samba - Dec 2003 - A domain controller for the domain could not by contacted (2.2.3a-12.3 for Debian)

Hello,

I'm having problems using Samba as an primary domain controller. I am 
using debian woody as our platform.

The version of samba is "2.2.3a-12.3 for Debian" and i followed the 
instructions which can be found on the following url: 
http://www-106.ibm.com/developerworks/eserver/tutorials/samba/. In short 
this covers:
    - creating the config file
    - creating the users / groups
    - creating directory structure
    - configuring the windows client
I attached my config file's /logging  from my debian woody system.

I did the following things on the windows client (Windows XP 
Professional 2002 Service Pack 1)
    - Open the Local Security Policy editor (Start -> All Programs -> 
Administrative Tools -> Local Security Policy).
    - Locate the entry "Domain member: Digitally encrypt or sign secure 
channel (always)". Disable it.
    - Locate the entry "Domain member: Disable machine account password 
changes". Make sure it's disabled as well.
    - Locate the entry "Domain member: Require strong (Windows 2000 or 
later) session key". Disable it.
    - Next, download the WinXP_SignOrSeal registry patch from 
www.samba.org <http://www.samba.org> or collect it from the Further 
resources: Downloads and developerWorks 
<http://www-106.ibm.com/developerworks/eserver/tutorials/samba/samba-6-2.html>
section at the end of this tutorial. Apply it by double-clicking and 
answering Yes to the dialog prompt.
    - Now join the domain the same as you would for Windows NT or 2000. 
Right-click My Computer, select Properties, Computer Name, and Change. 
Or click the Network ID button and run the Network Wizard.

I put some screenshots of windows on the following locations: 
http://www.nergens.org/samba/ComputerNameChanges.PNG and 
http://www.nergens.org/samba/ComputerProperties.PNG

( i searched on the mailarchive, but i couldnt find any pointers / im 
kinda new to smb so i dont know how to debug)

Could someone please help me here?

Eduard Witteveen

-------------- next part --------------
[global]
;basic server settings
workgroup = HAWAR3
netbios name = nemo
server string = Samba %h PDC running %v
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192

;PDC and master browser settings
os level = 64
preferred master = yes
local master = yes
domain master = yes

;security and logging settings
security = user
# encrypt passwords = yes
log file = /var/log/samba/log.%m
log level = 2
# max log size = 50
# hosts allow = 127.0.0.1 192.168.1.0/255.255.255.0

;user profiles and home directory
logon home = \\%L\%U\
logon drive = H:
logon path = \\%L\profiles\%U
logon script = netlogon.bat

;sync passwords
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*UNIX*password* %n\n *Retype*new*UNIX*password* %n\n 
*Enter*new*UNIX*password* %n\n *Retype*new*UNIX*password* %n\n *passwd: 
*all*authentication*tokens*updated*successfully*

; new machines
add user script = /usr/sbin/useradd -d /dev/null -g machines -s /bin/false -M %u


# ==== shares ===
[homes]
comment = Home Directories 
browseable = no
writeable = yes

[profiles]
path = /home/samba/profiles
writeable = yes
browseable = no
create mask = 0600
-------------- next part --------------
[2003/12/16 17:18:37, 0] smbd/server.c:main(698)
  smbd version 2.2.3a-12.3 for Debian started.
  Copyright Andrew Tridgell and the Samba Team 1992-2002
[2003/12/16 17:18:37, 1] lib/debug.c:debug_message(250)
  INFO: Debug class all level = 2   (pid 232 from pid 232)
[2003/12/16 17:18:37, 2] param/loadparm.c:do_section(2973)
  Processing section "[homes]"
[2003/12/16 17:18:37, 2] param/loadparm.c:do_section(2973)
  Processing section "[profiles]"
[2003/12/16 17:18:37, 2] param/loadparm.c:do_section(2973)
  Processing section "[netlogon]"
[2003/12/16 17:18:37, 2] lib/interface.c:add_interface(81)
  added interface ip=10.0.0.152 bcast=10.0.0.255 nmask=255.255.255.0
[2003/12/16 17:18:37, 2] smbd/server.c:open_sockets(198)
  waiting for a connection
nemo:/var/log/samba# cat log.nmbd 
[2003/12/16 17:18:37, 0] nmbd/nmbd.c:main(783)
  Netbios nameserver version 2.2.3a-12.3 for Debian started.
  Copyright Andrew Tridgell and the Samba Team 1994-2002
[2003/12/16 17:18:37, 1] lib/debug.c:debug_message(250)
  INFO: Debug class all level = 2   (pid 230 from pid 230)
[2003/12/16 17:18:37, 2] nmbd/nmbd.c:main(821)
  Becoming a daemon.
[2003/12/16 17:18:37, 2] lib/interface.c:add_interface(81)
  added interface ip=10.0.0.152 bcast=10.0.0.255 nmask=255.255.255.0
[2003/12/16 17:18:37, 2] nmbd/nmbd_subnetdb.c:make_subnet(193)
  making subnet name:10.0.0.152 Broadcast address:10.0.0.255 Subnet
mask:255.255.255.0
[2003/12/16 17:18:37, 2] nmbd/nmbd_subnetdb.c:make_subnet(193)
  making subnet name:UNICAST_SUBNET Broadcast address:0.0.0.0 Subnet
mask:0.0.0.0
[2003/12/16 17:18:37, 2] nmbd/nmbd_subnetdb.c:make_subnet(193)
  making subnet name:REMOTE_BROADCAST_SUBNET Broadcast address:0.0.0.0 Subnet
mask:0.0.0.0
[2003/12/16 17:18:37, 2] nmbd/nmbd_lmhosts.c:load_lmhosts_file(41)
  load_lmhosts_file: Can't open lmhosts file /etc/samba/lmhosts. Error was
No such file or directory
[2003/12/16 17:18:37, 0]
nmbd/nmbd_become_dmb.c:become_domain_master_browser_bcast(291)
  become_domain_master_browser_bcast:
  Attempting to become domain master browser on workgroup HAWAR3 on subnet
10.0.0.152
[2003/12/16 17:18:37, 0]
nmbd/nmbd_become_dmb.c:become_domain_master_browser_bcast(305)
  become_domain_master_browser_bcast: querying subnet 10.0.0.152 for domain
master browser on workgroup HAWAR3
[2003/12/16 17:18:41, 2] nmbd/nmbd_become_dmb.c:become_domain_master_stage1(179)
  become_domain_master_stage1: Becoming domain master browser for workgroup
HAWAR3 on subnet 10.0.0.152
[2003/12/16 17:18:41, 0] nmbd/nmbd_responserecordsdb.c:find_response_record(237)
  find_response_record: response packet id 12349 received with no matching
record.
[2003/12/16 17:18:41, 0] nmbd/nmbd_responserecordsdb.c:find_response_record(237)
  find_response_record: response packet id 12350 received with no matching
record.
[2003/12/16 17:18:43, 2] nmbd/nmbd_elections.c:send_election_dgram(43)
  send_election_dgram: Sending election packet for workgroup HAWAR3 on subnet
10.0.0.152
[2003/12/16 17:18:45, 2] nmbd/nmbd_elections.c:send_election_dgram(43)
  send_election_dgram: Sending election packet for workgroup HAWAR3 on subnet
10.0.0.152
[2003/12/16 17:18:45, 0] nmbd/nmbd_become_dmb.c:become_domain_master_stage2(115)
  *****
  
  Samba server NEMO is now a domain master browser for workgroup HAWAR3 on
subnet 10.0.0.152
  
  *****
[2003/12/16 17:18:48, 2] nmbd/nmbd_elections.c:send_election_dgram(43)
  send_election_dgram: Sending election packet for workgroup HAWAR3 on subnet
10.0.0.152
[2003/12/16 17:18:50, 2] nmbd/nmbd_elections.c:send_election_dgram(43)
  send_election_dgram: Sending election packet for workgroup HAWAR3 on subnet
10.0.0.152
[2003/12/16 17:18:52, 2] nmbd/nmbd_elections.c:send_election_dgram(43)
  send_election_dgram: Sending election packet for workgroup HAWAR3 on subnet
10.0.0.152
[2003/12/16 17:18:52, 2] nmbd/nmbd_elections.c:run_elections(208)
  run_elections: >>> Won election for workgroup HAWAR3 on subnet
10.0.0.152 <<<
[2003/12/16 17:18:52, 2] nmbd/nmbd_become_lmb.c:become_local_master_browser(549)
  become_local_master_browser: Starting to become a master browser for workgroup
HAWAR3 on subnet 10.0.0.152
[2003/12/16 17:19:00, 0] nmbd/nmbd_become_lmb.c:become_local_master_stage2(404)
  *****
  
  Samba name server NEMO is now a local master browser for workgroup HAWAR3 on
subnet 10.0.0.152
  
  *****
-------------- next part --------------
[2003/12/16 17:18:37, 0] smbd/server.c:main(698)
  smbd version 2.2.3a-12.3 for Debian started.
  Copyright Andrew Tridgell and the Samba Team 1992-2002
[2003/12/16 17:18:37, 1] lib/debug.c:debug_message(250)
  INFO: Debug class all level = 2   (pid 232 from pid 232)
[2003/12/16 17:18:37, 2] param/loadparm.c:do_section(2973)
  Processing section "[homes]"
[2003/12/16 17:18:37, 2] param/loadparm.c:do_section(2973)
  Processing section "[profiles]"
[2003/12/16 17:18:37, 2] param/loadparm.c:do_section(2973)
  Processing section "[netlogon]"
[2003/12/16 17:18:37, 2] lib/interface.c:add_interface(81)
  added interface ip=10.0.0.152 bcast=10.0.0.255 nmask=255.255.255.0
[2003/12/16 17:18:37, 2] smbd/server.c:open_sockets(198)
  waiting for a connection

Le Tuesday 16 December 2003 17:12, Eduard Witteveen a ?crit
:
> Hello,
>
> I'm having problems using Samba as an primary domain
> controller. I am using debian woody as our platform.
>
> The version of samba is "2.2.3a-12.3 for Debian" and i
> followed the instructions which can be found on the following
> url:
> http://www-106.ibm.com/developerworks/eserver/tutorials/samba/
....
> Could someone please help me here?
Sure we can. :-)
For now you just missed something.
Relevant information is generally in /var/log/samba/log.NETBIOSNAME.
Have a look at it, and if you still cannot find, send relevant part back to the
list.

Good luck,

Fabien Chevalier

Fabien Chevalier wrote:
>Relevant information is generally in /var/log/samba/log.NETBIOSNAME.
>
>  
>
I cannot find this file. I did the following steps:
- Stopped the samba deamon
- Removed all the logging from the /var/log/samba directory
- Started the samba deamon
- Tried to join the domain again

nemo:/var/log/samba# ls -la
total 16
drwxr-x---    2 root     adm          4096 Dec 16 18:42 .
drwxr-xr-x    6 root     root         4096 Dec 16 06:25 ..
-rw-r--r--    1 root     root         3548 Dec 16 18:43 log.nmbd
-rw-r--r--    1 root     root          663 Dec 16 18:42 log.smbd

But when i try to access the server itselve by entering 
\\ipnumber-samba-machine in start > run  this file is created.
    nemo:/var/log/samba# cat log.shared-pc
    [2003/12/16 18:48:41, 2] smbd/server.c:exit_server(458)
      Closing connections
    [2003/12/16 18:48:41, 2] smbd/server.c:exit_server(458)
      Closing connections
    [2003/12/16 18:48:41, 2] smbd/server.c:exit_server(458)
      Closing connections

I tried to join the domain again at this point, but no changes are made 
to the logging while im doing this

Are there things i have to test before i want to join the domain?

I am running on RedHat, but everything should be same on server side.  Try 
adding the following lines into the smb.conf file:

password level = 8
username level = 8
encrypt passwords = yes
smb passwd file = /etc/samba/smbpasswd
unix password sync = yes
pam password change = yes
obey pam restrictions = yes

I have these lines in my conf and everything is working for me, even WinXP 
now.
The first two lines are for the case differences between Win & linux.
All version of win beyond Win95 defaults to encrypted passwords, hence line 3.
I have two password files, /etc/passwd for Linux & smbpasswd for Samba, 
users must be in both to authenticate, hence lines 4-5.
Lines 6-7 were in my default config and things work, so I did not question 
them.

If this does not work, please email me complete smb.conf file, and I will 
do a more thorough comparison.

Good Luck.

Patrick Shoaf

At 11:12 AM 12/16/2003, Eduard Witteveen wrote:
>Hello,
>
>I'm having problems using Samba as an primary domain controller. I am 
>using debian woody as our platform.
>
>The version of samba is "2.2.3a-12.3 for Debian" and i followed
the
>instructions which can be found on the following url: 
>http://www-106.ibm.com/developerworks/eserver/tutorials/samba/. In short 
>this covers:
>    - creating the config file
>    - creating the users / groups
>    - creating directory structure
>    - configuring the windows client
>I attached my config file's /logging  from my debian woody system.
>
>I did the following things on the windows client (Windows XP Professional 
>2002 Service Pack 1)
>    - Open the Local Security Policy editor (Start -> All Programs -> 
> Administrative Tools -> Local Security Policy).
>    - Locate the entry "Domain member: Digitally encrypt or sign secure
> channel (always)". Disable it.
>    - Locate the entry "Domain member: Disable machine account password
> changes". Make sure it's disabled as well.
>    - Locate the entry "Domain member: Require strong (Windows 2000 or 
> later) session key". Disable it.
>    - Next, download the WinXP_SignOrSeal registry patch from 
> www.samba.org <http://www.samba.org> or collect it from the Further 
> resources: Downloads and developerWorks 
>
<http://www-106.ibm.com/developerworks/eserver/tutorials/samba/samba-6-2.html>
> section at the end of this tutorial. Apply it by double-clicking and 
> answering Yes to the dialog prompt.
>    - Now join the domain the same as you would for Windows NT or 2000. 
> Right-click My Computer, select Properties, Computer Name, and Change. Or 
> click the Network ID button and run the Network Wizard.
>
>I put some screenshots of windows on the following locations: 
>http://www.nergens.org/samba/ComputerNameChanges.PNG and 
>http://www.nergens.org/samba/ComputerProperties.PNG
>
>( i searched on the mailarchive, but i couldnt find any pointers / im 
>kinda new to smb so i dont know how to debug)
>
>Could someone please help me here?
>
>Eduard Witteveen
>
>
>
>[global]
>;basic server settings
>workgroup = HAWAR3
>netbios name = nemo
>server string = Samba %h PDC running %v
>socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192
>
>;PDC and master browser settings
>os level = 64
>preferred master = yes
>local master = yes
>domain master = yes
>
>;security and logging settings
>security = user
># encrypt passwords = yes
>log file = /var/log/samba/log.%m
>log level = 2
># max log size = 50
># hosts allow = 127.0.0.1 192.168.1.0/255.255.255.0
>
>;user profiles and home directory
>logon home = \\%L\%U\
>logon drive = H:
>logon path = \\%L\profiles\%U
>logon script = netlogon.bat
>
>;sync passwords
>unix password sync = yes
>passwd program = /usr/bin/passwd %u
>passwd chat = *New*UNIX*password* %n\n *Retype*new*UNIX*password* 
>%n\n  *Enter*new*UNIX*password* %n\n *Retype*new*UNIX*password* %n\n 
>*passwd:         *all*authentication*tokens*updated*successfully*
>
>; new machines
>add user script = /usr/sbin/useradd -d /dev/null -g machines -s /bin/false 
>-M %u
>
>
># ==== shares ===>
>[homes]
>comment = Home Directories
>browseable = no
>writeable = yes
>
>[profiles]
>path = /home/samba/profiles
>writeable = yes
>browseable = no
>create mask = 0600[2003/12/16 17:18:37, 0] smbd/server.c:main(698)
>   smbd version 2.2.3a-12.3 for Debian started.
>   Copyright Andrew Tridgell and the Samba Team 1992-2002
>[2003/12/16 17:18:37, 1] lib/debug.c:debug_message(250)
>   INFO: Debug class all level = 2   (pid 232 from pid 232)
>[2003/12/16 17:18:37, 2] param/loadparm.c:do_section(2973)
>   Processing section "[homes]"
>[2003/12/16 17:18:37, 2] param/loadparm.c:do_section(2973)
>   Processing section "[profiles]"
>[2003/12/16 17:18:37, 2] param/loadparm.c:do_section(2973)
>   Processing section "[netlogon]"
>[2003/12/16 17:18:37, 2] lib/interface.c:add_interface(81)
>   added interface ip=10.0.0.152 bcast=10.0.0.255 nmask=255.255.255.0
>[2003/12/16 17:18:37, 2] smbd/server.c:open_sockets(198)
>   waiting for a connection
>nemo:/var/log/samba# cat log.nmbd
>[2003/12/16 17:18:37, 0] nmbd/nmbd.c:main(783)
>   Netbios nameserver version 2.2.3a-12.3 for Debian started.
>   Copyright Andrew Tridgell and the Samba Team 1994-2002
>[2003/12/16 17:18:37, 1] lib/debug.c:debug_message(250)
>   INFO: Debug class all level = 2   (pid 230 from pid 230)
>[2003/12/16 17:18:37, 2] nmbd/nmbd.c:main(821)
>   Becoming a daemon.
>[2003/12/16 17:18:37, 2] lib/interface.c:add_interface(81)
>   added interface ip=10.0.0.152 bcast=10.0.0.255 nmask=255.255.255.0
>[2003/12/16 17:18:37, 2] nmbd/nmbd_subnetdb.c:make_subnet(193)
>   making subnet name:10.0.0.152 Broadcast address:10.0.0.255 Subnet 
> mask:255.255.255.0
>[2003/12/16 17:18:37, 2] nmbd/nmbd_subnetdb.c:make_subnet(193)
>   making subnet name:UNICAST_SUBNET Broadcast address:0.0.0.0 Subnet 
> mask:0.0.0.0
>[2003/12/16 17:18:37, 2] nmbd/nmbd_subnetdb.c:make_subnet(193)
>   making subnet name:REMOTE_BROADCAST_SUBNET Broadcast address:0.0.0.0 
> Subnet mask:0.0.0.0
>[2003/12/16 17:18:37, 2] nmbd/nmbd_lmhosts.c:load_lmhosts_file(41)
>   load_lmhosts_file: Can't open lmhosts file /etc/samba/lmhosts. Error 
> was No such file or directory
>[2003/12/16 17:18:37, 0] 
>nmbd/nmbd_become_dmb.c:become_domain_master_browser_bcast(291)
>   become_domain_master_browser_bcast:
>   Attempting to become domain master browser on workgroup HAWAR3 on 
> subnet 10.0.0.152
>[2003/12/16 17:18:37, 0] 
>nmbd/nmbd_become_dmb.c:become_domain_master_browser_bcast(305)
>   become_domain_master_browser_bcast: querying subnet 10.0.0.152 for 
> domain master browser on workgroup HAWAR3
>[2003/12/16 17:18:41, 2] 
>nmbd/nmbd_become_dmb.c:become_domain_master_stage1(179)
>   become_domain_master_stage1: Becoming domain master browser for 
> workgroup HAWAR3 on subnet 10.0.0.152
>[2003/12/16 17:18:41, 0] 
>nmbd/nmbd_responserecordsdb.c:find_response_record(237)
>   find_response_record: response packet id 12349 received with no 
> matching record.
>[2003/12/16 17:18:41, 0] 
>nmbd/nmbd_responserecordsdb.c:find_response_record(237)
>   find_response_record: response packet id 12350 received with no 
> matching record.
>[2003/12/16 17:18:43, 2] nmbd/nmbd_elections.c:send_election_dgram(43)
>   send_election_dgram: Sending election packet for workgroup HAWAR3 on 
> subnet 10.0.0.152
>[2003/12/16 17:18:45, 2] nmbd/nmbd_elections.c:send_election_dgram(43)
>   send_election_dgram: Sending election packet for workgroup HAWAR3 on 
> subnet 10.0.0.152
>[2003/12/16 17:18:45, 0] 
>nmbd/nmbd_become_dmb.c:become_domain_master_stage2(115)
>   *****
>
>   Samba server NEMO is now a domain master browser for workgroup HAWAR3 
> on subnet 10.0.0.152
>
>   *****
>[2003/12/16 17:18:48, 2] nmbd/nmbd_elections.c:send_election_dgram(43)
>   send_election_dgram: Sending election packet for workgroup HAWAR3 on 
> subnet 10.0.0.152
>[2003/12/16 17:18:50, 2] nmbd/nmbd_elections.c:send_election_dgram(43)
>   send_election_dgram: Sending election packet for workgroup HAWAR3 on 
> subnet 10.0.0.152
>[2003/12/16 17:18:52, 2] nmbd/nmbd_elections.c:send_election_dgram(43)
>   send_election_dgram: Sending election packet for workgroup HAWAR3 on 
> subnet 10.0.0.152
>[2003/12/16 17:18:52, 2] nmbd/nmbd_elections.c:run_elections(208)
>   run_elections: >>> Won election for workgroup HAWAR3 on subnet 
> 10.0.0.152 <<<
>[2003/12/16 17:18:52, 2] 
>nmbd/nmbd_become_lmb.c:become_local_master_browser(549)
>   become_local_master_browser: Starting to become a master browser for 
> workgroup HAWAR3 on subnet 10.0.0.152
>[2003/12/16 17:19:00, 0] 
>nmbd/nmbd_become_lmb.c:become_local_master_stage2(404)
>   *****
>
>   Samba name server NEMO is now a local master browser for workgroup 
> HAWAR3 on subnet 10.0.0.152
>
>   *****[2003/12/16 17:18:37, 0] smbd/server.c:main(698)
>   smbd version 2.2.3a-12.3 for Debian started.
>   Copyright Andrew Tridgell and the Samba Team 1992-2002
>[2003/12/16 17:18:37, 1] lib/debug.c:debug_message(250)
>   INFO: Debug class all level = 2   (pid 232 from pid 232)
>[2003/12/16 17:18:37, 2] param/loadparm.c:do_section(2973)
>   Processing section "[homes]"
>[2003/12/16 17:18:37, 2] param/loadparm.c:do_section(2973)
>   Processing section "[profiles]"
>[2003/12/16 17:18:37, 2] param/loadparm.c:do_section(2973)
>   Processing section "[netlogon]"
>[2003/12/16 17:18:37, 2] lib/interface.c:add_interface(81)
>   added interface ip=10.0.0.152 bcast=10.0.0.255 nmask=255.255.255.0
>[2003/12/16 17:18:37, 2] smbd/server.c:open_sockets(198)
>   waiting for a connection--
>To unsubscribe from this list go to the following URL and read the
>instructions:  http://lists.samba.org/mailman/listinfo/samba
Patrick J. Shoaf, IT Manager
pshoaf@model-cleaners.com

Model Cleaners, Uniforms, & Apparel
100 Third Street
Charleroi, PA 15022
<http://www.model-uniforms.com/>http://www.model-uniforms.com
Phone: 724-489-9553 ext. 105
  or    800-99 MODEL
Fax:   724-489-4386

Fabien Chevalier wrote:
>It seems your workstation tries to locate the DC by doing a dns query, what
is not currently supported by Samba.
>What is your workstation node type set to?
>  
>
Could you rephrase your question?  I dont know how i found out what the 
node type of my workstations is.
(after some googling i tried looking in the registry for the key 
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netbt\Parameters 
NodeType, but i couldnt find the entry)

Eduard Witteveen

Le Wednesday 17 December 2003 13:20, Eduard Witteveen a ?crit
:
> Fabien Chevalier wrote:
> >Please send your ipconfig /all.
>
> I attached the output
>
> >I suppose something's wrong in your network settings.
> >Are you using Dhcp or static Ip?
>
> Dhcp. (look in the output)
>
> The linux server (nemo) has ip-number  10.0.0.152
>
>
> Eduard Witteveen
Ok, thanks.

I think your Samba server hasn't been registered to your wins server,
thus when trying to join the domain, your workstation falls back to dns...which
obviously fails.

Try to add "wins server = 10.0.0.10" to your smb.conf,
and let us know if it works...

Good luck,

Fabien Chevalier