Pat Riehecky
2007-May-11 16:51 UTC
[Samba] BDC keeps taking over and not allowing logins from NT PDC
Hello, thanks for looking over my ramblings... We have an NT4 PDC with and NT4 BDC on 192.168.132.X, these boxes are very very old and overloaded. I am trying to replace them with a nice shinny new Samba box. My problem is that while I am trying to test it out to make sure it plays nice it keeps winning the elections. I find this weird as I have set the box to domain master = no and turned the os level and announce values to really low values. When it does win no one can login to the domain (and therefore their workstations) and I have to stop samba to get users back logging in and able to work. I joined it to the domain via: net rpc join -S [NT netbios name or IP] -UAdministrator%password I got BDC rights and ran: # net rpc vampire -S [NT netbios name or IP] -W [domainname] -UAdministrator%password About the time that users reported login problems I got lots of copies of [2007/05/11 08:01:14, 0] lib/util_sock.c:get_peer_addr(1225) getpeername failed. Error was Transport endpoint is not connected in /var/log/log.smbd To add further complexity the samba box is on a 10. address while the PDC and BDC are on 192.168. addresses. Is this a problem? Any ideas why it is winning the election, why users cannot login to their systems, is my switch to a different address space a problem? Thanks! -- data snippets -- # ping 192.168.132.15 PING 192.168.132.15 (192.168.132.15) 56(84) bytes of data. 64 bytes from 192.168.132.15: icmp_seq=1 ttl=127 time=0.282 ms 64 bytes from 192.168.132.15: icmp_seq=2 ttl=127 time=0.228 ms 64 bytes from 192.168.132.15: icmp_seq=3 ttl=127 time=0.240 ms --- 192.168.132.15 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 1998ms rtt min/avg/max/mdev = 0.228/0.250/0.282/0.023 ms # pdbedit -Lv prieheck Unix username: prieheck NT username: prieheck Account Flags: [UX ] User SID: S-1-5-21-769903590-661906358-2446119016-1958 Primary Group SID: S-1-5-21-769903590-661906358-2446119016-513 Full Name: Pat Riehecky Home Directory: \\files\prieheck HomeDir Drive: Logon Script: Profile Path: \\files\prieheck\profile Domain: IWUADMIN Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: Mon, 18 Jan 2038 21:14:07 CST Kickoff time: Mon, 18 Jan 2038 21:14:07 CST Password last set: Fri, 30 Mar 2007 09:00:41 CDT Password can change: 0 Password must change: Mon, 18 Jan 2038 21:14:07 CST Last bad password : 0 Bad password count : 0 Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF # testparm [global] display charset = UTF8 workgroup = IWUADMIN server string = %h server (Samba, Ubuntu) announce version = 2.0 announce as = win95 os level = 0 obey pam restrictions = Yes passdb backend = tdbsam algorithmic rid base = 10000 passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew \sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* . username map = /etc/samba/users.map restrict anonymous = 2 lanman auth = No client NTLMv2 auth = Yes client lanman auth = No client plaintext auth = No log level = 1 syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 min protocol = NT1 max mux = 100 change notify timeout = 300 deadtime = 900 max disk size = 5240 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 SO_KEEPALIVE IPTOS_LOWDELAY load printers = No add user script = /usr/sbin/adduser --quiet --disabled-password --gecos "" %u delete user script = /usr/sbin/userdel -r '%u' add group script = /usr/sbin/groupadd '%g' delete group script = /usr/sbin/groupdel '%g' add user to group script = /usr/sbin/usermod -G '%g' '%u' add machine script = /usr/sbin/useradd -s /bin/false -d /dev/null '%u' lm announce = No preferred master = No domain master = No wins server = 192.168.132.25 panic action = /usr/share/samba/panic-action %d invalid users = backup, bin, daemon, dhcp, games, gnats, irc, klog, list, lp, mail, man, news, nobody, postfix, proxy, sync, sys, syslog, uucp, www-data, root hosts allow = 192.168.132., 10., 172.16.1., 127.0.0.1 remote announce = 192.168.132.255/IWUADMIN [homes] comment = Home Directories valid users = %S browseable = No [netlogon] comment = Network Logon Service path = /home/samba/netlogon guest ok = Yes share modes = No [template] path = /tmp read only = No create mask = 0775 directory mask = 0775 strict allocate = Yes preserve case = No hide special files = Yes hide unreadable = Yes hide unwriteable files = Yes browseable = No fstype = FAT wide links = No [TEST] copy = template path = /home/prieheck comment = just a test of group stuff valid users = @it force group = it # ifconfig eth0 eth0 Link encap:Ethernet HWaddr 00:1A:4B:0A:57:12 inet addr:10.132.0.30 Bcast:10.132.0.255 Mask:255.255.255.0 inet6 addr: fe80::21a:4bff:fe0a:5712/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:305547 errors:0 dropped:0 overruns:0 frame:0 TX packets:294673 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:74791511 (71.3 MiB) TX bytes:142754073 (136.1 MiB) Interrupt:169 # cat /etc/issue Ubuntu 6.10 \n \l # uname -a Linux files 2.6.17-11-server #2 SMP Tue Mar 13 23:33:44 UTC 2007 i686 GNU/Linux # dpkg -l |grep samba ii libcrypt-smbhash-perl 0.12-1 ii samba 3.0.22-1ubuntu4.1 ii samba-common 3.0.22-1ubuntu4.1
Possibly Parallel Threads
- [Resolved] Found a way of allowing pam_ldap users (with pam_groupdn or pam_check_host_attr restrictions), AND allowing local root authentication, without pam_unix.so taking presense due to getpwent() returns ldap-users
- ssh allowing root logins
- STATUS_INVALID_HANDLE?
- Credential caching (I guess) problems
- managesieve configuration