Gaiseric Vandal
2007-May-21 16:10 UTC
[Samba] RPC Error with PC Netlink - some additional info
Some additional info:
The solaris server is Solaris 10 (sparc.)
According to man smb.conf, "enable asu support = yes" creates an IPC
only "ADMIN$" share. Using the computer management tool from a
Windows machine I could verify this was the case. However, the
"ADMIN$" share on the PC Netlink server is actually a data share. I
did try "enable asu support = no" and creating an "ADMIN$"
data share
on the samba server. I am not sure this is relevant to my current
issue anyway.
If I snoop traffic between the PC Netlink and Samba servers, I see the
following:
____________________________________________________________________
samba_pdc -> pcnl_pdc NBT NS Query Request for *..............[1b], Success
pcnl_pdc -> samba_pdc NBT NS Query Response for
*..............[1b], Name Error
samba_pdc -> pcnl_pdc NBT NS Refresh Request for SAMBA_DOMAIN[1b], Success
samba_pdc -> pcnl_pdc NBT NS Refresh Request for SAMBA_DOMAIN[1c], Success
samba_pdc -> pcnl_pdc NBT NS Refresh Request for SAMBA_DOMAIN[1e], Success
samba_pdc -> pcnl_pdc NBT NS Refresh Request for SAMBA_DOMAIN[0], Success
samba_pdc -> pcnl_pdc NBT NS Refresh Request for SAMBA_PDC[0], Success
samba_pdc -> pcnl_pdc NBT NS Refresh Request for SAMBA_PDC[3], Success
samba_pdc -> pcnl_pdc NBT NS Refresh Request for SAMBA_PDC[20], Success
pcnl_pdc -> samba_pdc NBT NS Registration Response for
SAMBA_DOMAIN[1b], Success
pcnl_pdc -> samba_pdc NBT NS Registration Response for
SAMBA_DOMAIN[1e], Success
pcnl_pdc -> samba_pdc NBT NS Registration Response for
SAMBA_DOMAIN[0], Success
pcnl_pdc -> samba_pdc NBT NS Registration Response for
SAMBA_PDC[0], Success
pcnl_pdc -> samba_pdc NBT NS Registration Response for
SAMBA_PDC[3], Success
pcnl_pdc -> samba_pdc NBT NS Registration Response for
SAMBA_PDC[20], Success
pcnl_pdc -> samba_pdc NBT NS Registration Response for
SAMBA_DOMAIN[1c], Success
____________________________________________________________________
It does suggest that the I am not at least dealing with a name
resolution issue, despite the PCNL server reporting "no domain
controller is available for the SAMBA domain."
I tried Samba 3.0.25 - that seemed to just cause problems additional,
unreleasted issues. I also tried Samba 3.0.22- however it could not
read the previously created passwd.tbd file.
---------- Forwarded message ----------
From: Gaiseric Vandal <gaiseric.vandal@gmail.com>
Date: May 16, 2007 5:01 PM
Subject: RPC Error with PC Netlink
To: samba@lists.samba.org
I have setup a Samba 3.024 server on Solaris. I have successfully
enabled two-way trusts between my samba domain and my legacy PC
Netlink domain. (PC Netlink is the solaris port of NT4 aka Advanced
Server for Unix.) My Samba domain includes 2 Windows 2003 Servers
(One is Windows 2003 SP1, the other is Windows 2003 R2 SP2.) The
PCNL server supports Windows 2000 Servers and XP Pro clients. Last
week, at least with the first server (Windows 2003 SP1) , it seemed
everything was working. Users in one domain could log into servers in
the other domain. I
Not sure what has changed- maybe a windows update, maybe rebooting
the Solaris server, maybe changing something in smb.conf and
forgetting to record it. The trusts still seem valid (in fact I
recreated them.)
If I try to add users from the PCNL domain to the local users on a
Windows 2003 Server in the samba domain, I am prompted for a password
in the legacy domain (which I don't think I should be) then I get the
following error:
_________________________________________________________________________
Select Users, Computers, or Groups :
the following error occured while using the user name and password you
entered. The remote procedure call failed and did not execute.
_________________________________________________________________________
The event log on the PCNL server shows:
_________________________________________________________________________
No domain controller is available for domain E2K for the following reason:
There are currently no logon servers available to service the logon request.
_________________________________________________________________________
The log file on the samba server shows:
_________________________________________________________________________
# tail log.wb-PCNL_DOMAIN
[2007/05/16 13:24:32, 1]
rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(625)
cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_UNK_IF
received from remote machine PCNL_PDC pipe \lsarpc fnum 0x2!
[2007/05/16 13:24:32, 1]
rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(601)
cli_pipe_validate_current_pdu: Bind NACK received from remote
machine PCNL_PDC pipe \samr fnum 0x4!
[2007/05/16 13:24:32, 0]
rpc_client/cli_pipe.c:cli_rpc_pipe_open_schannel_with_key(2524)
cli_rpc_pipe_open_schannel_with_key: cli_rpc_pipe_bind failed with
error NT_STATUS_NETWORK_ACCESS_DENIED
[2007/05/16 13:24:32, 1]
rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(601)
cli_pipe_validate_current_pdu: Bind NACK received from remote
machine PCNL_PDC pipe \lsarpc fnum 0x6!
[2007/05/16 13:24:32, 0]
rpc_client/cli_pipe.c:cli_rpc_pipe_open_schannel_with_key(2524)
cli_rpc_pipe_open_schannel_with_key: cli_rpc_pipe_bind failed with
error NT_STATUS_NETWORK_ACCESS_DENIED
_________________________________________________________________________
I have tried the following options in my smb.conf file, in various combinations.
enable asu support = yes
netbios name = THEMACHINENAME
smb ports = 139
client schannel = no
Winbind is configured
idmap uid = 10000 - 20000
idmap gid = 10000 - 20000
winbind enum users = yes
winbind enum groups = ye
I also have the following set
smb ports = 139
This reduced a lot of errors about "transport endpoint is not
connected." As far as I can tell, PCNL only used NBT (netbios over
tcp/ip) and netbios-free CIFS-over-tcp/ip.
The samba machines and all windows machines are configured to use the
PCNL servers for WINS servers. The wins server have dymanic entries
for the Samba domain and PDC. I have also forced a replication
between the WINS servers to make sure they are consistent.
Any advice?
Thanks
Gaiseric Vandal
2007-May-25 16:15 UTC
[Samba] RPC Error with PC Netlink - some additional info
Some additional info:
The solaris server is Solaris 10 (sparc.)
According to man smb.conf, "enable asu support = yes" creates an IPC
only "ADMIN$" share. Using the computer management tool from a
Windows machine I could verify this was the case. However, the
"ADMIN$" share on the PC Netlink server is actually a data share. I
did try "enable asu support = no" and creating an "ADMIN$"
data share
on the samba server. I am not sure this is relevant to my current
issue anyway.
If I snoop traffic between the PC Netlink and Samba servers, I see the
following:
____________________________________________________________________
samba_pdc -> pcnl_pdc NBT NS Query Request for *..............[1b], Success
pcnl_pdc -> samba_pdc NBT NS Query Response for
*..............[1b], Name Error
samba_pdc -> pcnl_pdc NBT NS Refresh Request for SAMBA_DOMAIN[1b], Success
samba_pdc -> pcnl_pdc NBT NS Refresh Request for SAMBA_DOMAIN[1c], Success
samba_pdc -> pcnl_pdc NBT NS Refresh Request for SAMBA_DOMAIN[1e], Success
samba_pdc -> pcnl_pdc NBT NS Refresh Request for SAMBA_DOMAIN[0], Success
samba_pdc -> pcnl_pdc NBT NS Refresh Request for SAMBA_PDC[0], Success
samba_pdc -> pcnl_pdc NBT NS Refresh Request for SAMBA_PDC[3], Success
samba_pdc -> pcnl_pdc NBT NS Refresh Request for SAMBA_PDC[20], Success
pcnl_pdc -> samba_pdc NBT NS Registration Response for
SAMBA_DOMAIN[1b], Success
pcnl_pdc -> samba_pdc NBT NS Registration Response for
SAMBA_DOMAIN[1e], Success
pcnl_pdc -> samba_pdc NBT NS Registration Response for
SAMBA_DOMAIN[0], Success
pcnl_pdc -> samba_pdc NBT NS Registration Response for
SAMBA_PDC[0], Success
pcnl_pdc -> samba_pdc NBT NS Registration Response for
SAMBA_PDC[3], Success
pcnl_pdc -> samba_pdc NBT NS Registration Response for
SAMBA_PDC[20], Success
pcnl_pdc -> samba_pdc NBT NS Registration Response for
SAMBA_DOMAIN[1c], Success
____________________________________________________________________
It does suggest that the I am not at least dealing with a name
resolution issue, despite the PCNL server reporting "no domain
controller is available for the SAMBA domain."
I tried Samba 3.0.25 - that seemed to just cause problems additional,
unreleasted issues. I also tried Samba 3.0.22- however it could not
read the previously created passwd.tbd file.
---------- Forwarded message ----------
From: Gaiseric Vandal <gaiseric.vandal@gmail.com>
Date: May 16, 2007 5:01 PM
Subject: RPC Error with PC Netlink
To: samba@lists.samba.org
I have setup a Samba 3.024 server on Solaris. I have successfully
enabled two-way trusts between my samba domain and my legacy PC
Netlink domain. (PC Netlink is the solaris port of NT4 aka Advanced
Server for Unix.) My Samba domain includes 2 Windows 2003 Servers
(One is Windows 2003 SP1, the other is Windows 2003 R2 SP2.) The
PCNL server supports Windows 2000 Servers and XP Pro clients. Last
week, at least with the first server (Windows 2003 SP1) , it seemed
everything was working. Users in one domain could log into servers in
the other domain. I
Not sure what has changed- maybe a windows update, maybe rebooting
the Solaris server, maybe changing something in smb.conf and
forgetting to record it. The trusts still seem valid (in fact I
recreated them.)
If I try to add users from the PCNL domain to the local users on a
Windows 2003 Server in the samba domain, I am prompted for a password
in the legacy domain (which I don't think I should be) then I get the
following error:
_________________________________________________________________________
Select Users, Computers, or Groups :
the following error occured while using the user name and password you
entered. The remote procedure call failed and did not execute.
_________________________________________________________________________
The event log on the PCNL server shows:
_________________________________________________________________________
No domain controller is available for domain E2K for the following reason:
There are currently no logon servers available to service the logon request.
_________________________________________________________________________
The log file on the samba server shows:
_________________________________________________________________________
# tail log.wb-PCNL_DOMAIN
[2007/05/16 13:24:32, 1]
rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(625)
cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_UNK_IF
received from remote machine PCNL_PDC pipe \lsarpc fnum 0x2!
[2007/05/16 13:24:32, 1]
rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(601)
cli_pipe_validate_current_pdu: Bind NACK received from remote
machine PCNL_PDC pipe \samr fnum 0x4!
[2007/05/16 13:24:32, 0]
rpc_client/cli_pipe.c:cli_rpc_pipe_open_schannel_with_key(2524)
cli_rpc_pipe_open_schannel_with_key: cli_rpc_pipe_bind failed with
error NT_STATUS_NETWORK_ACCESS_DENIED
[2007/05/16 13:24:32, 1]
rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(601)
cli_pipe_validate_current_pdu: Bind NACK received from remote
machine PCNL_PDC pipe \lsarpc fnum 0x6!
[2007/05/16 13:24:32, 0]
rpc_client/cli_pipe.c:cli_rpc_pipe_open_schannel_with_key(2524)
cli_rpc_pipe_open_schannel_with_key: cli_rpc_pipe_bind failed with
error NT_STATUS_NETWORK_ACCESS_DENIED
_________________________________________________________________________
I have tried the following options in my smb.conf file, in various combinations.
enable asu support = yes
netbios name = THEMACHINENAME
smb ports = 139
client schannel = no
Winbind is configured
idmap uid = 10000 - 20000
idmap gid = 10000 - 20000
winbind enum users = yes
winbind enum groups = ye
I also have the following set
smb ports = 139
This reduced a lot of errors about "transport endpoint is not
connected." As far as I can tell, PCNL only used NBT (netbios over
tcp/ip) and netbios-free CIFS-over-tcp/ip.
The samba machines and all windows machines are configured to use the
PCNL servers for WINS servers. The wins server have dymanic entries
for the Samba domain and PDC. I have also forced a replication
between the WINS servers to make sure they are consistent.
Any advice?
Thanks