samba - Feb 2007 - "Windows cannot obtain the domain controller name for your computer network" error on XP Pro SP2 clients for Samba 3.0.23d PDC

Hi,

I've recently reinstalled our Samba server with a view to getting it
working as a PDC using the tdbsam backend. I've successfully connected a
number of XP Pro SP2 clients to the domain and can login ok, but I'm
have problems getting the clients to read/apply an NTConfig.POL file I
created following the instructions at
http://www.pcc-services.com/custom_poledit.html

I'm seeing the following error logged in the event log on the XP Pro SP2
clients,

Event ID: 1054
Source: Userenv
Type: Error
Description: Windows cannot obtain the domain controller name for your
computer network. (The specified domain either does not exist or exist
or could not be contacted). Group Policy processing aborted. Data:
(unavailable)

Some Googling turns up the following

http://support.microsoft.com/kb/840669

and various other postings on this on the net. In response to those I've
tried various combinations of the following,

1. Change from using DHCP to static IP on client.
2. Applied various registry hacks including turning DHCP media sensing off.
3. Disabled various network card options such as media sensing.
4. Forced the card to 100Mbps/full duplex (rather than auto).
5. Upgraded to the latest network card drivers.
6. Downgraded to older network card drivers.

I'm getting the same error message on 3 XP Pro SP2 clients which I test
this on, all of which have gigabit broadcom cards (various different
chipsets). The knowledge base article suggests this is a problem which
occurs with gigabit cards .. short of trying adding new network cards to
the systems (some of which are laptops) - does anyone have any
suggestions on what I could try? I assumes others are successfully
running with a similar config or are PDCs with tdbsam rare (or is that
totally unrelated to the problems I'm experiencing).

I've also tried using a Samba PDC config from the HOWTO rather than my
own hand-crafted one (see below for both).

Samba version is 3.0.23d running on  2.6.17-2-686 Debian etch on Dell
Poweredge 1600sc with an Intel Corporation 82540EM Gigabit Ethernet
Controller (rev 02).

I have a djbdns dhcp server on the network serving which references the
samba server as a wins server.

Thanks,

-stephen

Original PDC config

[global]
   workgroup = XXXXX
   netbios name = XXXX
   server string = %h server (Samba %v)
   log file = /var/log/samba/log.%m
   max log size = 1000
   syslog = 0
   panic action = /usr/share/samba/panic-action %d
   security = user
   encrypt passwords = true
   passdb backend = tdbsam
   obey pam restrictions = yes
   guest account = nobody
   unix password sync = yes
   passwd program = /usr/bin/passwd %u
   pam password change = yes
   domain logons = yes
   os level = 40
   logon path = \\%L\profiles\%U
   logon drive = U:
   logon home = \\%L\%U
   logon script = logon.cmd
   add machine script =  /usr/sbin/useradd -d /var/lib/nobody -g 1015 -s
/bin/false  %u
   load printers = yes
   printing = cups
   printcap name = cups
   socket options = TCP_NODELAY
   domain master = yes
   preferred master = yes
   wins support = yes
   idmap uid = 10000-20000
   idmap gid = 10000-20000
   template shell = /bin/bash
   smb ports = 445

[homes]
   comment = Home Directories
   browseable = no
   writable = yes
   create mask = 0700
   directory mask = 0700
   hide files = /desktop.ini/ntuser.ini/NTUSER.*/RECYCLER/

[printers]
   comment = All Printers
   browseable = no
   path = /var/spool/samba
   printable = yes
   public = no
   writable = no
   create mode = 0700


# Windows clients look for this share name as a source of downloadable
# printer drivers
[print$]
   comment = Printer Drivers
   path = /var/lib/samba/printers
   write list = root, @ntadmin
   printer admin = root, @ntadmin

[netlogon]
   comment = Network Logon Service
   path = /var/lib/samba/netlogon
   guest ok = yes
   writable = no
   share modes = no

# For profiles to work, create a user directory under the path
# shown. i.e., mkdir -p /var/lib/samba/profiles/maryo
[profiles]
   comment = Roaming Profile Share
   path = /var/lib/samba/profiles
   read only = No
   profile acls = Yes


PDC config from HOWTO

[global]
workgroup = XXXX
netbios name = XXXX
passdb backend = tdbsam
printcap name = cups
add user script = /usr/sbin/useradd -m %u
delete user script = /usr/sbin/userdel -r %u
add group script = /usr/sbin/groupadd %g
delete group script = /usr/sbin/groupdel %g
add user to group script = /usr/sbin/groupmod -A %u %g
delete user from group script = /usr/sbin/groupmod -R %u %g
add machine script = /usr/sbin/useradd -s /bin/false -d /var/lib/nobody %u
# Note: The following specifies the default logon script.
# Per user logon scripts can be specified in the user account using pdbedit
logon script = scripts\logon.bat
# This sets the default profile path. Set per user paths with pdbedit
logon path = \\%L\Profiles\%U
logon drive = H:
logon home = \\%L\%U
domain logons = Yes
os level = 35
preferred master = Yes
domain master = Yes
idmap uid = 15000-20000
idmap gid = 15000-20000
printing = cups
wins support = yes

[homes]
comment = Home Directories
valid users = %S
read only = No
browseable = No

# Printing auto-share (makes printers available thru CUPS)
[printers]
comment = All Printers
path = /var/spool/samba
printer admin = root
create mask = 0600
guest ok = Yes
printable = Yes
browseable = No

[print$]
comment = Printer Drivers Share
path = /var/lib/samba/drivers
write list = root
printer admin = root

# Needed to support domain logons
[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
admin users = root
guest ok = Yes
browseable = No

# For profiles to work, create a user directory under the path
# shown. i.e., mkdir -p /var/lib/samba/profiles/maryo
[Profiles]
comment = Roaming Profile Share
path = /var/lib/samba/profiles
read only = No
profile acls = Yes



-- 
Stephen Mulcahy, Applepie Solutions Ltd, Innovation in Business Center,
   GMIT, Dublin Rd, Galway, Ireland.      http://www.aplpi.com/

Hi,

Further debugging of this - I see that the logon.cmd is successfully
executed by the Windows XP client even as it logs the 1054 Event -- the
logon.cmd simply mounts some shares.

Looking at the samba logs (default log level) I can't see any errors.

Is this some browsing issue? Or a problem with name resolution? Any
suggestions on tools to diagnose this further would be appreciated.

Thanks,

-stephen

stephen mulcahy wrote:
> Hi,
> 
> I've recently reinstalled our Samba server with a view to getting it
> working as a PDC using the tdbsam backend. I've successfully connected
a
> number of XP Pro SP2 clients to the domain and can login ok, but I'm
> have problems getting the clients to read/apply an NTConfig.POL file I
> created following the instructions at
> http://www.pcc-services.com/custom_poledit.html
> 
> I'm seeing the following error logged in the event log on the XP Pro
SP2
> clients,
> 
> Event ID: 1054
> Source: Userenv
> Type: Error
> Description: Windows cannot obtain the domain controller name for your
> computer network. (The specified domain either does not exist or exist
> or could not be contacted). Group Policy processing aborted. Data:
> (unavailable)
> 
> Some Googling turns up the following
> 
> http://support.microsoft.com/kb/840669
> 
> and various other postings on this on the net. In response to those
I've
> tried various combinations of the following,
> 
> 1. Change from using DHCP to static IP on client.
> 2. Applied various registry hacks including turning DHCP media sensing off.
> 3. Disabled various network card options such as media sensing.
> 4. Forced the card to 100Mbps/full duplex (rather than auto).
> 5. Upgraded to the latest network card drivers.
> 6. Downgraded to older network card drivers.
> 
> I'm getting the same error message on 3 XP Pro SP2 clients which I test
> this on, all of which have gigabit broadcom cards (various different
> chipsets). The knowledge base article suggests this is a problem which
> occurs with gigabit cards .. short of trying adding new network cards to
> the systems (some of which are laptops) - does anyone have any
> suggestions on what I could try? I assumes others are successfully
> running with a similar config or are PDCs with tdbsam rare (or is that
> totally unrelated to the problems I'm experiencing).
> 
> I've also tried using a Samba PDC config from the HOWTO rather than my
> own hand-crafted one (see below for both).
> 
> Samba version is 3.0.23d running on  2.6.17-2-686 Debian etch on Dell
> Poweredge 1600sc with an Intel Corporation 82540EM Gigabit Ethernet
> Controller (rev 02).
> 
> I have a djbdns dhcp server on the network serving which references the
> samba server as a wins server.
> 
> Thanks,
> 
> -stephen
> 
> Original PDC config
> 
> [global]
>    workgroup = XXXXX
>    netbios name = XXXX
>    server string = %h server (Samba %v)
>    log file = /var/log/samba/log.%m
>    max log size = 1000
>    syslog = 0
>    panic action = /usr/share/samba/panic-action %d
>    security = user
>    encrypt passwords = true
>    passdb backend = tdbsam
>    obey pam restrictions = yes
>    guest account = nobody
>    unix password sync = yes
>    passwd program = /usr/bin/passwd %u
>    pam password change = yes
>    domain logons = yes
>    os level = 40
>    logon path = \\%L\profiles\%U
>    logon drive = U:
>    logon home = \\%L\%U
>    logon script = logon.cmd
>    add machine script =  /usr/sbin/useradd -d /var/lib/nobody -g 1015 -s
> /bin/false  %u
>    load printers = yes
>    printing = cups
>    printcap name = cups
>    socket options = TCP_NODELAY
>    domain master = yes
>    preferred master = yes
>    wins support = yes
>    idmap uid = 10000-20000
>    idmap gid = 10000-20000
>    template shell = /bin/bash
>    smb ports = 445
> 
> [homes]
>    comment = Home Directories
>    browseable = no
>    writable = yes
>    create mask = 0700
>    directory mask = 0700
>    hide files = /desktop.ini/ntuser.ini/NTUSER.*/RECYCLER/
> 
> [printers]
>    comment = All Printers
>    browseable = no
>    path = /var/spool/samba
>    printable = yes
>    public = no
>    writable = no
>    create mode = 0700
> 
> 
> # Windows clients look for this share name as a source of downloadable
> # printer drivers
> [print$]
>    comment = Printer Drivers
>    path = /var/lib/samba/printers
>    write list = root, @ntadmin
>    printer admin = root, @ntadmin
> 
> [netlogon]
>    comment = Network Logon Service
>    path = /var/lib/samba/netlogon
>    guest ok = yes
>    writable = no
>    share modes = no
> 
> # For profiles to work, create a user directory under the path
> # shown. i.e., mkdir -p /var/lib/samba/profiles/maryo
> [profiles]
>    comment = Roaming Profile Share
>    path = /var/lib/samba/profiles
>    read only = No
>    profile acls = Yes
> 
> 
> PDC config from HOWTO
> 
> [global]
> workgroup = XXXX
> netbios name = XXXX
> passdb backend = tdbsam
> printcap name = cups
> add user script = /usr/sbin/useradd -m %u
> delete user script = /usr/sbin/userdel -r %u
> add group script = /usr/sbin/groupadd %g
> delete group script = /usr/sbin/groupdel %g
> add user to group script = /usr/sbin/groupmod -A %u %g
> delete user from group script = /usr/sbin/groupmod -R %u %g
> add machine script = /usr/sbin/useradd -s /bin/false -d /var/lib/nobody %u
> # Note: The following specifies the default logon script.
> # Per user logon scripts can be specified in the user account using pdbedit
> logon script = scripts\logon.bat
> # This sets the default profile path. Set per user paths with pdbedit
> logon path = \\%L\Profiles\%U
> logon drive = H:
> logon home = \\%L\%U
> domain logons = Yes
> os level = 35
> preferred master = Yes
> domain master = Yes
> idmap uid = 15000-20000
> idmap gid = 15000-20000
> printing = cups
> wins support = yes
> 
> [homes]
> comment = Home Directories
> valid users = %S
> read only = No
> browseable = No
> 
> # Printing auto-share (makes printers available thru CUPS)
> [printers]
> comment = All Printers
> path = /var/spool/samba
> printer admin = root
> create mask = 0600
> guest ok = Yes
> printable = Yes
> browseable = No
> 
> [print$]
> comment = Printer Drivers Share
> path = /var/lib/samba/drivers
> write list = root
> printer admin = root
> 
> # Needed to support domain logons
> [netlogon]
> comment = Network Logon Service
> path = /var/lib/samba/netlogon
> admin users = root
> guest ok = Yes
> browseable = No
> 
> # For profiles to work, create a user directory under the path
> # shown. i.e., mkdir -p /var/lib/samba/profiles/maryo
> [Profiles]
> comment = Roaming Profile Share
> path = /var/lib/samba/profiles
> read only = No
> profile acls = Yes
> 
> 
> 
-- 
Stephen Mulcahy, Applepie Solutions Ltd, Innovation in Business Center,
   GMIT, Dublin Rd, Galway, Ireland.      mailto:smulcahy@aplpi.com
  mobile:+353.87.2930252  office:+353.91.751262  http://www.aplpi.com