[Samba] Clustered Samba 3.6.6 connection issues

Adi Kriegisch adi at cg.tuwien.ac.at
Tue Jun 11 05:44:13 MDT 2013

Dear Samba Community,

we recently did upgrade our data server cluster from Debian Squeeze (Samba
3.5.6) to Debian Wheezy (Samba 3.6.6).
The cluster is configured to act as BDC too. After the upgrade, connecting
to the server works for a short while and then users experience disconnects
and are unable to reconnect the mapped network drive (mostly on
Win7/64bit; connections from Linux machines work flawlessly).
The only error message on the Win7 we could capture was:
  | This computer was not able to set up a secure session with a domain
  | controller in domain DOMAIN due to the following:
  | The RPC server is unavailable.
  | This may lead to authentication problems. Make sure that this computer
  | connected to the network. If the problem persists, please contact your
  | domain administrator.

A test cluster showed that with the very same config files, Samba 3.6.6
works just fine in a cluster when not being a BDC (domain logons = no and
security = domain).

It is perfectly fine for us to not use the cluster as BDC. But we'd like to
find out what changed between 3.5.6 and 3.6.6 that could cause such a
behaviour. Could someone please be so kind to guide us in the right

    Adi Kriegisch

PS: Attached is a config file of our Samba cluster. We're using OCFS2 as
    data file system and glusterfs for the ctdb recovery lock file and to
    keep the netlogon stuff in sync (mounted at /var/csamba).
    In case you need any more information please let me know!
-------------- next part --------------
        workgroup = DOMAIN
        netbios name = CLUSTER
        server string = data server cluster (Samba %v)
        passdb backend = ldapsam:ldapi://%2fvar%2frun%2fslapd%2fldapi/
        map untrusted to domain = Yes
        unix extensions = No
        deadtime = 15
        ctdbd socket = /tmp/ctdb.socket
        cluster addresses =,,
        clustering = Yes
        load printers = No
        printcap name = /dev/null
        logon script = %U.cmd
        logon path =
        logon home =
        domain logons = Yes
        security = user
        # as domain member:
        #domain logons = No
        #security = domain
        local master = No
        domain master = No
        wins server =
        ldap admin dn = uid=admin,dc=domain,dc=org
        ldap group suffix = ou=Groups
        ldap machine suffix = ou=SambaMachines,ou=Users
        ldap suffix = dc=domain,dc=org
        ldap ssl = no
        ldap user suffix = ou=Users
        panic action = /usr/share/samba/panic-action %d
        fileid:mapping = fsid
        idmap config * : backend = tdb2
        inherit permissions = Yes
        inherit acls = Yes
        use sendfile = Yes
        printing = bsd
        print command = lpr -r -P'%p' %s
        lpq command = lpq -P'%p'
        lprm command = lprm -P'%p' %j
        wide links = Yes
        dos filemode = Yes
        vfs objects = fileid

        comment = Home Directories
        read only = No
        create mask = 0775
        directory mask = 0775
        strict allocate = Yes
        browseable = No

        path = /var/csamba/netlogon
        write list = @admin

More information about the samba mailing list