Your message dated Thu, 19 May 2011 07:07:25 +0200
with message-id <[email protected]>
and subject line Re: Bug#605853: Login problems with Win7 clients: try samba
3.5.8?
has caused the Debian Bug report #605853,
regarding logins fails with windows 7 although joining domain succeeds
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
605853: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=605853
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: samba
Version: 3.5.6~dfsg-1+bpo50+2
I'm experiencing a similar problem to the report posted in #550043. I
don't have access to samba 3.3.6 to test our environment with that
version.
We're running:
ii samba 2:3.5.6~dfsg-1+bpo50+2
ii samba-common 2:3.5.6~dfsg-1+bpo50+2
ii samba-common-bin 2:3.5.6~dfsg-1+bpo50+2
The workstation is running Windows 7.
We can join the domain successfully, although we get the DNS error:
Changing the Primary Domain DNS name of this computer to "" failed.
The name will remain "RBI". The error was: The specified domain either
does not exist or could not be contacted
On the samba server, the log file for the machine in question reports
the following error when the machine is added to the domain:
[2010/12/03 19:50:51, 0]
rpc_server/srv_netlog_nt.c:603(_netr_ServerAuthenticate3)
_netr_ServerAuthenticate3: netlogon_creds_server_check failed.
Rejecting auth request from client JOHANSANTANA machine account
JOHANSANTANA$
The machine is listed by pdbedit.
When logged into the machine locally, it can mount shares from the samba
server.
However, when you try to login to the domain, the Windows machine
responds:
There are currently no logon servers available to service the logon
request.
The Windows machine event log reports
This computer was not able to setup a secure session with a domain
controller in domain RBI due to the following: The RPC server is
unavailable. This may lead to authentication problems. Make sure that
this computer is connected to the network. If the problem persists,
please contact your domain administrator.
(I tried to downgrade to version 3.4.8 - with that version "The RPC
server is unavailable" was not in the Windows Event log. Instead it
reported "There are currently no logon servers available to service the
logon request.")
On the samba server, the log file for the machine in question reports:
[2010/12/03 19:51:30, 0] lib/util_sock.c:539(read_fd_with_timeout)
[2010/12/03 19:51:30, 0] lib/util_sock.c:1491(get_peer_addr_internal)
getpeername failed. Error was Transport endpoint is not connected
read_fd_with_timeout: client 0.0.0.0 read error = Connection reset
by peer
Copied below is the smb.conf file. Any suggestions appreciated.
jamie
[global]
unix extensions = no
workgroup = rbi
wins support = yes
dns proxy = yes
netbios name = martin
enable privileges = yes
log file = /var/log/samba/log.%m
max log size = 1000
syslog = 0
panic action = /usr/share/samba/panic-action %d
security = user
encrypt passwords = true
passdb backend = ldapsam:"ldap://10.34.2.210 ldap://10.34.2.206";
ldap ssl = No
ldap suffix = dc=office,dc=harlemrbi,dc=org
ldap machine suffix = ou=Computers
ldap user suffix = ou=Users
ldap group suffix = ou=Groups
ldap admin dn = cn=smb-admin,dc=office,dc=harlemrbi,dc=org
unix password sync = yes
obey pam restrictions = no
passwd program = /usr/sbin/smbldap-passwd %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n
*all*authentication*tokens*updated*
logon path =
logon drive = H:
logon home = \\%L\%U
logon script = logon.bat
domain logons = yes
os level = 30
preferred master = yes
domain master = yes
winbind uid = 15000-20000
winbind gid = 15000-20000
ldap delete dn = yes
add user script = /usr/sbin/smbldap-useradd -m %u
delete user script = /usr/sbin/smbldap-userdel %u
add machine script = /usr/sbin/smbldap-useradd -d /dev/null -g nogroup -s
/bin/false -w %u
add group script = /usr/sbin/smbldap-groupadd -p %g
delete group script = /usr/sbin/smbldap-groupdel %g
add user to group script = /usr/sbin/smbldap-groupmod -m %u %g
delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g
set primary group script = /usr/sbin/smbldap-groupadd -p %g
load printers = yes
printing = cups
printcap name = cups
cups options = "raw"
socket options = TCP_NODELAY
restrict anonymous = no
acl compatibility = winnt
server signing = Auto
[homes]
comment = Home Directories
browseable = no
read only = no
nt acl support = no
create mask = 0755
directory mask = 0755
valid users = %S
[netlogon]
comment = Network Logon Service
path = /home/samba/netlogon
share modes = no
admin users = mayfirst,cgimenez
available = yes
guest ok = yes
[printers]
comment = All Printers
browseable = no
path = /var/spool/samba
printable = yes
guest ok = yes
admin users = root, @admin, cgimenez
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
write list = root,mayfirst,@ntadmin
guest ok = yes
[Share]
comment = Share Drive
path = /home/share
create mask = 0664
directory mask = 2775
force group = staff
read only = no
available = yes
guest ok = yes
[Software]
comment = Software Installers
path = /home/software
create mask = 0664
directory mask = 2775
write list = @software
available = yes
guest ok = yes
signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---
Quoting Jamie McClelland ([email protected]):
> On Wed May 18, Christian PERRIER wrote:
> > Hello Jamie,
> >
> > Did you manage to deal with your win7 clients login problems against a
> > samba 3.5.6 domain controller?
>
> Yes and no. We eventually solved the problem by building a new samba
> server running squeeze (still samba 3.5.6) . Unfortunately (from a
> debugging standpoint) we implemented many changes in how we handled LDAP
> on the new server, so it's not clear to me exactly what changed on our
> new installation that was responsible for fixing the problem.
>
> It seems as though the problem was either related to cruft from previous
> Samba upgrades on our lenny server or due to some configuration or
> dependent software in lenny.
As it always happens in such eventually complex situations. I'm
therefore closing this bug report. Thanks for your input.
signature.asc
Description: Digital signature
--- End Message ---
