---------- Forwarded message ----------
From: wally.hall@gmail.com <wally.hall@gmail.com>
Date: Apr 27, 2006 4:22 PM
Subject: Conistent problem with clients joining domain
To:
Hey everyone, firstly thanks for your time, I've spent hours, a lot
straight days too, for the last couple of weeks trying to solve this
issue. The only thing (afai can see) I've got left is asking the
experts and formatting all the machines and starting over, the latter
of which I'm not interesting in doing because it doesn't solve the
issue (well it might make the problem go away, but I won't know what it
was, and I don't consider that a solution). So thanks for reading
this, even if you've just got a "no idea I'm afraid, but I would
suggest the following obvious things..." that'd be so appriciated.
I've gotten to the point where I'm getting so frustrated and impatient
I'm forgetting what I have / havn't tried already, so a fresh run would
be great : )
So, here we go. I've setup a PDC for a small network. I'm running
Samba 3.0.14a-2 on FC5, with 256mb of RAM and other working hardware.
I mean to say, I'm fairly certain its something I've misconfigured, not
a hardware fault. I've also upgraded Samba twice (while moving from
FC4 to 5, and once again recently), neither of which solved the issue.
So my smb.conf looks like this:
// SOF
# Global parameters
[global]
workgroup = PLFCDOMAIN
server string = Fedora Linux running Samba 3.0.14a-2
passwd program = /usr/bin/passwd %U
passwd chat = *New*UNIX*password* %n\n
*Retype*new*UNIX*password* %n\n $ unix password sync = Yes
log level = 2
acl compatibility = win2k
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
add machine script = /usr/sbin/adduser -d / -g 600 -M -s
/sbin/nologin $ logon script = %U.BAT
logon path = \\%N\profiles\%U
logon drive = Z:
domain logons = Yes
os level = 33
preferred master = Yes
domain master = Yes
wins support = Yes
# remote announce = 192.168.0.255/FILESERVER
profile acls = Yes
[netlogon]
path = /var/lib/samba/netlogon
read only = No
guest ok = Yes
[profiles]
comment = Profiles share
path = /home/
read only = No
create mask = 0751
directory mask = 0751
map system = Yes
map hidden = Yes
// EOF
(I've got some other shares too, if anybody is interested in seeing
those I'll post them up too, otherwise I'll save the bytes in this
message for now.)
When I first set it up, I had it running with a Windows 2000 client (no
SP patches applied) in the domain, and everyone could log on and off as
they liked. Everything was fine. Then I joined another 2000 machine
(for which I used the add machine script) which worked really neatly,
and still everything worked fine. Then I added an XP machine, which
also joined perfectly happily.
This is the point from which things must have gone wrong.
I then applied SP4 to the FIRST of the two Windows 2000 machines. I
mucked about a bit with poledit to make a NTLogon.pol for the NTLOGON
share, which worked like a dream. I'd had a few users loging on and
off of all the machines fine, all the shares worked as I wanted,
everything seemed quite happy.
Then I had a problem with a user not being able to write to a given
share. Turns out adding "profile acls = yes" to the Samba config
fixed
this (I found that out on the net), but before I discovered that I
paniced and tried REMOVING the win2k machine from the domain, and
readding it, which FAILED. The message I received was "remote
procedure call failed". Ever since, I've not been able to join
machines to the domain (I always get that error).
Checking the Samba logs, nothing screams out at me. Ocassionally I get
an "INVALID PIPE <xyz>" (log level 3), but that isn't
persistant
(infact so little that I can't even find one to paste here right now).
It also seems that I have to reboot the win2k machine to get it to try
joining the domain again properly, if that's of any relevance.
I've followed the Samba HOWTO doc as best I can several times over,
I've tried adding the machines by hand using "# smbpasswd -am
plfc-01"
(that being the name of one of the win2k machines) and that doesn't
work, I've tried with and without the add machine script, both without
it completely and with manually adding the UNIX user, I've really tried
everything I can think of and then some, but I can't get it to join.
This applies to ALL win2k machines (I've only got one XP one available,
which I daren't disjoin the domain with incase it never goes back on
because everyone uses it), I've tried several win2k machines which have
never been on the network (fresh installs of 2k, even they won't touch
it.
The only thing (may be irrelevant, but my understanding of SMB and
Samba is pretty limited), the smbpasswd file has very different entries
for each of the computers:
(this is the XP machine which is already added)
generaloffice1$:507:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:6623130B73710E84C2E897469708630A:[W
]:LCT-443B967D:
(this is the win2k machine which is also already added)
plfc-03$:505:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:7A43E23FE67585145CD2F799BE224F21:[UW
]:LCT-443B8092:
(this is the win2k machine that I disconnected and tried to reconnect)
plfc-06$:520:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[DW
]:LCT-00000000:
(this is a new win2k machine that I've tried to add today)
plfc-02$:522:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[DW
]:LCT-00000000:
I've read loads on the net about Samba 2 having serious windows 2000
issues, but not much about Samba 3, if anyone has *any* idea what my
problem might be, even if you don't have a clue and just have some
suggestions or want to know what my smbpasswd file looks like or
whatever, please, I'd really appriciate hearing from you all!
Thanks,
Matthew Hall
--
visit www.soggysoftware.co.uk
pgp available at www.soggysoftware.co.uk/pgp
On Thu, 27 Apr 2006, wally wrote:> > When I first set it up, I had it running with a Windows 2000 client (no > SP patches applied) in the domain, and everyone could log on and off as > they liked. Everything was fine. Then I joined another 2000 machine > (for which I used the add machine script) which worked really neatly, > and still everything worked fine. Then I added an XP machine, which > also joined perfectly happily. > > This is the point from which things must have gone wrong. > > I then applied SP4 to the FIRST of the two Windows 2000 machines. I > mucked about a bit with poledit to make a NTLogon.pol for the NTLOGON > share, which worked like a dream. I'd had a few users loging on and > off of all the machines fine, all the shares worked as I wanted, > everything seemed quite happy. > > Then I had a problem with a user not being able to write to a given > share. Turns out adding "profile acls = yes" to the Samba config fixed > this (I found that out on the net), but before I discovered that I > paniced and tried REMOVING the win2k machine from the domain, and > readding it, which FAILED. The message I received was "remote > procedure call failed". Ever since, I've not been able to join > machines to the domain (I always get that error). >In the registry on the client, check for a key "requiresignorseal" set the value to zero. http://lists.samba.org/archive/samba-technical/2001-July/015345.html Cheers, Bill
Gerald (Jerry) Carter
2006-May-02 14:51 UTC
[Samba] Conistent problem with clients joining domain
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 William Jojo wrote:> > In the registry on the client, check for a key "requiresignorseal" set > the value to zero. > > http://lists.samba.org/archive/samba-technical/2001-July/015345.htmlHey Bill, This is not needed for Samba 3.0.x releases. Only Samba 2.2 cheers, jerry ====================================================================I live in a Reply-to-All world. ----------------------- Samba ------- http://www.samba.org Centeris ----------- http://www.centeris.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFEV3HZIR7qMdg1EfYRAgFiAKCaQjZbTTsMGr9bBwyl1sxDkJgYKQCfQvqb M33NzKnmNjASFbq+vSjrIlw=ljKN -----END PGP SIGNATURE-----