Hi guys i asked about this a couple days ago but i'm guessing everyone
glanced over it.
So here's my problem.
I have a SambaPDC with LDAP
With WinXP i can join/login the domain fine.
With WinVista i can join the domain but can't login to it after i join
to the domain. It gives me an RPC failure. I noticed that it doesn't
seem to even find the PDC.
I don't even get any transaction in my Samba log after i've ramped up
the log level.
I also do a tcpdump and the first time i try to login i'll get some type
of transaction but if i try again it won't even attempt to send packets
to my PDC
I've already changed the ntlmv2 parameter in the vista machine.
Thanks in Advance
-James
Here's my Samba smb.conf:
[global]
workgroup = PDC-TEST
netbios name = vm00
server string = Samba %v
##### Domain Directives #####
os level = 65
preferred master = yes
domain master = yes
domain logons = yes
local master = yes
logon drive = Z:
#logon home = \\%L\%U
#logon path = \\%L\profiles\%U
name resolve order = wins lmhosts host bcast
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
wins support = yes
#interfaces = eth1
##### Generic Directives #####
hide dot files = yes
security = user
max log size = 1000
log level = 256
syslog = 1
username map = /etc/samba/smbusers
# Windows Vista Stuff
client lanman auth = no
client ntlmv2 auth = yes
#passdb backend = tdbsam
##### LDAP Directives #####
passdb backend = ldapsam:"ldap://ldap-master-test.example.com"
ldap suffix = dc=example,dc=com
ldap admin dn = cn=admin,dc=example,dc=com
ldap user suffix = ou=People
ldap group suffix = ou=Group
ldap machine suffix = ou=Hosts
ldap idmap suffix = ou=Idmap
idmap uid = 10000-20000
idmap gid = 10000-20000
add user script = /usr/sbin/smbldap-useradd -a -m "%u"
add machine script = /usr/sbin/smbldap-useradd -a -w "%u"
add group script = /usr/sbin/smbldap-groupadd -a -p "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u"
"%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u"
"%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g"
"%u"
passwd program = /usr/sbin/smbldap-passwd -u %u
passwd chat = "Changing password for*\nNew password*" %n\n
"*Retype new
password*" %n\n"
###### Comment Out to Disable PASSWD Sync #####
ldap passwd sync = yes
encrypt passwords = true
[homes]
comment = Home Directories
browseable = no
writable = yes
create mask = 0700
directory mask = 0700
# valid users = %S
[netlogon]
path = /home/samba/netlogon
guest ok = yes
browseable = No
[profiles]
path = /home/samba/profiles/
read only = no
create mask = 0600
directory mask = 0700
browseable = No
guest ok = Yes
profile acls = yes
csc policy = disable
# next line is a great way to secure the profiles
#force user = %U
# next line allows administrator to access all profiles
#valid users = %U @"Domain Admins"
On 9/20/07, James <james@nttmcl.com> wrote:> Hi guys i asked about this a couple days ago but i'm guessing everyone > glanced over it. > > So here's my problem. > I have a SambaPDC with LDAP > With WinXP i can join/login the domain fine. > With WinVista i can join the domain but can't login to it after i join > to the domain. It gives me an RPC failure. I noticed that it doesn't > seem to even find the PDC. > I don't even get any transaction in my Samba log after i've ramped up > the log level. > I also do a tcpdump and the first time i try to login i'll get some type > of transaction but if i try again it won't even attempt to send packets > to my PDC > > I've already changed the ntlmv2 parameter in the vista machine. > > Thanks in Advance > -JamesJames, List, I don't know a thing about Vista, but I'll do a wild guess: MS finally dropped Wins in Vista and requires DNS to figure out where the domain controller is? Maybe you could try adding an SRV record to your DNS server (which you probably have) and see if the error messages change. On our lan 95% of the "I can't find my PDC" errors are due to DNS problems. -- Frank Van Damme A: Because it destroys the flow of the conversation Q: Why is it bad? A: No, it's bad. Q: Should I top post in replies to mails or on usenet?