[Samba] Samba PDC not in network environment (Windows 7/8)

Jörg Nissen joerg at nissen.de.hm
Thu Feb 21 01:36:22 MST 2013


I recently changed my clients (3 notebooks, 2 desktop pcs) from Windows XP Pro 
to Windows 7/8 Pro. I followed the guides that can be found on samba.org and all 
over the internet. Client migration worked after some minor trouble. There is 
only one thing left that I could no resolve the last few days. All clients see 
each other under "Network" but no client sees my samba server.

Though the samba PDC cannot be seen most of the network related stuff works as 
expected. Domain logons work, the per user netlogon script ist executed (network 
shares on the PDC get mapped, time is synced), shares can be opened with 
"\\PDC\share". Executing "nbtstat" on the clients works except for "-[s|S|R|RR]" 
which results in "no connection". Executing "smbtree -N | smbclient -N" works on 
the PDC.

To prevent common questions:
- client installation is not older than 30 days
- disabled pw change after 30 days in registry
- no firewall on clients
- PDC firewall allows traffic to and from ports 137-139,445
- samba version Version 3.6.12-162.1-2943-SUSE-SL12.1-x86_64

----------------------------------------------------------------------------

Output of "netstat -an | egrep '13[789]|445'"
tcp        0      0 0.0.0.0:139             0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:445             0.0.0.0:*               LISTEN
tcp        0      0 192.168.11.10:60002     192.168.11.230:445      VERBUNDEN
udp        0      0 192.168.11.255:137      0.0.0.0:*
udp        0      0 192.168.11.10:137       0.0.0.0:*
udp        0      0 0.0.0.0:137             0.0.0.0:*
udp        0      0 192.168.11.255:138      0.0.0.0:*
udp        0      0 192.168.11.10:138       0.0.0.0:*
udp        0      0 0.0.0.0:138             0.0.0.0:*

Remark: 192.168.11.230 is a nas storage which cannot be seen from clients 
either.

----------------------------------------------------------------------------

My "smb.conf":
[global]
        unix charset = UTF8
        display charset = UTF8
        workgroup = <MyWorkgroupName>
        server string = <MyServerString>
        netbios name = <MyServerName>
        netbios aliases = PDC
        interfaces = eth0, 127.0.0.0/8
        bind interfaces only = no
        map to guest = Bad User
        passdb backend = tdbsam
        username map = /etc/samba/smbusers
        username level = 1
        server signing = auto
        max protocol = SMB2
        client NTLMv2 auth = Yes
        log level = 2 smb:1 auth:1 sam:1 acls:1 passdb:1 tdb:1 winbind:1 idmap:1
        syslog = 0
        log file = /var/log/samba/log.%m
        max xmit = 65535
        name resolve order = wins bcast lmhosts hosts
        time server = Yes
        deadtime = 10
        paranoid server security = No
        socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY SO_BROADCAST SO
_SNDBUF=16384 SO_RCVBUF=16384
        hostname lookups = Yes
        add user script = /usr/sbin/useradd -d /home/%u -g users -k /etc/samba/s
kel -m -s /bin/false %u
        delete user script = /usr/sbin/userdel %u
        add user to group script = /usr/sbin/usermod -G %g %u
        set primary group script = /usr/sbin/usermod -g %g %u
        delete user from group script = /usr/sbin/groupmod -R %u %g
        add machine script = /usr/sbin/useradd  -c Machine -d /var/lib/nobody -s
 /bin/false -g machines %u
        logon script = %U.bat
        logon path = \\%N\profiles\%U\%a
        domain logons = Yes
        os level = 88
        preferred master = Yes
        domain master = Yes
        local master = yes
        time server = yes
        wins support = Yes
        client use spnego = no
        ldap ssl = no
        winbind enum users = Yes
        winbind enum groups = Yes
        winbind expand groups = 3
        winbind use default domain = no
        winbind rpc only = Yes
        winbind offline logon = no
        idmap config * : backend = tdb
        idmap config * : range = 15000 - 25000
        encrypt passwords = yes
        pam password change = yes
        passwd program = /usr/bin/passwd %u
        passwd chat = Neues*Passwort* %n\nGeben Sie das neue Passwort erneut ein
* %n\nPass*dert.\n
        veto files = /*.eml/*.nws/riched20.dll/*.{*}/
        dos filetime resolution = Yes
        printing = cups
        printcap = cups

[netlogon]
        comment = Network Logon Service
        path = /var/lib/samba/netlogon
        write list = @samba-domain-admins @Administrators
        read list = @samba-domain-users @machines @Familie
        force group = samba-domain-users
        browseable = No

[profiles]
        path = /var/lib/samba/profiles
        profile acls = yes
        csc policy = disable
        read only = No
        browsable = no
         store dos attributes = yes
        guest ok = no
        printable = no
        hide files = /desktop.ini/*Briefcase*/
        write list = %S %S%w%D root
        hosts allow = 192.168.11., 127.0.0.1, 10.168.11.
        create mask = 0600
        directory mask = 0700

[IPC$]
        path = /tmp
        guest ok = Yes
        hosts allow = 127.0.0.1, 192.168.11., 10.168.11.

[some other browseable shares]

--------------------------------------------------------------------------

I spend days reading samba log output (log level 5) to find a hint what was 
wrong with computer browsing. Here is a small part of a logfile from workstation 
"JOGO" trying to browse the network.


  Doing spnego session setup
[2013/02/20 23:33:04.279626,  3] smbd/sesssetup.c:1107(reply_sesssetup_and_X_spn
ego)
  NativeOS=[] NativeLanMan=[] PrimaryDomain=[]
[2013/02/20 23:33:04.279684,  3] ../libcli/auth/ntlmssp_server.c:348(ntlmssp_ser
ver_preauth)
  Got user=[] domain=[] workstation=[JOGO] len1=1 len2=0
[2013/02/20 23:33:04.279761,  4] auth/user_util.c:361(map_username)
  Scanning username map /etc/samba/smbusers
[2013/02/20 23:33:04.279842,  5] auth/auth_util.c:110(make_user_info_map)
  Mapping user []\[] from workstation [JOGO]
[2013/02/20 23:33:04.279906,  5] auth/auth_util.c:131(make_user_info_map)
  Mapped domain from [] to [ZUHAUSE] for user [] from workstation [JOGO]
[2013/02/20 23:33:04.279950,  5] auth/user_info.c:59(make_user_info)
  attempting to make a user_info for  ()
[2013/02/20 23:33:04.279993,  5] auth/user_info.c:70(make_user_info)
  making strings for 's user_info struct
[2013/02/20 23:33:04.280038,  5] auth/user_info.c:87(make_user_info)
  making blobs for 's user_info struct
[2013/02/20 23:33:04.280081,  3] auth/auth.c:219(check_ntlm_password)
  check_ntlm_password:  Checking password for unmapped user []\[]@[JOGO] with th
e new password interface
[2013/02/20 23:33:04.280126,  3] auth/auth.c:222(check_ntlm_password)
  check_ntlm_password:  mapped user is: [ZUHAUSE]\[]@[JOGO]
[2013/02/20 23:33:04.280168,  5] ../lib/util/util.c:415(dump_data)
  [0000] 67 B2 BD E6 C1 B2 0B BF                            g.......
[2013/02/20 23:33:04.280241,  3] auth/auth.c:268(check_ntlm_password)
  check_ntlm_password: guest authentication for user [] succeeded
[2013/02/20 23:33:04.280285,  5] auth/auth.c:309(check_ntlm_password)
  check_ntlm_password:  guest authentication for user [] -> [] -> [nobody] succe
eded
[2013/02/20 23:33:04.280393,  4] smbd/sec_ctx.c:214(push_sec_ctx)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2013/02/20 23:33:04.280439,  4] smbd/uid.c:460(push_conn_ctx)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2013/02/20 23:33:04.280481,  4] smbd/sec_ctx.c:314(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2013/02/20 23:33:04.280524,  5] ../libcli/security/security_token.c:53(security
_token_debug)
  Security token: (NULL)
[2013/02/20 23:33:04.280566,  5] auth/token_util.c:527(debug_unix_user_token)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2013/02/20 23:33:04.280715,  4] smbd/sec_ctx.c:422(pop_sec_ctx)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2013/02/20 23:33:04.280777,  4] lib/privileges.c:97(get_privileges)
  get_privileges: No privileges assigned to SID [S-1-5-21-3406496673-2355577635-
1274693878-501]
[2013/02/20 23:33:04.280831,  4] lib/privileges.c:97(get_privileges)
  get_privileges: No privileges assigned to SID [S-1-5-21-3406496673-2355577635-
1274693878-514]
[2013/02/20 23:33:04.280886,  5] lib/privileges.c:175(get_privileges_for_sids)
  get_privileges_for_sids: sid = S-1-1-0
  Privilege set: 0x0
[2013/02/20 23:33:04.280953,  4] lib/privileges.c:97(get_privileges)
  get_privileges: No privileges assigned to SID [S-1-5-2]
[2013/02/20 23:33:04.281003,  4] lib/privileges.c:97(get_privileges)
  get_privileges: No privileges assigned to SID [S-1-5-32-546]
[2013/02/20 23:33:04.282192,  4] smbd/sec_ctx.c:214(push_sec_ctx)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2013/02/20 23:33:04.282244,  4] smbd/uid.c:460(push_conn_ctx)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2013/02/20 23:33:04.282287,  4] smbd/sec_ctx.c:314(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2013/02/20 23:33:04.282330,  5] ../libcli/security/security_token.c:53(security
_token_debug)
  Security token: (NULL)
[2013/02/20 23:33:04.282373,  5] auth/token_util.c:527(debug_unix_user_token)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2013/02/20 23:33:04.282459,  4] smbd/sec_ctx.c:422(pop_sec_ctx)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2013/02/20 23:33:04.282508,  4] smbd/sec_ctx.c:214(push_sec_ctx)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2013/02/20 23:33:04.282552,  4] smbd/uid.c:460(push_conn_ctx)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2013/02/20 23:33:04.282594,  4] smbd/sec_ctx.c:314(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2013/02/20 23:33:04.282637,  5] ../libcli/security/security_token.c:53(security
_token_debug)
  Security token: (NULL)
[2013/02/20 23:33:04.282679,  5] auth/token_util.c:527(debug_unix_user_token)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2013/02/20 23:33:04.282757,  4] smbd/sec_ctx.c:422(pop_sec_ctx)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2013/02/20 23:33:04.282847,  3] ../libcli/auth/ntlmssp_sign.c:535(ntlmssp_sign_
init)
  NTLMSSP Sign/Seal - Initialising with flags:
[2013/02/20 23:33:04.282895,  3] ../libcli/auth/ntlmssp.c:34(debug_ntlmssp_flags
)
  Got NTLMSSP neg_flags=0xe2088215
    NTLMSSP_NEGOTIATE_UNICODE
    NTLMSSP_REQUEST_TARGET
    NTLMSSP_NEGOTIATE_SIGN
    NTLMSSP_NEGOTIATE_NTLM
    NTLMSSP_NEGOTIATE_ALWAYS_SIGN
    NTLMSSP_NEGOTIATE_NTLM2
    NTLMSSP_NEGOTIATE_VERSION
    NTLMSSP_NEGOTIATE_128
    NTLMSSP_NEGOTIATE_KEY_EXCH
    NTLMSSP_NEGOTIATE_56
[2013/02/20 23:33:04.283131,  3] smbd/password.c:298(register_existing_vuid)
  register_existing_vuid: User name: nobody     Real name:
[2013/02/20 23:33:04.283178,  3] smbd/password.c:308(register_existing_vuid)
  register_existing_vuid: UNIX uid 65534 is UNIX user nobody, and will be vuid 1
00
[2013/02/20 23:33:04.283255,  5] lib/util.c:332(show_msg)
[2013/02/20 23:33:04.283281,  5] lib/util.c:342(show_msg)
  size=164
  smb_com=0x73
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=136
  smb_flg2=51203
  smb_tid=65535
  smb_pid=65279
  smb_uid=100
  smb_mid=320
  smt_wct=4
  smb_vwv[ 0]=  255 (0xFF)
  smb_vwv[ 1]=    0 (0x0)
  smb_vwv[ 2]=    1 (0x1)
  smb_vwv[ 3]=    9 (0x9)
  smb_bcc=121
[2013/02/20 23:33:04.284485,  3] smbd/process.c:1662(process_smb)
  Transaction 3 of length 88 (0 toread)
[2013/02/20 23:33:04.284537,  5] lib/util.c:332(show_msg)
[2013/02/20 23:33:04.284562,  5] lib/util.c:342(show_msg)
  size=84
  smb_com=0x75
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=24
  smb_flg2=51207
  smb_tid=0
  smb_pid=65279
  smb_uid=100
  smb_mid=384
  smt_wct=4
  smb_vwv[ 0]=  255 (0xFF)
  smb_vwv[ 1]=   84 (0x54)
  smb_vwv[ 2]=   12 (0xC)
  smb_vwv[ 3]=    1 (0x1)
  smb_bcc=41
[2013/02/20 23:33:04.284865,  3] smbd/process.c:1467(switch_message)
  switch message SMBtconX (pid 24701) conn 0x0
[2013/02/20 23:33:04.284909,  4] smbd/sec_ctx.c:314(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2013/02/20 23:33:04.284952,  5] ../libcli/security/security_token.c:53(security
_token_debug)
  Security token: (NULL)
[2013/02/20 23:33:04.284994,  5] auth/token_util.c:527(debug_unix_user_token)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2013/02/20 23:33:04.285060,  5] smbd/uid.c:400(change_to_root_user)
  change_to_root_user: now uid=(0,0) gid=(0,0)
[2013/02/20 23:33:04.285114,  4] smbd/reply.c:794(reply_tcon_and_X)
  Client requested device type [?????] for share [IPC$]
[2013/02/20 23:33:04.285174,  5] smbd/service.c:1354(make_connection)
  making a connection to 'normal' service ipc$
[2013/02/20 23:33:04.285293,  3] lib/access.c:338(allow_access)
  Allowed connection from JOGO.familie-nissen.eu (192.168.11.1)
[2013/02/20 23:33:04.285351,  5] lib/username.c:171(Get_Pwnam_alloc)
  Finding user nobody
[2013/02/20 23:33:04.285395,  5] lib/username.c:116(Get_Pwnam_internals)
  Trying _Get_Pwnam(), username as lowercase is nobody
[2013/02/20 23:33:04.285440,  5] lib/username.c:149(Get_Pwnam_internals)
  Get_Pwnam_internals did find user [nobody]!
[2013/02/20 23:33:04.285491,  3] smbd/service.c:872(make_connection_snum)
  Connect path is '/var/tmp' for service [IPC$]
[2013/02/20 23:33:04.285567,  3] smbd/vfs.c:102(vfs_init_default)
  Initialising default vfs hooks
[2013/02/20 23:33:04.285616,  5] smbd/vfs.c:92(smb_register_vfs)
  Successfully added vfs backend '/[Default VFS]/'
[2013/02/20 23:33:04.285662,  5] smbd/vfs.c:92(smb_register_vfs)
  Successfully added vfs backend 'posixacl'
[2013/02/20 23:33:04.285705,  3] smbd/vfs.c:128(vfs_init_custom)
  Initialising custom vfs hooks from [/[Default VFS]/]
  Successfully loaded vfs module [/[Default VFS]/] with the new modules system
[2013/02/20 23:33:04.285775,  5] smbd/connection.c:134(claim_connection)
  claiming [IPC$]
[2013/02/20 23:33:04.285920,  4] smbd/sec_ctx.c:314(set_sec_ctx)
  setting sec ctx (65534, 513) - sec_ctx_stack_ndx = 0
[2013/02/20 23:33:04.285971,  5] ../libcli/security/security_token.c:63(security
_token_debug)
  Security token SIDs (8):
    SID[  0]: S-1-5-21-3406496673-2355577635-1274693878-501
    SID[  1]: S-1-5-21-3406496673-2355577635-1274693878-514
    SID[  2]: S-1-1-0
    SID[  3]: S-1-5-2
    SID[  4]: S-1-5-32-546
    SID[  5]: S-1-22-1-65534
    SID[  6]: S-1-22-2-514
    SID[  7]: S-1-22-2-10014
   Privileges (0x               0):
   Rights (0x               0):
[2013/02/20 23:33:04.286231,  5] auth/token_util.c:527(debug_unix_user_token)
  UNIX token of user 65534
  Primary group is 513 and contains 2 supplementary groups
  Group[  0]: 514
  Group[  1]: 10014
[2013/02/20 23:33:04.286335,  5] smbd/uid.c:317(change_to_user_internal)
  Impersonated user: uid=(0,65534), gid=(0,513)
[2013/02/20 23:33:04.286383,  4] smbd/sec_ctx.c:314(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2013/02/20 23:33:04.286427,  5] ../libcli/security/security_token.c:53(security
_token_debug)
  Security token: (NULL)
[2013/02/20 23:33:04.286469,  5] auth/token_util.c:527(debug_unix_user_token)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2013/02/20 23:33:04.286538,  5] smbd/uid.c:400(change_to_root_user)
  change_to_root_user: now uid=(0,0) gid=(0,0)
[2013/02/20 23:33:04.286596,  3] smbd/service.c:1114(make_connection_snum)
  jogo (192.168.11.1) connect to service IPC$ initially as user nobody (uid=6553
4, gid=513) (pid 24701)
[2013/02/20 23:33:04.286648,  3] smbd/reply.c:871(reply_tcon_and_X)
  tconX service=IPC$
[2013/02/20 23:33:04.287247,  5] lib/util_sock.c:319(read_fd_with_timeout)
  read_fd_with_timeout: blocking read. EOF from client.
[2013/02/20 23:33:04.287315,  5] smbd/process.c:457(receive_smb_talloc)
  receive_smb_raw_talloc failed for client 192.168.11.1 read error = NT_STATUS_E
ND_OF_FILE.
[2013/02/20 23:33:04.287363,  4] smbd/sec_ctx.c:314(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2013/02/20 23:33:04.287407,  5] ../libcli/security/security_token.c:53(security
_token_debug)
  Security token: (NULL)
[2013/02/20 23:33:04.287450,  5] auth/token_util.c:527(debug_unix_user_token)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2013/02/20 23:33:04.287517,  5] smbd/uid.c:400(change_to_root_user)
  change_to_root_user: now uid=(0,0) gid=(0,0)
[2013/02/20 23:33:04.287566,  4] smbd/vfs.c:780(vfs_ChDir)
  vfs_ChDir to /var/tmp
[2013/02/20 23:33:04.287621,  4] smbd/sec_ctx.c:314(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2013/02/20 23:33:04.287664,  5] ../libcli/security/security_token.c:53(security
_token_debug)
  Security token: (NULL)
[2013/02/20 23:33:04.287706,  5] auth/token_util.c:527(debug_unix_user_token)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2013/02/20 23:33:04.287772,  5] smbd/uid.c:400(change_to_root_user)
  change_to_root_user: now uid=(0,0) gid=(0,0)
[2013/02/20 23:33:04.287816,  3] smbd/service.c:1378(close_cnum)
  jogo (192.168.11.1) closed connection to service IPC$
[2013/02/20 23:33:04.287864,  3] smbd/connection.c:35(yield_connection)
  Yielding connection to IPC$
[2013/02/20 23:33:04.287925,  4] smbd/vfs.c:780(vfs_ChDir)
  vfs_ChDir to /
[2013/02/20 23:33:04.287972,  4] smbd/sec_ctx.c:314(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2013/02/20 23:33:04.288016,  5] ../libcli/security/security_token.c:53(security
_token_debug)
  Security token: (NULL)
[2013/02/20 23:33:04.288058,  5] auth/token_util.c:527(debug_unix_user_token)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2013/02/20 23:33:04.288124,  5] smbd/uid.c:400(change_to_root_user)
  change_to_root_user: now uid=(0,0) gid=(0,0)
[2013/02/20 23:33:04.288240,  3] smbd/server_exit.c:181(exit_server_common)
  Server exit (failed to receive smb request)

---------------------------------------------------------------------------


Any help on solving the computer browser problem would be appreciated.



More information about the samba mailing list