Re: [Samba] A domain controller for the domain could not by contacted (2.2.3a-12.3 for Debian)

[Patrick Shoaf]

I am running on RedHat, but everything should be same on server side.  Try 
adding the following lines into the smb.conf file:

password level = 8
username level = 8
encrypt passwords = yes
smb passwd file = /etc/samba/smbpasswd
unix password sync = yes
pam password change = yes
obey pam restrictions = yes
I have these lines in my conf and everything is working for me, even WinXP 
now.
The first two lines are for the case differences between Win & linux.
All version of win beyond Win95 defaults to encrypted passwords, hence line 3.
I have two password files, /etc/passwd for Linux & smbpasswd for Samba, 
users must be in both to authenticate, hence lines 4-5.
Lines 6-7 were in my default config and things work, so I did not question 
them.

If this does not work, please email me complete smb.conf file, and I will 
do a more thorough comparison.

Good Luck.

Patrick Shoaf

At 11:12 AM 12/16/2003, Eduard Witteveen wrote:
Hello,

I'm having problems using Samba as an primary domain controller. I am 
using debian woody as our platform.

The version of samba is "2.2.3a-12.3 for Debian" and i followed the 
instructions which can be found on the following url: 
http://www-106.ibm.com/developerworks/eserver/tutorials/samba/. In short 
this covers:
   - creating the config file
   - creating the users / groups
   - creating directory structure
   - configuring the windows client
I attached my config file's /logging  from my debian woody system.

I did the following things on the windows client (Windows XP Professional 
2002 Service Pack 1)
   - Open the Local Security Policy editor (Start -> All Programs -> 
Administrative Tools -> Local Security Policy).
   - Locate the entry "Domain member: Digitally encrypt or sign secure 
channel (always)". Disable it.
   - Locate the entry "Domain member: Disable machine account password 
changes". Make sure it's disabled as well.
   - Locate the entry "Domain member: Require strong (Windows 2000 or 
later) session key". Disable it.
   - Next, download the WinXP_SignOrSeal registry patch from 
www.samba.org <http://www.samba.org> or collect it from the Further 
resources: Downloads and developerWorks 
<http://www-106.ibm.com/developerworks/eserver/tutorials/samba/samba-6-2.html> 
section at the end of this tutorial. Apply it by double-clicking and 
answering Yes to the dialog prompt.
   - Now join the domain the same as you would for Windows NT or 2000. 
Right-click My Computer, select Properties, Computer Name, and Change. Or 
click the Network ID button and run the Network Wizard.

I put some screenshots of windows on the following locations: 
http://www.nergens.org/samba/ComputerNameChanges.PNG and 
http://www.nergens.org/samba/ComputerProperties.PNG

( i searched on the mailarchive, but i couldnt find any pointers / im 
kinda new to smb so i dont know how to debug)

Could someone please help me here?

Eduard Witteveen



[global]
;basic server settings
workgroup = HAWAR3
netbios name = nemo
server string = Samba %h PDC running %v
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192
;PDC and master browser settings
os level = 64
preferred master = yes
local master = yes
domain master = yes
;security and logging settings
security = user
# encrypt passwords = yes
log file = /var/log/samba/log.%m
log level = 2
# max log size = 50
# hosts allow = 127.0.0.1 192.168.1.0/255.255.255.0
;user profiles and home directory
logon home = \\%L\%U\
logon drive = H:
logon path = \\%L\profiles\%U
logon script = netlogon.bat
;sync passwords
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*UNIX*password* %n\n *Retype*new*UNIX*password* 
%n\n  *Enter*new*UNIX*password* %n\n *Retype*new*UNIX*password* %n\n 
*passwd:         *all*authentication*tokens*updated*successfully*

; new machines
add user script = /usr/sbin/useradd -d /dev/null -g machines -s /bin/false 
-M %u

# ==== shares ====

[homes]
comment = Home Directories
browseable = no
writeable = yes
[profiles]
path = /home/samba/profiles
writeable = yes
browseable = no
create mask = 0600[2003/12/16 17:18:37, 0] smbd/server.c:main(698)
  smbd version 2.2.3a-12.3 for Debian started.
  Copyright Andrew Tridgell and the Samba Team 1992-2002
[2003/12/16 17:18:37, 1] lib/debug.c:debug_message(250)
  INFO: Debug class all level = 2   (pid 232 from pid 232)
[2003/12/16 17:18:37, 2] param/loadparm.c:do_section(2973)
  Processing section "[homes]"
[2003/12/16 17:18:37, 2] param/loadparm.c:do_section(2973)
  Processing section "[profiles]"
[2003/12/16 17:18:37, 2] param/loadparm.c:do_section(2973)
  Processing section "[netlogon]"
[2003/12/16 17:18:37, 2] lib/interface.c:add_interface(81)
  added interface ip=10.0.0.152 bcast=10.0.0.255 nmask=255.255.255.0
[2003/12/16 17:18:37, 2] smbd/server.c:open_sockets(198)
  waiting for a connection
nemo:/var/log/samba# cat log.nmbd
[2003/12/16 17:18:37, 0] nmbd/nmbd.c:main(783)
  Netbios nameserver version 2.2.3a-12.3 for Debian started.
  Copyright Andrew Tridgell and the Samba Team 1994-2002
[2003/12/16 17:18:37, 1] lib/debug.c:debug_message(250)
  INFO: Debug class all level = 2   (pid 230 from pid 230)
[2003/12/16 17:18:37, 2] nmbd/nmbd.c:main(821)
  Becoming a daemon.
[2003/12/16 17:18:37, 2] lib/interface.c:add_interface(81)
  added interface ip=10.0.0.152 bcast=10.0.0.255 nmask=255.255.255.0
[2003/12/16 17:18:37, 2] nmbd/nmbd_subnetdb.c:make_subnet(193)
  making subnet name:10.0.0.152 Broadcast address:10.0.0.255 Subnet 
mask:255.255.255.0
[2003/12/16 17:18:37, 2] nmbd/nmbd_subnetdb.c:make_subnet(193)
  making subnet name:UNICAST_SUBNET Broadcast address:0.0.0.0 Subnet 
mask:0.0.0.0
[2003/12/16 17:18:37, 2] nmbd/nmbd_subnetdb.c:make_subnet(193)
  making subnet name:REMOTE_BROADCAST_SUBNET Broadcast address:0.0.0.0 
Subnet mask:0.0.0.0
[2003/12/16 17:18:37, 2] nmbd/nmbd_lmhosts.c:load_lmhosts_file(41)
  load_lmhosts_file: Can't open lmhosts file /etc/samba/lmhosts. Error 
was No such file or directory
[2003/12/16 17:18:37, 0] 
nmbd/nmbd_become_dmb.c:become_domain_master_browser_bcast(291)
  become_domain_master_browser_bcast:
  Attempting to become domain master browser on workgroup HAWAR3 on 
subnet 10.0.0.152
[2003/12/16 17:18:37, 0] 
nmbd/nmbd_become_dmb.c:become_domain_master_browser_bcast(305)
  become_domain_master_browser_bcast: querying subnet 10.0.0.152 for 
domain master browser on workgroup HAWAR3
[2003/12/16 17:18:41, 2] 
nmbd/nmbd_become_dmb.c:become_domain_master_stage1(179)
  become_domain_master_stage1: Becoming domain master browser for 
workgroup HAWAR3 on subnet 10.0.0.152
[2003/12/16 17:18:41, 0] 
nmbd/nmbd_responserecordsdb.c:find_response_record(237)
  find_response_record: response packet id 12349 received with no 
matching record.
[2003/12/16 17:18:41, 0] 
nmbd/nmbd_responserecordsdb.c:find_response_record(237)
  find_response_record: response packet id 12350 received with no 
matching record.
[2003/12/16 17:18:43, 2] nmbd/nmbd_elections.c:send_election_dgram(43)
  send_election_dgram: Sending election packet for workgroup HAWAR3 on 
subnet 10.0.0.152
[2003/12/16 17:18:45, 2] nmbd/nmbd_elections.c:send_election_dgram(43)
  send_election_dgram: Sending election packet for workgroup HAWAR3 on 
subnet 10.0.0.152
[2003/12/16 17:18:45, 0] 
nmbd/nmbd_become_dmb.c:become_domain_master_stage2(115)
  *****

  Samba server NEMO is now a domain master browser for workgroup HAWAR3 
on subnet 10.0.0.152

  *****
[2003/12/16 17:18:48, 2] nmbd/nmbd_elections.c:send_election_dgram(43)
  send_election_dgram: Sending election packet for workgroup HAWAR3 on 
subnet 10.0.0.152
[2003/12/16 17:18:50, 2] nmbd/nmbd_elections.c:send_election_dgram(43)
  send_election_dgram: Sending election packet for workgroup HAWAR3 on 
subnet 10.0.0.152
[2003/12/16 17:18:52, 2] nmbd/nmbd_elections.c:send_election_dgram(43)
  send_election_dgram: Sending election packet for workgroup HAWAR3 on 
subnet 10.0.0.152
[2003/12/16 17:18:52, 2] nmbd/nmbd_elections.c:run_elections(208)
  run_elections: >>> Won election for workgroup HAWAR3 on subnet 
10.0.0.152 <<<
[2003/12/16 17:18:52, 2] 
nmbd/nmbd_become_lmb.c:become_local_master_browser(549)
  become_local_master_browser: Starting to become a master browser for 
workgroup HAWAR3 on subnet 10.0.0.152
[2003/12/16 17:19:00, 0] 
nmbd/nmbd_become_lmb.c:become_local_master_stage2(404)
  *****

  Samba name server NEMO is now a local master browser for workgroup 
HAWAR3 on subnet 10.0.0.152

  *****[2003/12/16 17:18:37, 0] smbd/server.c:main(698)
  smbd version 2.2.3a-12.3 for Debian started.
  Copyright Andrew Tridgell and the Samba Team 1992-2002
[2003/12/16 17:18:37, 1] lib/debug.c:debug_message(250)
  INFO: Debug class all level = 2   (pid 232 from pid 232)
[2003/12/16 17:18:37, 2] param/loadparm.c:do_section(2973)
  Processing section "[homes]"
[2003/12/16 17:18:37, 2] param/loadparm.c:do_section(2973)
  Processing section "[profiles]"
[2003/12/16 17:18:37, 2] param/loadparm.c:do_section(2973)
  Processing section "[netlogon]"
[2003/12/16 17:18:37, 2] lib/interface.c:add_interface(81)
  added interface ip=10.0.0.152 bcast=10.0.0.255 nmask=255.255.255.0
[2003/12/16 17:18:37, 2] smbd/server.c:open_sockets(198)
  waiting for a connection--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba
Patrick J. Shoaf, IT Manager
[EMAIL PROTECTED]
Model Cleaners, Uniforms, & Apparel
100 Third Street
Charleroi, PA 15022
<http://www.model-uniforms.com/>http://www.model-uniforms.com
Phone: 724-489-9553 ext. 105
 or    800-99 MODEL
Fax:   724-489-4386


--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba