samba - Apr 2006 - Problem with Samba PDC, W2k SP4 + rollup clients, user accounts

Hi!

I've one big problem.

In my work we have a mixed network: one Debian Sarge with samba 3.0.14
acting as PDC and some w2k sp4 and windows xp sp2 pro/home with all
updates (including w2k sp4 update rollup) . Samba uses OpenLDAP as backend
using smbldap-tools 0.9.1 to manage users and computers. This setup has
worked perfectly since december (the LDAP is used by other services as
Apache, subversion, ftp and so on)

We have the need to create new user accounts now, so this week I created
them with smbldap-useradd but the windows clients refuse to login with any
of this _new_ accounts telling me that the domain doesn't exist.

In the console of the PDC -the debian machine, named kasparov- I can login
succesfully with the new samba created accounts.
The most strange thing is that "old" users can login in the domain
without
problems. Everything is ok with the "old" accounts: shares,
permissions,
personal folders. Only new accounts cannot login.

To make one test, I removed my computer (w2k) from the domain, and now I
can't re-join it: an error messagebox shows the famous DNS error with
references to http://go.microsoft.com/?LinkID=5171.

If I login "locally" in my machine and mount some share with any of
the
new accounts... works well with any account, old or new (net use y:
\\kasparov\shared /user:<user>).

But there's more... in the office we have one machine with w2k, plain sp4
*without* further updates. From this machine all accounts work perfectly.
Problem arises only with machines fully updated.

I suspect the error is produced by some microsoft update, but I'm not sure.

?How can I fix this problem? ?Has anyone experienced something like this?
?any suggestion?
-- 
Asier.

Asier dijo:
> To make one test, I removed my computer (w2k) from the domain, and now I
> can't re-join it: an error messagebox shows the famous DNS error with
> references to http://go.microsoft.com/?LinkID=5171.
[ ... ]
> I suspect the error is produced by some microsoft update, but I'm not
> sure.
I respond to myself... a freshly installed XP SP2 Machine cannot join the
domain (ELPABI) tellin me there?s an DNS error while trying to get
resources registry (or something like that, it's in spanish)

I post the text partially here:

| El error fue: "El nombre DNS no existe."
| (c?digo de error 0x0000232B RCODE_NAME_ERROR)
| La solicitud era para el registro SRV para _ldap._tcp.dc._msdcs.ELPABI

(DNS name not exist, error code 0x00...)

| Las siguientes son causas comunes de este error:
| -El registro SRV de DNS no est? registrado en el DNS.

(common causes for this error, DNS register of SRV not registered in DNS)

Now my suspects are going towards DNS resolution. In our LAN we have
dnsmasq installed in the samba server acting as DHCP server and DNS cache.
Could this be the problem? I cannot ping from client boxes to the PDC with
netbios names, but vice-versa works:

(PDC -> client)
| root@kasparov ~ # ping desarrollo2
| PING desarrollo2 (192.168.1.3) 56(84) bytes of data.
| 64 bytes from Desarrollo2 (192.168.1.3): icmp_seq=1 ttl=128 time=0.194 ms

(client -> PDC)
| C:\>ping kasparov
| La solicitud de ping no pudo encontrar el host kasparov. Compruebe el
| nombre y vuelva a intentarlo.

But if I use the IP works well. Other thing that annoy me is that
nmblookup doesn't recognize the PDC:

| root@kasparov ~ # nmblookup desarrollo2
| querying desarrollo2 on 192.168.1.255
| 192.168.1.3 desarrollo2<00>
| root@kasparov ~ # nmblookup kasparov
| querying kasparov on 192.168.1.255
| name_query failed to find name kasparov

?Could this be the problem?
-- 
Asier.
-- 
Asier.

hi  Asier,

try to see with wins resolution ...
do you have or had one WINS server ?

Xavier