Megat0N
2005-May-22 12:01 UTC
[Samba] Strange intermittent join with XP SP2 and Samba 3.0.14a
Hi all! I'm a system administrator for a company that uses Samba (the latest, 3.0.14a) as a PDC for a subnet with various windows clients. The following diagram illustrates the situation of the various host in my network: +----------+ | Win 2003 | +--+-------+ - Clients - | 10.100.0.0/16 | +--------+ | +----------+ | XP sp2 | | | 2000 SP4 | +-----+--+ | +-+--------+ | | | | | | +-+------+----+-+ | Switch 10/100 | +-------+-------+ | | +----+-----+ | Firewall | +----+-----+ | .1 - Services - | 192.168.2.0/24 +-------+-------+ | Switch 10/100 | +-------+----+--+ | | \ | | +------------------------+ | | | | .6 (eth0) | .8 (eth0:1) | .7 (eth0) | | | +----+-----------+ HA Link +----+-------------+ | Samba PDC (up) | 172.16.1.0/24 | Samba PDC (down) | +----------------+ <-------------> +------------------+ | LDAP (up) | (eth1) | LDAP (down) | +----------------+ +------------------+ The Samba 3.0.14a uses LDAP as a SAM backend for all the windows domain accounts and related authentication. In the previous diagram you can notice that there are two PDC (in high avaiability, 192.168.2.6 and 192.168.2.7) linked each other with a dedicated cross cable for a private Heartbeat network (the 172.16.1.0/24). The current active high avaiability PDC uses a virtual interface with ip 192.168.2.8, that is, the shared ip address resource raised by Heartbeat during its boot (in the diagram, i taken the Samba with ip 192.168.2.6 as the currently active PDC). The problem that occurs, involves just windows XP with service pack 2 and less frequently windows 2003 (not win2K sp4 or windows XP with service pack 1) and it consists in an intermittent join to the NT domain controlled by the Samba PDC. I'll explain this problem better. With xp sp2 (and 2003) i have to repeat various times the join phase before get success from the PDC, and, during each failed join, i get the error: "user unknown or incorrect password" and this does never occur with xp sp1 or win2k sp4. What a strange thing! Moreover, if i reset any XP sp2 client into a workgroup and after i do a rejoin to the domain, the problem still occurs! I played a lot with the voices "interfaces, bind interfaces only, remote anounce" in the samba configuration file, in any combination! But seems i can't solve that annoying problem. I thought it could be a firewall problem, but, why the join does works always with windows XP sp1 and 2000? I add that the same problem could be replicated with each version 3.0.X (and also 15pre2) of Samba. I'm in trobles, please help me! follows my smb.conf: [global] ; PDC Dominio AZIENDA workgroup = AZIENDA server string = PDC netbios name = PDC security = user preferred master = yes domain logons = yes domain master = yes encrypt passwords = yes map acl inherit = yes wins support = yes interfaces = 192.168.2.8/24 127.0.0.1/8 #interfaces = 192.168.2.6 192.168.2.7 192.168.2.8 127.0.0.1 bind interfaces only = no #bind interfaces only = yes #username map = /etc/samba/username.map #remote announce = 10.100.255.255/AZIENDA dos charset = 850 unix charset = ISO8859-1 log file = /var/samba/log.samba.%m log level = 1 max log size = 20000 lock directory = /var/samba/locks pid directory = /var/samba/run private dir = /var/samba/private passdb backend = ldapsam:ldap://localhost ldap admin dn = cn=root,dc=pdc,dc=azienda,dc=pri ldap suffix = dc=pdc,dc=azienda,dc=pri ldap user suffix = ou=Users ldap group suffix = ou=Groups ldap machine suffix = ou=Computers ldap delete dn = no add machine script = /etc/samba/scripts/smbldap-useradd.pl -w '%u' add user script = /etc/samba/scripts/smbuseradd.sh '%u' add group script = /etc/samba/scripts/smbgroupadd.sh '%g' add user to group script = /etc/samba/scripts/smbldap-groupmod.pl -m '%u' '%g' delete user script = /etc/samba/scripts/smbuserdel.sh '%u' delete group script = /etc/samba/scripts/smbgroupdel.sh '%g' delete user from group script = /etc/samba/scripts/smbldap-groupmod.pl -x '%u' '%g' set primary group script = /etc/samba/scripts/smbldap-usermod.pl -g '%g' '%u' ;logon path = \\%L\profiles logon path logon script = logon.cmd logon drive = Z: socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 Thanx in advance friends! Help me please! Giuseppe.
Fabio Muzzi
2005-May-23 11:19 UTC
[Samba] Strange intermittent join with XP SP2 and Samba 3.0.14a
Hello Megat0N, Sunday, May 22, 2005, 2:01:23 PM, you wrote: M> With xp sp2 (and 2003) i have to repeat various times the join phase M> before get success from the PDC, and, during each failed join, i get the M> error: M> "user unknown or incorrect password" This does not seem to be a firewall issue, but an XP-samba interaction issue of some type. I do not have the answer, but it should be interesting if you try to join a XP SP2 client (which has intermittent issues) to the domain after connecting it to the server's network, thus avoiding completely the firewall. -- Fabio "Kurgan" Muzzi
Seemingly Similar Threads
- newbie: TC[NG] with (256kbit/s down and 768kbit/s up) on a router
- [SOLVED] upgrade to 4.8.3 authentication not work without specifying domain
- upgrade to 4.8.3 authentication not work without specifying domain
- upgrade to 4.8.3 authentication not work without specifying domain
- lartc on bridge, help