[Samba] samba 4 installation failing several troubleshooting steps

Joe Johnson plainoldjoe at gmail.com
Wed Jul 3 17:41:28 MDT 2013 

Troubleshooting steps fail.  Trying to replace a standalone Netware
server with a Samba4 server with AD.  To isolate this test setup,
changed server's static IP address and separated the wiring.  Then
went through the Troubleshooting portion of The Samba Checklist.  Some
tests pass.  Some tests fail.  I'm weak on Samba, DNS and AD.  I
appreciate your instructions on how to overcome the indicated test
failures.

The setup:
- an inexpensive router provides DHCP to a network of three computers
- Samba4 server (SERVER) has static ip 192.168.3.210
- Windows XP Pro SP3 workstation (WORKSTATION)
- Linux Mint workstation (used for ssh to SERVER)
- Domain is domane.lan
- workgroup is OFFICE
- Samba4 downloaded from git, version 4.1.0pre1-GIT-3e66cb7, using internal DNS
- SERVER runs Ubuntu 12 LTS, recent download with updates, no firewall

smb.conf, resolv.conf, and a query result for DNS records may all be seen at
http://pastebin.com/B5gyDi1s  ("samba 4 configurations as part of
troubleshooting questions")

When making suggestions, please detail the commands you would like me to try.

1)  WORKSTATION can log into the domain and can ping SERVER by its ip
address.  WORKSTATION initially could not ping SERVER by its name, but
could after an entry for SERVER was added in
C:\windows\system32\drivers\etc\hosts.

2)  SERVER can ping WORKSTATION by its ip address but cannot ping the
workstation by its name.

3)  /usr/local/samba/bin/testparm /usr/local/samba/etc/smb.conf  does
not report any errors.

4)  On WORKSTATION I was never able to get a browse list of shares.
An early error seen in /usr/local/samba/var/log.samba is:

[2013/06/21 22:43:29,  0] ../source4/dsdb/common/util_samr.c:185(dsdb_add_user)
  Failed to create user record
CN=WORKSTATION,CN=Computers,DC=domane,DC=lan: dsdb_access: Access
check failed on CN=Computers,DC=domane,DC=lan

5)  host -t SRV _ldap._tcp.domane.lan.  gives expected results
host -t SRV _kerberos._udp.domane.lan.  gives expected results
host -t A server.domane.lan.  gives expected results

6)  On WORKSTATION, checked the box “Use this connection's DNS suffix in DNS
 registration” in Windows XP's TCP/IP properties, General, Advanced,
DNS.  SERVER still cannot ping workstation by name.

7)  smbclient -L SERVER  does provide a list of shares.

8)  /usr/local/samba/bin/nmblookup -B SERVER __SAMBA__.    responds with
querying __SAMBA__. on 127.0.0.1
name_query failed to find name __SAMBA__.

9)  nmblookup -B WORKSTATION.domane.lan '*'
  gives the confusing response
querying * on 192.168.3.255
192.168.3.2 *<00>
This is confusing because 192.168.3.2 is the ip addres of the Mint
computer running ssh to SERVER.  WORKSTATION has an ip address of
192.168.3.3

10)  nmblookup -d 2 '*'
  responds with
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
added interface eth0 ip=fe80::211:11ff:fe6f:8df0%eth0
bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=192.168.3.210 bcast=192.168.3.255 netmask=255.255.255.0
querying * on 192.168.3.255
Got a positive name query response from 192.168.3.2 ( 192.168.3.2 )
192.168.3.2 *<00>
Again, this is confusing because 192.168.3.2 is the ip address of the
Minut computer running ssh to SERVER.  WORKSTATION has an ip address
of 192.168.3.3

11)  smbclient //SERVER/INVOICES
  -UAdministrator  requests a password and responds with
session setup failed: NT_STATUS_LOGON_FAILURE
Domain=[OFFICE] OS=[Unix] Server=[Samba 4.1.0pre1-GIT-3e66cb7]
smb: \>

12)  smbclient //SERVER/INVOICES
   with a user other and Administrator requests a password and responds with
session setup failed: NT_STATUS_LOGON_FAILURE

13)  On WORKSTATION, the command   net view \\SERVER   responds with a
list of shares.

14)  On WORKSTATION, the command   net use x: \\SERVER\INVOICES
responds well.  If logged in as administrator, it is possible to use
the dir command to see a list of files.

15)  On WORKSTATION, when graphically browsing the network SERVER is
seen but it does not contain a list of shares.  There is nothing to
graphically select to map.  If a share name is known, it can be
manually mapped similar to prior example.

16)  /usr/local/samba/bin
/nmblookup -M OFFICE
  responds with
name_query failed to find name OFFICE#1d
This is in spite of having  preferred master = yes   in smb.conf

Thank you for helping to identify what is going wrong, and for your
suggestions for fixes.

More information about the samba mailing list