Koen Linders
2008-Feb-01 11:03 UTC
[Samba] PDC: random problems, especially NETLOGON script not always loading
Debian Latest stable.
Linux newton 2.6.18-4-686
Samba 3.0.24
PDC
3Com 3812 Gigabit switch (connection between WinXP client & server)
Others connect through 3Com 3225 100 Mbit -> 3Com 3812 -> Server
Windows XP SP2 fully updated.
F-Secure client security (look down for firewall settings)
In advance, thanks for reading this. Any suggestions are welcome!
I'm having a hard time here. I read a whole lot, browses, searched. I try
to provide as much info as possible but if you need more, Let me know.
The main problem is the "randomness". Or atleast it looks random for
me.
People with mapped shares working for +1 year don't have connection
problems. So most of the time it seems to work fine.
But i really want to troubleshoot & get all errors out.
I guess the problem i describe next also is the cause of random Roaming
profile problems, but lets not focus on that part, too many random factors
in my opinion. And they were only a part of the test. It might work if i
get this problem solved.
I got a script in the netlogon mapping drives dynamically depending on
groups.
I don't want them permanent. I don't want a workaround!
Everything works fine, most of the time...
Sometimes it seems the test pc doesn't see the netlogon during boot.
But it's still accesible when browsing to the share and is executable.
Through policy i tried setting:
1)I tried setting detecting slow network (1Gbit though) on.
or
2) Also run script synchronously
No changes.
Firewall:
Even when i change allow all trafic to Samba server in both directions.
Firewall has all necessary port open in both directions:
SMB (TCP) 445 SMB over TCP/IP (TCP)
SMB (UDP) 445 SMB over TCP/IP (UDP)
Windows Networking (1) 137-138 Both broadcast and multicast Windows
network browsing
Windows Networking (2) 139 Windows file sharing and network printers
WINS(1) 42 Both broadcast and multicast WINS / Windows Internet Name
Service (UDP)
WINS(2) 42 WINS / Windows Internet Name Service (TCP)
Windows doesn't show an error in the log, except the autoenrollment one,
which is normal (no AD).
Samba log file when it goes wrong (a bit lower).
The error when it goes wrong:
1) Error writing 5 bytes to client. -1. (Connection reset by peer):
=> has to do with client going over NETBIOS (139) & 445 and closing one
of
2 connections
Nothing wrong here.
The weird part: For test: i blocked 137-138-139 on firewall and i couldn't
connect to samba share...
Server is listening on both 139 & 445:
netstat -an | egrep '(137|138|139|445)'
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN
tcp 0 0 192.168.1.2:139 192.168.1.59:1075
ESTABLISHED
tcp 0 0 192.168.1.2:445 192.168.1.82:4409
ESTABLISHED
tcp 0 0 192.168.1.2:445 192.168.1.4:40578
ESTABLISHED
tcp 0 0 192.168.1.2:445 192.168.1.44:3465
ESTABLISHED
tcp 0 0 192.168.1.2:139 192.168.1.109:1209
ESTABLISHED
udp 0 0 192.168.1.2:137 0.0.0.0:*
udp 0 0 0.0.0.0:137 0.0.0.0:*
udp 0 0 192.168.1.2:138 0.0.0.0:*
udp 0 0 0.0.0.0:138 0.0.0.0:*
2) lib/util_sock.c:write_data(562)
write_data: write failure in writing to client 192.168.1.98. Error
Connection reset by peer
=> Could this error point somewhere?
Samba log:
[2008/01/29 13:13:27, 0] lib/util_sock.c:get_peer_addr(1229)
getpeername failed. Error was Transport endpoint is not connected
[2008/01/29 13:13:27, 0] lib/access.c:check_access(327)
[2008/01/29 13:13:27, 0] lib/util_sock.c:get_peer_addr(1229)
getpeername failed. Error was Transport endpoint is not connected
Denied connection from (0.0.0.0)
[2008/01/29 13:13:27, 1] smbd/process.c:process_smb(1103)
[2008/01/29 13:13:27, 0] lib/util_sock.c:get_peer_addr(1229)
getpeername failed. Error was Transport endpoint is not connected
Connection denied from 0.0.0.0
[2008/01/29 13:13:27, 0] lib/util_sock.c:write_data(562)
write_data: write failure in writing to client 192.168.1.98. Error
Connection reset by peer
[2008/01/29 13:13:27, 0] lib/util_sock.c:send_smb(769)
Error writing 5 bytes to client. -1. (Connection reset by peer)
[2008/01/29 13:13:27, 1] smbd/service.c:make_connection_snum(950)
mpi057 (192.168.1.98) connect to service profiles initially as user
verah (uid=1003, gid=1001) (pid 12835)
[2008/01/29 13:13:27, 1] smbd/service.c:close_cnum(1150)
mpi057 (192.168.1.98) closed connection to service profiles
[2008/01/29 13:13:30, 1] smbd/service.c:make_connection_snum(950)
Smb.conf:
#======================= Global Settings ======================
[global]
netbios name = NEWTON
workgroup = KOCALM
domain master = yes
domain logons = yes
local master = yes
preferred master = yes
os level = 65
wins support = yes
name resolve order = wins lmhosts host bcast
time server = yes
security = user
encrypt passwords = true
browse list = yes
browseable = no
max disk size = 20480
# [globals] User and group related
idmap gid = 15000-20000
add group script = /usr/sbin/groupadd %g
delete group script = /usr/sbin/groupdel %g
idmap uid = 15000-20000
add user script = /usr/sbin/useradd -m %u
delete user script = /usr/sbin/userdel -r %u
add machine script = /usr/sbin/useradd -s /bin/false -d /dev/null -g
machines %u
passdb backend = tdbsam
hosts allow = 192.168.1. 127.0.0.1
# logon home = \\NEWTON\%U
logon path = \\NEWTON\profiles\%U
logon script = logon.bat
# logon drive = H:
# printing = cups
printcap name = cups
[netlogon]
comment = Network Logon Service
path = /data/netlogon
guest ok = yes
browseable = No
L.P.H. van Belle
2008-Feb-27 07:22 UTC
[Samba] PDC: random problems, especially NETLOGON script not always loading
make sure your pcname resolving works, as i can see sofar, i think thats your problem. Setup a Dynamic DNS on the PDC. ( dhcp + dhcp ) and to test this before you go to work. fill in \windows\system32\drivers\etc\hosts servername IPADRESS do this on all of the pc's and test again. i bet this is your problem. Louis>-----Oorspronkelijk bericht----- >Van: samba-bounces+belle=bazuin.nl@lists.samba.org >[mailto:samba-bounces+belle=bazuin.nl@lists.samba.org] Namens >Koen Linders >Verzonden: vrijdag 1 februari 2008 12:03 >Aan: samba@lists.samba.org >Onderwerp: [Samba] PDC: random problems,especially NETLOGON >script not always loading > >Debian Latest stable. >Linux newton 2.6.18-4-686 >Samba 3.0.24 >PDC > >3Com 3812 Gigabit switch (connection between WinXP client & server) >Others connect through 3Com 3225 100 Mbit -> 3Com 3812 -> Server > >Windows XP SP2 fully updated. >F-Secure client security (look down for firewall settings) > >In advance, thanks for reading this. Any suggestions are welcome! > >I'm having a hard time here. I read a whole lot, browses, >searched. I try >to provide as much info as possible but if you need more, Let me know. >The main problem is the "randomness". Or atleast it looks >random for me. > >People with mapped shares working for +1 year don't have connection >problems. So most of the time it seems to work fine. >But i really want to troubleshoot & get all errors out. > >I guess the problem i describe next also is the cause of >random Roaming >profile problems, but lets not focus on that part, too many >random factors >in my opinion. And they were only a part of the test. It might >work if i >get this problem solved. > >I got a script in the netlogon mapping drives dynamically >depending on >groups. >I don't want them permanent. I don't want a workaround! > >Everything works fine, most of the time... >Sometimes it seems the test pc doesn't see the netlogon during boot. >But it's still accesible when browsing to the share and is executable. > >Through policy i tried setting: >1)I tried setting detecting slow network (1Gbit though) on. >or >2) Also run script synchronously >No changes. > >Firewall: >Even when i change allow all trafic to Samba server in both directions. > >Firewall has all necessary port open in both directions: >SMB (TCP) 445 SMB over TCP/IP (TCP) >SMB (UDP) 445 SMB over TCP/IP (UDP) >Windows Networking (1) 137-138 Both broadcast and multicast >Windows >network browsing >Windows Networking (2) 139 Windows file sharing and >network printers >WINS(1) 42 Both broadcast and >multicast WINS / Windows Internet Name >Service (UDP) >WINS(2) 42 WINS / Windows Internet >Name Service (TCP) > >Windows doesn't show an error in the log, except the >autoenrollment one, >which is normal (no AD). >Samba log file when it goes wrong (a bit lower). > >The error when it goes wrong: > >1) Error writing 5 bytes to client. -1. (Connection reset by peer): >=> has to do with client going over NETBIOS (139) & 445 and >closing one of >2 connections >Nothing wrong here. >The weird part: For test: i blocked 137-138-139 on firewall >and i couldn't >connect to samba share... > >Server is listening on both 139 & 445: > >netstat -an | egrep '(137|138|139|445)' >tcp 0 0 0.0.0.0:139 0.0.0.0:* > LISTEN >tcp 0 0 0.0.0.0:445 0.0.0.0:* > LISTEN >tcp 0 0 192.168.1.2:139 192.168.1.59:1075 >ESTABLISHED >tcp 0 0 192.168.1.2:445 192.168.1.82:4409 >ESTABLISHED >tcp 0 0 192.168.1.2:445 192.168.1.4:40578 >ESTABLISHED >tcp 0 0 192.168.1.2:445 192.168.1.44:3465 >ESTABLISHED >tcp 0 0 192.168.1.2:139 192.168.1.109:1209 >ESTABLISHED >udp 0 0 192.168.1.2:137 0.0.0.0:* >udp 0 0 0.0.0.0:137 0.0.0.0:* >udp 0 0 192.168.1.2:138 0.0.0.0:* >udp 0 0 0.0.0.0:138 0.0.0.0:* > > >2) lib/util_sock.c:write_data(562) > write_data: write failure in writing to client 192.168.1.98. Error >Connection reset by peer >=> Could this error point somewhere? > >Samba log: > >[2008/01/29 13:13:27, 0] lib/util_sock.c:get_peer_addr(1229) > getpeername failed. Error was Transport endpoint is not connected >[2008/01/29 13:13:27, 0] lib/access.c:check_access(327) >[2008/01/29 13:13:27, 0] lib/util_sock.c:get_peer_addr(1229) > getpeername failed. Error was Transport endpoint is not connected > Denied connection from (0.0.0.0) >[2008/01/29 13:13:27, 1] smbd/process.c:process_smb(1103) >[2008/01/29 13:13:27, 0] lib/util_sock.c:get_peer_addr(1229) > getpeername failed. Error was Transport endpoint is not connected > Connection denied from 0.0.0.0 >[2008/01/29 13:13:27, 0] lib/util_sock.c:write_data(562) > write_data: write failure in writing to client 192.168.1.98. Error >Connection reset by peer >[2008/01/29 13:13:27, 0] lib/util_sock.c:send_smb(769) > Error writing 5 bytes to client. -1. (Connection reset by peer) >[2008/01/29 13:13:27, 1] smbd/service.c:make_connection_snum(950) > mpi057 (192.168.1.98) connect to service profiles initially >as user >verah (uid=1003, gid=1001) (pid 12835) >[2008/01/29 13:13:27, 1] smbd/service.c:close_cnum(1150) > mpi057 (192.168.1.98) closed connection to service profiles >[2008/01/29 13:13:30, 1] smbd/service.c:make_connection_snum(950) > > >Smb.conf: > >#======================= Global Settings ======================> >[global] > netbios name = NEWTON > workgroup = KOCALM > domain master = yes > domain logons = yes > local master = yes > preferred master = yes > os level = 65 > > wins support = yes > name resolve order = wins lmhosts host bcast > > time server = yes > > security = user > encrypt passwords = true > > browse list = yes > browseable = no > max disk size = 20480 > > > # [globals] User and group related > > idmap gid = 15000-20000 > add group script = /usr/sbin/groupadd %g > delete group script = /usr/sbin/groupdel %g > > idmap uid = 15000-20000 > add user script = /usr/sbin/useradd -m %u > delete user script = /usr/sbin/userdel -r %u > > add machine script = /usr/sbin/useradd -s /bin/false -d >/dev/null -g >machines %u > > passdb backend = tdbsam > hosts allow = 192.168.1. 127.0.0.1 > ># logon home = \\NEWTON\%U > logon path = \\NEWTON\profiles\%U > logon script = logon.bat ># logon drive = H: > > ># printing = cups > printcap name = cups > >[netlogon] > comment = Network Logon Service > path = /data/netlogon > guest ok = yes > browseable = No > >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/listinfo/samba >