Pat Riehecky
2007-May-11 16:51 UTC
[Samba] BDC keeps taking over and not allowing logins from NT PDC
Hello, thanks for looking over my ramblings...
We have an NT4 PDC with and NT4 BDC on 192.168.132.X, these boxes are
very very old and overloaded. I am trying to replace them with a nice
shinny new Samba box. My problem is that while I am trying to test it
out to make sure it plays nice it keeps winning the elections.
I find this weird as I have set the box to domain master = no and turned
the os level and announce values to really low values.
When it does win no one can login to the domain (and therefore their
workstations) and I have to stop samba to get users back logging in and
able to work.
I joined it to the domain via:
net rpc join -S [NT netbios name or IP] -UAdministrator%password
I got BDC rights and ran:
# net rpc vampire -S [NT netbios name or IP] -W [domainname]
-UAdministrator%password
About the time that users reported login problems I got lots of copies
of
[2007/05/11 08:01:14, 0] lib/util_sock.c:get_peer_addr(1225)
getpeername failed. Error was Transport endpoint is not connected
in /var/log/log.smbd
To add further complexity the samba box is on a 10. address while the
PDC and BDC are on 192.168. addresses. Is this a problem?
Any ideas why it is winning the election, why users cannot login to
their systems, is my switch to a different address space a problem?
Thanks!
-- data snippets --
# ping 192.168.132.15
PING 192.168.132.15 (192.168.132.15) 56(84) bytes of data.
64 bytes from 192.168.132.15: icmp_seq=1 ttl=127 time=0.282 ms
64 bytes from 192.168.132.15: icmp_seq=2 ttl=127 time=0.228 ms
64 bytes from 192.168.132.15: icmp_seq=3 ttl=127 time=0.240 ms
--- 192.168.132.15 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1998ms
rtt min/avg/max/mdev = 0.228/0.250/0.282/0.023 ms
# pdbedit -Lv prieheck
Unix username: prieheck
NT username: prieheck
Account Flags: [UX ]
User SID: S-1-5-21-769903590-661906358-2446119016-1958
Primary Group SID: S-1-5-21-769903590-661906358-2446119016-513
Full Name: Pat Riehecky
Home Directory: \\files\prieheck
HomeDir Drive:
Logon Script:
Profile Path: \\files\prieheck\profile
Domain: IWUADMIN
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: Mon, 18 Jan 2038 21:14:07 CST
Kickoff time: Mon, 18 Jan 2038 21:14:07 CST
Password last set: Fri, 30 Mar 2007 09:00:41 CDT
Password can change: 0
Password must change: Mon, 18 Jan 2038 21:14:07 CST
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
# testparm
[global]
display charset = UTF8
workgroup = IWUADMIN
server string = %h server (Samba, Ubuntu)
announce version = 2.0
announce as = win95
os level = 0
obey pam restrictions = Yes
passdb backend = tdbsam
algorithmic rid base = 10000
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew
\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* .
username map = /etc/samba/users.map
restrict anonymous = 2
lanman auth = No
client NTLMv2 auth = Yes
client lanman auth = No
client plaintext auth = No
log level = 1
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
min protocol = NT1
max mux = 100
change notify timeout = 300
deadtime = 900
max disk size = 5240
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
SO_KEEPALIVE IPTOS_LOWDELAY
load printers = No
add user script = /usr/sbin/adduser --quiet --disabled-password
--gecos "" %u
delete user script = /usr/sbin/userdel -r '%u'
add group script = /usr/sbin/groupadd '%g'
delete group script = /usr/sbin/groupdel '%g'
add user to group script = /usr/sbin/usermod -G '%g'
'%u'
add machine script = /usr/sbin/useradd -s /bin/false
-d /dev/null '%u'
lm announce = No
preferred master = No
domain master = No
wins server = 192.168.132.25
panic action = /usr/share/samba/panic-action %d
invalid users = backup, bin, daemon, dhcp, games, gnats, irc,
klog, list, lp, mail, man, news, nobody, postfix, proxy, sync, sys,
syslog, uucp, www-data, root
hosts allow = 192.168.132., 10., 172.16.1., 127.0.0.1
remote announce = 192.168.132.255/IWUADMIN
[homes]
comment = Home Directories
valid users = %S
browseable = No
[netlogon]
comment = Network Logon Service
path = /home/samba/netlogon
guest ok = Yes
share modes = No
[template]
path = /tmp
read only = No
create mask = 0775
directory mask = 0775
strict allocate = Yes
preserve case = No
hide special files = Yes
hide unreadable = Yes
hide unwriteable files = Yes
browseable = No
fstype = FAT
wide links = No
[TEST]
copy = template
path = /home/prieheck
comment = just a test of group stuff
valid users = @it
force group = it
# ifconfig eth0
eth0 Link encap:Ethernet HWaddr 00:1A:4B:0A:57:12
inet addr:10.132.0.30 Bcast:10.132.0.255 Mask:255.255.255.0
inet6 addr: fe80::21a:4bff:fe0a:5712/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:305547 errors:0 dropped:0 overruns:0 frame:0
TX packets:294673 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:74791511 (71.3 MiB) TX bytes:142754073 (136.1 MiB)
Interrupt:169
# cat /etc/issue
Ubuntu 6.10 \n \l
# uname -a
Linux files 2.6.17-11-server #2 SMP Tue Mar 13 23:33:44 UTC 2007 i686
GNU/Linux
# dpkg -l |grep samba
ii libcrypt-smbhash-perl 0.12-1
ii samba 3.0.22-1ubuntu4.1
ii samba-common 3.0.22-1ubuntu4.1
Possibly Parallel Threads
- [Resolved] Found a way of allowing pam_ldap users (with pam_groupdn or pam_check_host_attr restrictions), AND allowing local root authentication, without pam_unix.so taking presense due to getpwent() returns ldap-users
- ssh allowing root logins
- STATUS_INVALID_HANDLE?
- Credential caching (I guess) problems
- managesieve configuration
Wisdom of the Ancients
