[Samba] Samba PDC not in network environment (Windows 7/8)
Jörg Nissen
joerg at nissen.de.hm
Thu Feb 21 01:36:22 MST 2013
I recently changed my clients (3 notebooks, 2 desktop pcs) from Windows XP Pro
to Windows 7/8 Pro. I followed the guides that can be found on samba.org and all
over the internet. Client migration worked after some minor trouble. There is
only one thing left that I could no resolve the last few days. All clients see
each other under "Network" but no client sees my samba server.
Though the samba PDC cannot be seen most of the network related stuff works as
expected. Domain logons work, the per user netlogon script ist executed (network
shares on the PDC get mapped, time is synced), shares can be opened with
"\\PDC\share". Executing "nbtstat" on the clients works except for "-[s|S|R|RR]"
which results in "no connection". Executing "smbtree -N | smbclient -N" works on
the PDC.
To prevent common questions:
- client installation is not older than 30 days
- disabled pw change after 30 days in registry
- no firewall on clients
- PDC firewall allows traffic to and from ports 137-139,445
- samba version Version 3.6.12-162.1-2943-SUSE-SL12.1-x86_64
----------------------------------------------------------------------------
Output of "netstat -an | egrep '13[789]|445'"
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN
tcp 0 0 192.168.11.10:60002 192.168.11.230:445 VERBUNDEN
udp 0 0 192.168.11.255:137 0.0.0.0:*
udp 0 0 192.168.11.10:137 0.0.0.0:*
udp 0 0 0.0.0.0:137 0.0.0.0:*
udp 0 0 192.168.11.255:138 0.0.0.0:*
udp 0 0 192.168.11.10:138 0.0.0.0:*
udp 0 0 0.0.0.0:138 0.0.0.0:*
Remark: 192.168.11.230 is a nas storage which cannot be seen from clients
either.
----------------------------------------------------------------------------
My "smb.conf":
[global]
unix charset = UTF8
display charset = UTF8
workgroup = <MyWorkgroupName>
server string = <MyServerString>
netbios name = <MyServerName>
netbios aliases = PDC
interfaces = eth0, 127.0.0.0/8
bind interfaces only = no
map to guest = Bad User
passdb backend = tdbsam
username map = /etc/samba/smbusers
username level = 1
server signing = auto
max protocol = SMB2
client NTLMv2 auth = Yes
log level = 2 smb:1 auth:1 sam:1 acls:1 passdb:1 tdb:1 winbind:1 idmap:1
syslog = 0
log file = /var/log/samba/log.%m
max xmit = 65535
name resolve order = wins bcast lmhosts hosts
time server = Yes
deadtime = 10
paranoid server security = No
socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY SO_BROADCAST SO
_SNDBUF=16384 SO_RCVBUF=16384
hostname lookups = Yes
add user script = /usr/sbin/useradd -d /home/%u -g users -k /etc/samba/s
kel -m -s /bin/false %u
delete user script = /usr/sbin/userdel %u
add user to group script = /usr/sbin/usermod -G %g %u
set primary group script = /usr/sbin/usermod -g %g %u
delete user from group script = /usr/sbin/groupmod -R %u %g
add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody -s
/bin/false -g machines %u
logon script = %U.bat
logon path = \\%N\profiles\%U\%a
domain logons = Yes
os level = 88
preferred master = Yes
domain master = Yes
local master = yes
time server = yes
wins support = Yes
client use spnego = no
ldap ssl = no
winbind enum users = Yes
winbind enum groups = Yes
winbind expand groups = 3
winbind use default domain = no
winbind rpc only = Yes
winbind offline logon = no
idmap config * : backend = tdb
idmap config * : range = 15000 - 25000
encrypt passwords = yes
pam password change = yes
passwd program = /usr/bin/passwd %u
passwd chat = Neues*Passwort* %n\nGeben Sie das neue Passwort erneut ein
* %n\nPass*dert.\n
veto files = /*.eml/*.nws/riched20.dll/*.{*}/
dos filetime resolution = Yes
printing = cups
printcap = cups
[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
write list = @samba-domain-admins @Administrators
read list = @samba-domain-users @machines @Familie
force group = samba-domain-users
browseable = No
[profiles]
path = /var/lib/samba/profiles
profile acls = yes
csc policy = disable
read only = No
browsable = no
store dos attributes = yes
guest ok = no
printable = no
hide files = /desktop.ini/*Briefcase*/
write list = %S %S%w%D root
hosts allow = 192.168.11., 127.0.0.1, 10.168.11.
create mask = 0600
directory mask = 0700
[IPC$]
path = /tmp
guest ok = Yes
hosts allow = 127.0.0.1, 192.168.11., 10.168.11.
[some other browseable shares]
--------------------------------------------------------------------------
I spend days reading samba log output (log level 5) to find a hint what was
wrong with computer browsing. Here is a small part of a logfile from workstation
"JOGO" trying to browse the network.
Doing spnego session setup
[2013/02/20 23:33:04.279626, 3] smbd/sesssetup.c:1107(reply_sesssetup_and_X_spn
ego)
NativeOS=[] NativeLanMan=[] PrimaryDomain=[]
[2013/02/20 23:33:04.279684, 3] ../libcli/auth/ntlmssp_server.c:348(ntlmssp_ser
ver_preauth)
Got user=[] domain=[] workstation=[JOGO] len1=1 len2=0
[2013/02/20 23:33:04.279761, 4] auth/user_util.c:361(map_username)
Scanning username map /etc/samba/smbusers
[2013/02/20 23:33:04.279842, 5] auth/auth_util.c:110(make_user_info_map)
Mapping user []\[] from workstation [JOGO]
[2013/02/20 23:33:04.279906, 5] auth/auth_util.c:131(make_user_info_map)
Mapped domain from [] to [ZUHAUSE] for user [] from workstation [JOGO]
[2013/02/20 23:33:04.279950, 5] auth/user_info.c:59(make_user_info)
attempting to make a user_info for ()
[2013/02/20 23:33:04.279993, 5] auth/user_info.c:70(make_user_info)
making strings for 's user_info struct
[2013/02/20 23:33:04.280038, 5] auth/user_info.c:87(make_user_info)
making blobs for 's user_info struct
[2013/02/20 23:33:04.280081, 3] auth/auth.c:219(check_ntlm_password)
check_ntlm_password: Checking password for unmapped user []\[]@[JOGO] with th
e new password interface
[2013/02/20 23:33:04.280126, 3] auth/auth.c:222(check_ntlm_password)
check_ntlm_password: mapped user is: [ZUHAUSE]\[]@[JOGO]
[2013/02/20 23:33:04.280168, 5] ../lib/util/util.c:415(dump_data)
[0000] 67 B2 BD E6 C1 B2 0B BF g.......
[2013/02/20 23:33:04.280241, 3] auth/auth.c:268(check_ntlm_password)
check_ntlm_password: guest authentication for user [] succeeded
[2013/02/20 23:33:04.280285, 5] auth/auth.c:309(check_ntlm_password)
check_ntlm_password: guest authentication for user [] -> [] -> [nobody] succe
eded
[2013/02/20 23:33:04.280393, 4] smbd/sec_ctx.c:214(push_sec_ctx)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2013/02/20 23:33:04.280439, 4] smbd/uid.c:460(push_conn_ctx)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2013/02/20 23:33:04.280481, 4] smbd/sec_ctx.c:314(set_sec_ctx)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2013/02/20 23:33:04.280524, 5] ../libcli/security/security_token.c:53(security
_token_debug)
Security token: (NULL)
[2013/02/20 23:33:04.280566, 5] auth/token_util.c:527(debug_unix_user_token)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2013/02/20 23:33:04.280715, 4] smbd/sec_ctx.c:422(pop_sec_ctx)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2013/02/20 23:33:04.280777, 4] lib/privileges.c:97(get_privileges)
get_privileges: No privileges assigned to SID [S-1-5-21-3406496673-2355577635-
1274693878-501]
[2013/02/20 23:33:04.280831, 4] lib/privileges.c:97(get_privileges)
get_privileges: No privileges assigned to SID [S-1-5-21-3406496673-2355577635-
1274693878-514]
[2013/02/20 23:33:04.280886, 5] lib/privileges.c:175(get_privileges_for_sids)
get_privileges_for_sids: sid = S-1-1-0
Privilege set: 0x0
[2013/02/20 23:33:04.280953, 4] lib/privileges.c:97(get_privileges)
get_privileges: No privileges assigned to SID [S-1-5-2]
[2013/02/20 23:33:04.281003, 4] lib/privileges.c:97(get_privileges)
get_privileges: No privileges assigned to SID [S-1-5-32-546]
[2013/02/20 23:33:04.282192, 4] smbd/sec_ctx.c:214(push_sec_ctx)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2013/02/20 23:33:04.282244, 4] smbd/uid.c:460(push_conn_ctx)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2013/02/20 23:33:04.282287, 4] smbd/sec_ctx.c:314(set_sec_ctx)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2013/02/20 23:33:04.282330, 5] ../libcli/security/security_token.c:53(security
_token_debug)
Security token: (NULL)
[2013/02/20 23:33:04.282373, 5] auth/token_util.c:527(debug_unix_user_token)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2013/02/20 23:33:04.282459, 4] smbd/sec_ctx.c:422(pop_sec_ctx)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2013/02/20 23:33:04.282508, 4] smbd/sec_ctx.c:214(push_sec_ctx)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2013/02/20 23:33:04.282552, 4] smbd/uid.c:460(push_conn_ctx)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2013/02/20 23:33:04.282594, 4] smbd/sec_ctx.c:314(set_sec_ctx)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2013/02/20 23:33:04.282637, 5] ../libcli/security/security_token.c:53(security
_token_debug)
Security token: (NULL)
[2013/02/20 23:33:04.282679, 5] auth/token_util.c:527(debug_unix_user_token)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2013/02/20 23:33:04.282757, 4] smbd/sec_ctx.c:422(pop_sec_ctx)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2013/02/20 23:33:04.282847, 3] ../libcli/auth/ntlmssp_sign.c:535(ntlmssp_sign_
init)
NTLMSSP Sign/Seal - Initialising with flags:
[2013/02/20 23:33:04.282895, 3] ../libcli/auth/ntlmssp.c:34(debug_ntlmssp_flags
)
Got NTLMSSP neg_flags=0xe2088215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_VERSION
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP_NEGOTIATE_56
[2013/02/20 23:33:04.283131, 3] smbd/password.c:298(register_existing_vuid)
register_existing_vuid: User name: nobody Real name:
[2013/02/20 23:33:04.283178, 3] smbd/password.c:308(register_existing_vuid)
register_existing_vuid: UNIX uid 65534 is UNIX user nobody, and will be vuid 1
00
[2013/02/20 23:33:04.283255, 5] lib/util.c:332(show_msg)
[2013/02/20 23:33:04.283281, 5] lib/util.c:342(show_msg)
size=164
smb_com=0x73
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51203
smb_tid=65535
smb_pid=65279
smb_uid=100
smb_mid=320
smt_wct=4
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 0 (0x0)
smb_vwv[ 2]= 1 (0x1)
smb_vwv[ 3]= 9 (0x9)
smb_bcc=121
[2013/02/20 23:33:04.284485, 3] smbd/process.c:1662(process_smb)
Transaction 3 of length 88 (0 toread)
[2013/02/20 23:33:04.284537, 5] lib/util.c:332(show_msg)
[2013/02/20 23:33:04.284562, 5] lib/util.c:342(show_msg)
size=84
smb_com=0x75
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=0
smb_pid=65279
smb_uid=100
smb_mid=384
smt_wct=4
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 84 (0x54)
smb_vwv[ 2]= 12 (0xC)
smb_vwv[ 3]= 1 (0x1)
smb_bcc=41
[2013/02/20 23:33:04.284865, 3] smbd/process.c:1467(switch_message)
switch message SMBtconX (pid 24701) conn 0x0
[2013/02/20 23:33:04.284909, 4] smbd/sec_ctx.c:314(set_sec_ctx)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2013/02/20 23:33:04.284952, 5] ../libcli/security/security_token.c:53(security
_token_debug)
Security token: (NULL)
[2013/02/20 23:33:04.284994, 5] auth/token_util.c:527(debug_unix_user_token)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2013/02/20 23:33:04.285060, 5] smbd/uid.c:400(change_to_root_user)
change_to_root_user: now uid=(0,0) gid=(0,0)
[2013/02/20 23:33:04.285114, 4] smbd/reply.c:794(reply_tcon_and_X)
Client requested device type [?????] for share [IPC$]
[2013/02/20 23:33:04.285174, 5] smbd/service.c:1354(make_connection)
making a connection to 'normal' service ipc$
[2013/02/20 23:33:04.285293, 3] lib/access.c:338(allow_access)
Allowed connection from JOGO.familie-nissen.eu (192.168.11.1)
[2013/02/20 23:33:04.285351, 5] lib/username.c:171(Get_Pwnam_alloc)
Finding user nobody
[2013/02/20 23:33:04.285395, 5] lib/username.c:116(Get_Pwnam_internals)
Trying _Get_Pwnam(), username as lowercase is nobody
[2013/02/20 23:33:04.285440, 5] lib/username.c:149(Get_Pwnam_internals)
Get_Pwnam_internals did find user [nobody]!
[2013/02/20 23:33:04.285491, 3] smbd/service.c:872(make_connection_snum)
Connect path is '/var/tmp' for service [IPC$]
[2013/02/20 23:33:04.285567, 3] smbd/vfs.c:102(vfs_init_default)
Initialising default vfs hooks
[2013/02/20 23:33:04.285616, 5] smbd/vfs.c:92(smb_register_vfs)
Successfully added vfs backend '/[Default VFS]/'
[2013/02/20 23:33:04.285662, 5] smbd/vfs.c:92(smb_register_vfs)
Successfully added vfs backend 'posixacl'
[2013/02/20 23:33:04.285705, 3] smbd/vfs.c:128(vfs_init_custom)
Initialising custom vfs hooks from [/[Default VFS]/]
Successfully loaded vfs module [/[Default VFS]/] with the new modules system
[2013/02/20 23:33:04.285775, 5] smbd/connection.c:134(claim_connection)
claiming [IPC$]
[2013/02/20 23:33:04.285920, 4] smbd/sec_ctx.c:314(set_sec_ctx)
setting sec ctx (65534, 513) - sec_ctx_stack_ndx = 0
[2013/02/20 23:33:04.285971, 5] ../libcli/security/security_token.c:63(security
_token_debug)
Security token SIDs (8):
SID[ 0]: S-1-5-21-3406496673-2355577635-1274693878-501
SID[ 1]: S-1-5-21-3406496673-2355577635-1274693878-514
SID[ 2]: S-1-1-0
SID[ 3]: S-1-5-2
SID[ 4]: S-1-5-32-546
SID[ 5]: S-1-22-1-65534
SID[ 6]: S-1-22-2-514
SID[ 7]: S-1-22-2-10014
Privileges (0x 0):
Rights (0x 0):
[2013/02/20 23:33:04.286231, 5] auth/token_util.c:527(debug_unix_user_token)
UNIX token of user 65534
Primary group is 513 and contains 2 supplementary groups
Group[ 0]: 514
Group[ 1]: 10014
[2013/02/20 23:33:04.286335, 5] smbd/uid.c:317(change_to_user_internal)
Impersonated user: uid=(0,65534), gid=(0,513)
[2013/02/20 23:33:04.286383, 4] smbd/sec_ctx.c:314(set_sec_ctx)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2013/02/20 23:33:04.286427, 5] ../libcli/security/security_token.c:53(security
_token_debug)
Security token: (NULL)
[2013/02/20 23:33:04.286469, 5] auth/token_util.c:527(debug_unix_user_token)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2013/02/20 23:33:04.286538, 5] smbd/uid.c:400(change_to_root_user)
change_to_root_user: now uid=(0,0) gid=(0,0)
[2013/02/20 23:33:04.286596, 3] smbd/service.c:1114(make_connection_snum)
jogo (192.168.11.1) connect to service IPC$ initially as user nobody (uid=6553
4, gid=513) (pid 24701)
[2013/02/20 23:33:04.286648, 3] smbd/reply.c:871(reply_tcon_and_X)
tconX service=IPC$
[2013/02/20 23:33:04.287247, 5] lib/util_sock.c:319(read_fd_with_timeout)
read_fd_with_timeout: blocking read. EOF from client.
[2013/02/20 23:33:04.287315, 5] smbd/process.c:457(receive_smb_talloc)
receive_smb_raw_talloc failed for client 192.168.11.1 read error = NT_STATUS_E
ND_OF_FILE.
[2013/02/20 23:33:04.287363, 4] smbd/sec_ctx.c:314(set_sec_ctx)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2013/02/20 23:33:04.287407, 5] ../libcli/security/security_token.c:53(security
_token_debug)
Security token: (NULL)
[2013/02/20 23:33:04.287450, 5] auth/token_util.c:527(debug_unix_user_token)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2013/02/20 23:33:04.287517, 5] smbd/uid.c:400(change_to_root_user)
change_to_root_user: now uid=(0,0) gid=(0,0)
[2013/02/20 23:33:04.287566, 4] smbd/vfs.c:780(vfs_ChDir)
vfs_ChDir to /var/tmp
[2013/02/20 23:33:04.287621, 4] smbd/sec_ctx.c:314(set_sec_ctx)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2013/02/20 23:33:04.287664, 5] ../libcli/security/security_token.c:53(security
_token_debug)
Security token: (NULL)
[2013/02/20 23:33:04.287706, 5] auth/token_util.c:527(debug_unix_user_token)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2013/02/20 23:33:04.287772, 5] smbd/uid.c:400(change_to_root_user)
change_to_root_user: now uid=(0,0) gid=(0,0)
[2013/02/20 23:33:04.287816, 3] smbd/service.c:1378(close_cnum)
jogo (192.168.11.1) closed connection to service IPC$
[2013/02/20 23:33:04.287864, 3] smbd/connection.c:35(yield_connection)
Yielding connection to IPC$
[2013/02/20 23:33:04.287925, 4] smbd/vfs.c:780(vfs_ChDir)
vfs_ChDir to /
[2013/02/20 23:33:04.287972, 4] smbd/sec_ctx.c:314(set_sec_ctx)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2013/02/20 23:33:04.288016, 5] ../libcli/security/security_token.c:53(security
_token_debug)
Security token: (NULL)
[2013/02/20 23:33:04.288058, 5] auth/token_util.c:527(debug_unix_user_token)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2013/02/20 23:33:04.288124, 5] smbd/uid.c:400(change_to_root_user)
change_to_root_user: now uid=(0,0) gid=(0,0)
[2013/02/20 23:33:04.288240, 3] smbd/server_exit.c:181(exit_server_common)
Server exit (failed to receive smb request)
---------------------------------------------------------------------------
Any help on solving the computer browser problem would be appreciated.
More information about the samba
mailing list