 Apr 2013 20:02:42 CEST
Password must change: never
Last bad password   : 0
Bad password count  : 0

It also has a corresponding UNIX account:
#grep -i vm1 /etc/passwd

When I try to log on to the domain or to access a public share on the 
server which is not possible either, I get the following message in the 
log file of the PC:

[2013/04/29 20:02:42.089737,  0] 
   _netr_ServerAuthenticate: no challenge sent to client VM1

I do not use winbind. Every user has a corresponding UNIX account.

My smb.conf looks like this:

# Samba config file created using SWAT
# from UNKNOWN (
# Date: 2013/04/24 21:37:53

         workgroup = MYDOMAIN
         server string = Samba-Server
         map to guest = Bad User
         username map = /etc/samba/smbusers
         log file = /var/log/samba/%m
         name resolve order = lmhosts host bcast
         time server = Yes
         server signing = auto
         printcap name = cups
         show add printer wizard = No
         add user script = /usr/sbin/useradd -m '%u'
         delete user script = /usr/sbin/userdel -r '%u'
         add group script = /usr/sbin/groupadd '%g'
         delete group script = /usr/sbin/groupdel '%g'
         add user to group script = /usr/sbin/groupmod -A '%u' '%g'
         delete user from group script = /usr/sbin/groupmod -R '%u' '%g'
         add machine script = /usr/sbin/useradd -s /bin/false -d 
/nonexistent '%m'$
         logon script = startup.bat %U %m %N
         logon path =
         logon drive = H:
         logon home = \\%N\homes
         domain logons = Yes
         os level = 65
         preferred master = Yes
         ldap ssl = no
         idmap config * : range =
         idmap config * : backend = tdb
         cups options = raw
         hide special files = Yes

         comment = Home Directories
         path = /home/samba/shares/homes/%U
         valid users = %S, %D%w%S
         read only = No
         create mask = 0700
         directory mask = 0700
         inherit acls = Yes
         browseable = No

         comment = Network Profiles Service
         path = /var/lib/samba/profiles
         read only = No
         create mask = 0600
         directory mask = 0700
         store dos attributes = Yes

         comment = All users
         path = /home
         read only = No
         inherit acls = Yes
         veto files = /aquota.user/groups/shares/

         comment = All groups
         path = /home/groups
         read only = No
         inherit acls = Yes

         comment = All Printers
         path = /var/tmp
         create mask = 0600
         printable = Yes
         print ok = Yes
         use client driver = Yes
         browseable = No

         comment = Printer Drivers
         path = /var/lib/samba/drivers
         write list = @ntadmin, root
         force group = ntadmin
         create mask = 0664
         directory mask = 0775

         path = /var/lib/samba/netlogon
         browseable = No

         path = /var/log/samba/userlogs
         read only = No
         create mask = 0200
         browseable = No

         path = /home/samba/shares/public
         read only = No
         guest ok = Yes

         comment = HP LaserJet P2015dn
         path = /var/tmp
         printable = Yes
         print ok = Yes
         printer name = lp
         use client driver = Yes

         comment = HP Officejet Pro 8000 Wireless
         path = /var/tmp
         printable = Yes
         print ok = Yes
         printer name = lpcolor
         use client driver = Yes

Perhaps somebody here can give me a hint where to look? I did not want 
to include a logfile with debug level 10 enabled in my first posting ;-)

Any help is greatly appreciated but please don't forget that as far as 
SAMBA is concerned, I am a beginner...

Kind regards,


More information about the samba mailing list