[Samba] Windows 7 Pro/64 unable to contact domain controller

[Gary Dale]

On 26/08/14 05:18 PM, Rowland Penny wrote:
> On 26/08/14 22:09, Gary Dale wrote:
>> On 26/08/14 04:42 PM, Gregory Sloop wrote:
>>> Re: [Samba] Windows 7 Pro/64 unable to contact domain controller
>>>
>>>
>>> *GD> On 26/08/14 12:26 PM, Gary Dale wrote:
>>> >> I have a number of systems running Windows 7/pro 64bit connecting 
>>> to a
>>> >> Debian/Wheezy Samba DC. After one was rebooted today, I was 
>>> unable to
>>> >> log on with a domain account, with the usual message about being
>>> >> unable to connect to a domain controller.
>>>
>>> >> After logging on with a local account, I tried rejoining the domain
>>> >> but was unable - again Windows complained that it can't contact the
>>> >> domain controller. Re-did the Window registry settings change to 
>>> allow
>>> >> Win7 to connect to an NT-style domain but still no luck. Same when I
>>> >> turned off the firewall. Rebooted multiple times in the process.
>>>
>>> >> I can connect to network shares on the Samba DC (3.6.6) and can
>>> >> connect with SWAT using the NetBIOS name but others can't connect to
>>> >> shares on this computer.
>>>
>>> >> Any ideas?
>>>
>>> GD> The Samba logs show absolutely nothing happening which suggests 
>>> that
>>> GD> Windows is accurate when it says it can't find or connect to a 
>>> login
>>> GD> server / domain controller.
>>>
>>> GD> I've been through all the Google searches I can think of and 
>>> haven't
>>> GD> found much beyond the local security policy and local registry 
>>> changes.
>>>
>>> GD> I can connect to shares on the computer only when I use a local 
>>> account.
>>>
>>> *This sounds a lot like DNS that isn't operating as you'd expect. 
>>> [i.e. A DNS query doesn't return the correct address for the server, 
>>> or perhaps any address at all.]
>>>
>>> What's handling DNS for the problem workstation, and is it handing 
>>> out answers properly. [A rogue DHCP server which pollutes DNS could 
>>> cause it too.]
>>>
>>> -Greg
>> The DNS is handled through a D-Link DIR-825 router, although it 
>> doesn't do it properly. I've pointed it to the PDC for WINS (a manual 
>> setting that it has). I've tried the router with the Advanced DNS 
>> turned on (which it was until yesterday, when I tracked that 
>> "feature" to an intermittent time-out error with database connections).
>
> By DNS, do you mean that the clients are being pointed at the router 
> as the DNS server ?, if so, then this could be your problem, the 
> clients should be using the S4 AD DC as the DNS server. This would 
> entail using either the internal dns server or bind9 with forwarders 
> pointing the way out of the samba domain.
Except I'm running Samba 3.6.6 (Debian/Wheezy). The workstations get 
their DNS from whatever DHCP hands out, which should be the router's 
address. The router points to the Samba server for WINS. This seems to 
be working to the extent that I can ping machines by name.

>
>>
>> When I turned it off, name resolution seemed to be working fine for 
>> the local computers. This was tried with both OpenDNS and the DNS 
>> servers provided by the ISP.
>>
>> I turned it back on several hours ago but that doesn't seem to make 
>> things any better.
>>
>> The problem only seems to be affecting this one machine. there are 8 
>> other workstations that seem to have no problems with domain logins.
>>
> Could be that this one machine could be the only one that is running 
> correctly and the others are going to start following suit.
It's been almost 8 hours and so far it's just the one machine.