I have Fedora Directory Server (1.0.4) running on a Red Hat Linux (RHEL 4) with Samba (3.0.10-1.4E.12.2).
I have a Windows XP box that I have successfully joined to the domain. When I go to login with a domain user I get the following error: "Windows cannot connect to the domain, either because the domain controller is down or otherwise unavailable, or because your computer account was not found." In the Windows system event log there is the following entry: "Event Type: Error Event Source: NETLOGON Event Category: None Event ID: 3210 Date: 6/12/2007 Time: 10:08:02 AM User: N/A Computer: WINXP-CLEAN Description: This computer could not authenticate with \\RHEL-CLEAN2, a Windows domain controller for domain MYDOMAIN, and therefore this computer might deny logon requests. This inability to authenticate might be caused by another computer on the same network using the same name or the password for this computer account is not recognized. If this message appears again, contact your system administrator. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp . Data: 0000: c0000022" The only thing in smb.log is: [2007/06/12 11:41:09, 0] lib/util_sock.c:get_peer_addr(1000) getpeername failed. Error was Transport endpoint is not connected The only thing in the machine's samba log is: [2007/06/12 11:41:09, 0] lib/util_sock.c:get_peer_addr(1000) getpeername failed. Error was Transport endpoint is not connected [2007/06/12 11:41:09, 0] lib/util_sock.c:write_socket_data(430) write_socket_data: write failure. Error = Connection reset by peer [2007/06/12 11:41:09, 0] lib/util_sock.c:write_socket(455) write_socket: Error writing 4 bytes to socket 24: ERRNO = Connection reset by peer [2007/06/12 11:41:09, 0] lib/util_sock.c:send_smb(647) Error writing 4 bytes to client. -1. (Connection reset by peer) There is nothing in the Fedora log near to when the workstation boots or the user tries to login. I can connect to a share on the server from the Windows computer, when logged in as a local user, using "net view" or entering the path directly (\\rhel-clean2\sharename\). I can ping the server from the workstation and vis-a-versa. I've explicitly added the workstation to the forward and reverse DNS zone files. The time of the server and workstation is less than 5 min apart. I have explicitly added the linux server as a WINS server on the Windows box (just in case). All of the Windows diagnostic test I have performed point to the machine's password being out of sync or various things about group policies for encryption and such. I tried turning off all of the related group policies with no effect. I am pulling my hair out trying to figure this out. Any and all help is appreciated. smb.conf is below. Thanks, -Mont [global] # workgroup = NT-Domain-Name or Workgroup-Name workgroup = mydomain # ldap settings passdb backend = ldapsam:ldap://mydomain.com:53911 ldap admin dn = cn=Directory Manager ldap suffix = dc=mydomain,dc=com ldap user suffix = ou=People ldap machine suffix = ou=Computers ldap group suffix = ou=Groups # PDC Settings domain logons = yes domain master = yes local master = yes preferred master = yes # Windows integration settings wins support = yes logon home = \\%L\%u\profiles logon path = \\%L\profiles\%u logon drive = H: add machine script = /usr/sbin/adduser -n -g machinetrust -c Machine -d /dev/null -s /bin/false %u # Log Settings log file = /var/log/%m.log log file = /var/log/samba/%m.log max log size = 50 # Misc Global Settings server string = FDS Server socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 os level = 33 time server = true hide files = /desktop.ini/ dns proxy = no # Security Settings security = user obey pam restrictions = yes encrypt passwords = yes password server = None restrict anonymous = 2 #============================ Share Definitions ============================== idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 template shell = /bin/false winbind use default domain = no [netlogon] path = /var/lib/samba/netlogon read only = yes browsable = no [profiles] path = /var/lib/samba/profiles read only = no create mask = 0600 directory mask = 0700 browseable = no [homes] comment = Home Directories browseable = no writeable = yes [repository] path = /repository guest ok = yes writeable = yes browseable = yes create mask = 0600 directory mask = 0700 # Restrict access to only users in the following group(s) #valid users = "@shortdomainname\group name" -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
