I have a working Samba PDC, I can log in and out from a windows xp
workstation. I recently upgraded to 3.0.25b-33 and now, when I add a new
user, I get:
The system cannot log you on due to the following error:
A device attached to the system is not fuctioning
Please try again or consult your system administrator
I have network connectivity. I was able to join this machine to the
domain through windows xp. I can log on to the domain from this machine
with an existing user. All file and directory permissions are correct:
If I run the smbclient command I get:
session setup failed: NT_STATUS_NO_LOGON_SERVERS
Samba is indeed running. If I run smbclient with an existing user I get:
Domain=[GLASTENDERNET] OS=[Unix] Server=[Samba 3.0.25b-SerNet-RedHat]
Sharename Type Comment
--------- ---- -------
IPC$ IPC IPC Service (Glastender File Server)
supervisors Disk Supervisors
shadowrods Disk Shadowrods
sales Disk Sales
safety Disk Safety
quality Disk Quality
purchasing Disk Purchasing
production Disk Production
marketing Disk Marketing
managers Disk Managers
it Disk Infomation Systems
human_resources Disk Human Resources
engineering Disk Engineering
accounting Disk Accounting
shared Disk Public Share
Domain=[GLASTENDERNET] OS=[Unix] Server=[Samba 3.0.25b-SerNet-RedHat]
Server Comment
--------- -------
ASTER Glastender Domain Controller running
3.0.25b-Ser
HENBANE Glastender File Server
Workgroup Master
--------- -------
GLASTENDERNET ASTER
I found this entry in the domain controllers samba log:
[2007/07/16 13:55:13, 5]
rpc_server/srv_netlog_nt.c:_net_sam_logon_internal(934)
_net_sam_logon: check_password returned status NT_STATUS_OK
[2007/07/16 13:55:13, 1]
rpc_server/srv_netlog_nt.c:_net_sam_logon_internal(1004)
_net_sam_logon: user GLASTENDERNET\jrolfe has user sid
S-1-5-21-3568796296-2565465778-716510536-3404
but group sid S-1-5-21-1194936901-2368177035-684874509-513.
The conflicting domain portions are not supported for NETLOGON calls
<----------------------CUT---------------------->
[2007/07/16 13:55:13, 5] rpc_parse/parse_prs.c:prs_ntstatus(769)
001c status : NT_STATUS_UNSUCCESSFUL
[2007/07/16 13:55:13, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305)
api_rpcTNP: called NETLOGON successfully
My smb.conf file:
[global]
unix charset = LOCALE
workgroup = glastendernet
netbios name = aster
server string = Glastender Domain Controller running %v
interfaces = eth1, lo
bind interfaces only = yes
os level = 255
preferred master = yes
local master = yes
domain master = yes
security = user
time server = yes
username map = /etc/samba/smbusers
wins support = yes
encrypt passwords = yes
pam password change = yes
name resolve order = wins bcast hosts
winbind nested groups = no
passdb backend = ldapsam:ldap://aster.glastender.com
ldap passwd sync = Yes
ldap suffix = dc=glastender,dc=com
ldap admin dn = cn=Manager,dc=glastender,dc=com
ldap ssl = no
ldap group suffix = ou=Groups
ldap user suffix = ou=People
ldap machine suffix = ou=People
ldap idmap suffix = ou=Idmap
idmap backend = ldap:ldap://aster.glastender.com
idmap uid = 10000-20000
idmap gid = 10000-20000
map acl inherit = yes
add user script = /etc/smbldap-tools/smbldap-useradd -m "%u"
#delete user script = /etc/smbldap-tools/smbldap-userdel "%u"
add machine script = /etc/smbldap-tools/smbldap-useradd -w "%u"
add group script = /etc/smbldap-tools/smbldap-groupadd -p "%g"
#delete group script = /etc/smbldap-tools/smbldap-groupdel "%g"
add user to group script = /etc/smbldap-tools/smbldap-groupmod -m
"%u" "%g"
delete user from group script = /etc/smbldap-tools/smbldap-groupmod
-x "%u" "%g"
set primary group script = /etc/smbldap-tools/smbldap-usermod -g
"%g" "%u"
domain logons = yes
log file = /var/log/samba/log.%m
log level = 5
syslog = 0
max log size = 50
#smb ports = 139 445
smb ports = 139
hosts allow = 127.0.0.1 172.16.0.0/255.255.0.0
# User profiles and home directories
logon drive = U:
logon path = \\%L\profiles\%U
logon script = %U.bat
large readwrite = no
read raw = no
write raw = no
printcap name = /etc/printcap
load printers = no
printing template shell = /bin/false
winbind use default domain = no
#=========Shares======[homes]
comment = Home Directories
browseable = no
read only = no
write list = %U
create mask = 0600
directory mask = 0700
force user = %U
[profiles]
comment = Profile Share
path = /var/lib/samba/profiles
writeable = yes
browseable = no
profile acls = yes
[netlogon]
path = /var/lib/samba/netlogon
guest ok = yes
locking = no
LDAP is also working fine. I'm at a loss to figure this out.
--
*Jason Baker
*/IT Coordinator/
*Glastender Inc.*
5400 North Michigan Road
Saginaw, Michigan 48604 USA
800.748.0423
Phone: 989.752.4275 ext. 228
Fax: 989.752.4444
www.glastender.com <http://www.glastender.com>
-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GIT$ d- s: a C++$ LU+++$ P+ L++>L++++ !E--- W+++ N o? K?
w !O M !V PS PE++ Y? PGP- t 5? X+ R+ tv+ b- DI-- D++ G e+ h---
r+++ y+++
------END GEEK CODE BLOCK------
On 7/16/07, Jason Baker <jbaker@glastender.com> wrote:> I have a working Samba PDC, I can log in and out from a windows xp > workstation. I recently upgraded to 3.0.25b-33 and now, when I add a new > user, I get: > > The system cannot log you on due to the following error: > A device attached to the system is not fuctioning > Please try again or consult your system administrator > > I have network connectivity. I was able to join this machine to the > domain through windows xp. I can log on to the domain from this machine > with an existing user. All file and directory permissions are correct: > > If I run the smbclient command I get: > > session setup failed: NT_STATUS_NO_LOGON_SERVERS >I believe that means that samba could not find the PDC via name resolution.> > Samba is indeed running. If I run smbclient with an existing user I get: > I found this entry in the domain controllers samba log: > > [2007/07/16 13:55:13, 5] > rpc_server/srv_netlog_nt.c:_net_sam_logon_internal(934) > _net_sam_logon: check_password returned status NT_STATUS_OK > [2007/07/16 13:55:13, 1] > rpc_server/srv_netlog_nt.c:_net_sam_logon_internal(1004) > _net_sam_logon: user GLASTENDERNET\jrolfe has user sid > S-1-5-21-3568796296-2565465778-716510536-3404 > but group sid S-1-5-21-1194936901-2368177035-684874509-513. > The conflicting domain portions are not supported for NETLOGON calls > <----------------------CUT---------------------->This is saying that your user and group have confilcting sids because they should share the same base sid as everything else on the domain. To fix this you need to go through your ldap database and make sure that all sids have the same base. John
On 7/16/07, Jason Baker <jbaker@glastender.com> wrote:> > I believe that means that samba could not find the PDC via name > resolution. > > I have a DNS and DHCP server running and I can ping the PDC by name from > the client machine. > >Its not about pinging the PDC by name it is about searching the DNS server or WINS server to find the name of the domain controller. Then when the name is found then looking up what its ipaddress. John
> I believe that means that samba could not find the PDC via name > resolution.I have a DNS and DHCP server running and I can ping the PDC by name from the client machine. *Jason Baker */IT Coordinator/ *Glastender Inc.* 5400 North Michigan Road Saginaw, Michigan 48604 USA 800.748.0423 Phone: 989.752.4275 ext. 228 Fax: 989.752.4444 www.glastender.com <http://www.glastender.com> -----BEGIN GEEK CODE BLOCK----- Version: 3.1 GIT$ d- s: a C++$ LU+++$ P+ L++>L++++ !E--- W+++ N o? K? w !O M !V PS PE++ Y? PGP- t 5? X+ R+ tv+ b- DI-- D++ G e+ h--- r+++ y+++ ------END GEEK CODE BLOCK------ John Drescher wrote:> On 7/16/07, Jason Baker <jbaker@glastender.com> wrote: >> I have a working Samba PDC, I can log in and out from a windows xp >> workstation. I recently upgraded to 3.0.25b-33 and now, when I add a new >> user, I get: >> >> The system cannot log you on due to the following error: >> A device attached to the system is not fuctioning >> Please try again or consult your system administrator >> >> I have network connectivity. I was able to join this machine to the >> domain through windows xp. I can log on to the domain from this machine >> with an existing user. All file and directory permissions are correct: >> >> If I run the smbclient command I get: >> >> session setup failed: NT_STATUS_NO_LOGON_SERVERS >> > I believe that means that samba could not find the PDC via name > resolution. > >> >> Samba is indeed running. If I run smbclient with an existing user I get: >> I found this entry in the domain controllers samba log: >> >> [2007/07/16 13:55:13, 5] >> rpc_server/srv_netlog_nt.c:_net_sam_logon_internal(934) >> _net_sam_logon: check_password returned status NT_STATUS_OK >> [2007/07/16 13:55:13, 1] >> rpc_server/srv_netlog_nt.c:_net_sam_logon_internal(1004) >> _net_sam_logon: user GLASTENDERNET\jrolfe has user sid >> S-1-5-21-3568796296-2565465778-716510536-3404 >> but group sid S-1-5-21-1194936901-2368177035-684874509-513. >> The conflicting domain portions are not supported for NETLOGON >> calls >> <----------------------CUT----------------------> > > This is saying that your user and group have confilcting sids because > they should share the same base sid as everything else on the domain. > To fix this you need to go through your ldap database and make sure > that all sids have the same base. > > John