samba - May 2003 - Continued: Join domain OK, but domain not found after reboot

Hi, all:

	To recap:

	I can successfully get my WinXP box to join the domain (WHITEROCK), but
after rebooting, when I try to log on:

"The system cannot log you on now because the domain WHITEROCK is not
available."

	I get this even when using the user 'root' - and this user was the one
to successfully join the domain WHITEROCK!!

	To rule out any stale junk, my WinXP is a *totally fresh* installation,
with only the sign-or-seal DWORD set to 0.

===== log.nmbd snippet ====[2003/05/21 22:46:17, 3]
nmbd/nmbd_namelistdb.c:add_name_to_subnet(243)
  add_name_to_subnet: Added netbios name WHITEROCK<1b> with first IP
192.168.0.192 ttl=0 nb_flags=60 to subnet 192.168.0.192
[2003/05/21 22:46:17, 4]
nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(156)
  find_workgroup_on_subnet: workgroup search for WHITEROCK on subnet
192.168.0.192: found.
[2003/05/21 22:46:17, 0]
nmbd/nmbd_become_dmb.c:become_domain_master_stage2(110)
  *****
   
  Samba server TRAINWRECK is now a domain master browser for workgroup
WHITEROCK on subnet 192.168.0.192


	<<then,later, during a failed logon>>:

  process_logon_packet: SAMLOGON request from FIREBALL(192.168.0.22) for
, returning logon svr \\TRAINWRECK domain WHITEROCK code 13 token=ffff
[2003/05/21 22:49:22, 4] lib/util.c:dump_data(1886)
===== End log.nmbd snippet ====

===== log.192.168.0.22 (my fireball WinXP client) snippet ====[2003/05/21
22:49:11, 3] smbd/oplock.c:init_oplocks(1214)
  open_oplock_ipc: opening loopback UDP socket.
[2003/05/21 22:49:11, 3] smbd/oplock.c:init_oplocks(1245)
  open_oplock ipc: pid = 6195, global_oplock_port = 32818
[2003/05/21 22:49:11, 4] lib/time.c:get_serverzone(122)
  Serverzone is 25200
[2003/05/21 22:49:11, 3] lib/access.c:check_access(314)
  check_access: no hostnames in host allow/deny list.
[2003/05/21 22:49:11, 2] lib/access.c:check_access(325)
  Allowed connection from  (192.168.0.22)
[2003/05/21 22:49:11, 3] smbd/process.c:process_smb(882)
  Transaction 0 of length 72
[2003/05/21 22:49:11, 2] smbd/reply.c:reply_special(80)
  netbios connect: name1=TRAINWRECK       name2=FIREBALL
[2003/05/21 22:49:11, 2] smbd/reply.c:reply_special(94)
  netbios connect: local=trainwreck remote=fireball
===== end log.192.168.0.22 snippet ====

	The only thing I can see that arouses curiousity is this bit:

===== log.smbd snippet ====[2003/05/21 22:49:11, 1]
sam/idmap_tdb.c:db_idmap_init(319)
  idmap uid range missing or invalid
  idmap will be unable to map foreign SIDs
[2003/05/21 22:49:11, 1] sam/idmap_tdb.c:db_idmap_init(331)
  idmap gid range missing or invalid
  idmap will be unable to map foreign SIDs
[2003/05/21 22:49:11, 2] passdb/pdb_ldap.c:ldapsam_open_connection(521)
  ldapsam_open_connection: connection opened
[2003/05/21 22:49:11, 3] passdb/pdb_ldap.c:ldapsam_connect_system(683)
  ldap_connect_system: succesful connection to the LDAP server
[2003/05/21 22:49:11, 4] passdb/pdb_ldap.c:ldapsam_open(734)
  The LDAP server is succesful connected
[2003/05/21 22:49:11, 2] passdb/pdb_ldap.c:ldapsam_setsamgrent(3522)
  ldapsam_setsampwent: 0 entries in the base!
===== end log.smbd snippet ====

	To verify that LDAP is working OK, I certainly can SSH (or console) log
in.  So I *know* that I'm using valid user/password pairs.

	The final strangeness that I note, but have no clue how to deal with
it:

	from /etc/samba/smb.conf I have these lines:

   encrypt passwords = yes
   smb passwd file = /etc/samba/smbpasswd

	What role does the smb passwd file play when using LDAP?  Because...***
I have no /etc/samba/smbpasswd file ***.  I received no error message
when using 'smbpasswd -a -m fireball' or 'smbpasswd -w
secret'...

	I'm confused.  I'm going bald from hair-pulling!

	Any and all help would be greatly appreciated.

	-Gord

-- 
Gordon Pritchard, P.Eng.         | Institute of Electrical and
Research Labs Manager            |      Electronics Engineers
Simon Fraser University, Surrey  | Quarter Century Wireless Ass'n
gordonp@sfu.ca                   | Telephone Pioneers of America
phone:  604.268.7509             | Amateur Radio:  VA7SFU, VA7GP

Hello,

following changes to registry should help:

in 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters]
?requiresignorseal?=dword:00000000
?signsecurechannel?=dword:00000000

Further information in "The unofficial samba HOWTO" by David Lenchnyr
e.g.
on http://hr.uoregon.edu/davidrl/samba.html



On 21 May 2003 23:07:10 -0700, Gordon Pritchard <gordonp@sfu.ca> wrote:
> Hi, all:
>
> 	To recap:
>
> 	I can successfully get my WinXP box to join the domain (WHITEROCK), but
> after rebooting, when I try to log on:
>
> "The system cannot log you on now because the domain WHITEROCK is not
> available."
>
> 	I get this even when using the user 'root' - and this user was the
one
> to successfully join the domain WHITEROCK!!
>
> 	To rule out any stale junk, my WinXP is a *totally fresh* installation,
> with only the sign-or-seal DWORD set to 0.
>
> ===== log.nmbd snippet ====> [2003/05/21 22:46:17, 3]
nmbd/nmbd_namelistdb.c:add_name_to_subnet(243)
> add_name_to_subnet: Added netbios name WHITEROCK<1b> with first IP
> 192.168.0.192 ttl=0 nb_flags=60 to subnet 192.168.0.192
> [2003/05/21 22:46:17, 4]
> nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(156)
> find_workgroup_on_subnet: workgroup search for WHITEROCK on subnet
> 192.168.0.192: found.
> [2003/05/21 22:46:17, 0]
> nmbd/nmbd_become_dmb.c:become_domain_master_stage2(110)
> *****
> Samba server TRAINWRECK is now a domain master browser for workgroup
> WHITEROCK on subnet 192.168.0.192
>
>
> 	<<then,later, during a failed logon>>:
>
> process_logon_packet: SAMLOGON request from FIREBALL(192.168.0.22) for
> , returning logon svr \\TRAINWRECK domain WHITEROCK code 13 token=ffff
> [2003/05/21 22:49:22, 4] lib/util.c:dump_data(1886)
> ===== End log.nmbd snippet ====>
>
> ===== log.192.168.0.22 (my fireball WinXP client) snippet ====>
[2003/05/21 22:49:11, 3] smbd/oplock.c:init_oplocks(1214)
> open_oplock_ipc: opening loopback UDP socket.
> [2003/05/21 22:49:11, 3] smbd/oplock.c:init_oplocks(1245)
> open_oplock ipc: pid = 6195, global_oplock_port = 32818
> [2003/05/21 22:49:11, 4] lib/time.c:get_serverzone(122)
> Serverzone is 25200
> [2003/05/21 22:49:11, 3] lib/access.c:check_access(314)
> check_access: no hostnames in host allow/deny list.
> [2003/05/21 22:49:11, 2] lib/access.c:check_access(325)
> Allowed connection from  (192.168.0.22)
> [2003/05/21 22:49:11, 3] smbd/process.c:process_smb(882)
> Transaction 0 of length 72
> [2003/05/21 22:49:11, 2] smbd/reply.c:reply_special(80)
> netbios connect: name1=TRAINWRECK       name2=FIREBALL
> [2003/05/21 22:49:11, 2] smbd/reply.c:reply_special(94)
> netbios connect: local=trainwreck remote=fireball
> ===== end log.192.168.0.22 snippet ====>
>
> 	The only thing I can see that arouses curiousity is this bit:
>
> ===== log.smbd snippet ====> [2003/05/21 22:49:11, 1]
sam/idmap_tdb.c:db_idmap_init(319)
> idmap uid range missing or invalid
> idmap will be unable to map foreign SIDs
> [2003/05/21 22:49:11, 1] sam/idmap_tdb.c:db_idmap_init(331)
> idmap gid range missing or invalid
> idmap will be unable to map foreign SIDs
> [2003/05/21 22:49:11, 2] passdb/pdb_ldap.c:ldapsam_open_connection(521)
> ldapsam_open_connection: connection opened
> [2003/05/21 22:49:11, 3] passdb/pdb_ldap.c:ldapsam_connect_system(683)
> ldap_connect_system: succesful connection to the LDAP server
> [2003/05/21 22:49:11, 4] passdb/pdb_ldap.c:ldapsam_open(734)
> The LDAP server is succesful connected
> [2003/05/21 22:49:11, 2] passdb/pdb_ldap.c:ldapsam_setsamgrent(3522)
> ldapsam_setsampwent: 0 entries in the base!
> ===== end log.smbd snippet ====>
>
> 	To verify that LDAP is working OK, I certainly can SSH (or console) log
> in.  So I *know* that I'm using valid user/password pairs.
>
> 	The final strangeness that I note, but have no clue how to deal with
> it:
>
> 	from /etc/samba/smb.conf I have these lines:
>
> encrypt passwords = yes
> smb passwd file = /etc/samba/smbpasswd
>
> 	What role does the smb passwd file play when using LDAP?  Because...***
> I have no /etc/samba/smbpasswd file ***.  I received no error message
> when using 'smbpasswd -a -m fireball' or 'smbpasswd -w
secret'...
>
> 	I'm confused.  I'm going bald from hair-pulling!
>
> 	Any and all help would be greatly appreciated.
>
> 	-Gord
>


-- 
Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2/