samba - Mar 2008 - WinXP Pro can't join Domain (Samba PDC) after server migration but current domain machine are OK

Hi,

I had a Samba PDC running on unstable hardware. I migrate everything on a
new machine, I transferred all the configuration files (smb.conf, smbpasswd,
.), transferred all the users and groups. Everything was working 100% until
I had to join a new machine to Domain, WinXP Pro SP2 can't find de Domin
Controler, but all the WinXP Pro SP2 that where already in the Domain before
the migration can logon fine, their roaming profiles are updated fine and
they access the shares with no problems. I just can't join a new machine. I
reinstall Samba completely on the server, reconfigure everything manually
(not using the old smb.conf) and no change. I try to disable the firewall,
no change. I'm out of idea.

 

I run samba 3.0.26 on Opensuse 10.3 (same as the old server).

 

 

[global]

      workgroup = SOE-DOMAIN

      server string = PDC - File Server

      log file = /data/log/samba_log.txt

      deadtime = 15

      printcap name = cups

      add machine script = /usr/sbin/useradd  -c Machine -d /var/lib/nobody
-s /bin/false %m$

      logon path = \\%L\profiles\.msprofile

      logon drive = P:

      logon home = \\%L\%U\.9xprofile

      domain logons = Yes

      preferred master = Yes

      domain master = Yes

      wins proxy = Yes

      wins support = Yes

      ldap ssl = no

      usershare allow guests = Yes

      acl group control = Yes

      profile acls = Yes

      map acl inherit = Yes

      printing = cups

      cups options = raw

      print command = 

      lpq command = %p

      lprm command = 

      store dos attributes = Yes

      strict locking = Yes

      include = /etc/samba/dhcp.conf

 

[profiles]

      comment = Network Profiles Service

      path = %H

      read only = No

      create mask = 0600

      directory mask = 0700

      browseable = No

 

[users]

      comment = All users

      path = /home

      read only = No

      inherit acls = Yes

      veto files = /aquota.user/groups/shares/

      browseable = No

 

[groups]

      comment = All groups

      path = /home/groups

      read only = No

      inherit acls = Yes

      browseable = No

 

[printers]

      comment = All Printers

      path = /var/tmp

      create mask = 0600

      printable = Yes

      browseable = No

 

[print$]

      comment = Printer Drivers

      path = /var/lib/samba/drivers

      write list = @ntadmin, root

      force group = ntadmin

      create mask = 0664

      directory mask = 0775

 

[data]

      comment = data

      path = /data/data

      read only = No

      inherit permissions = Yes

      inherit acls = Yes

      inherit owner = Yes

 

[programme]

      comment = Network Profiles Service

      path = %H

      read only = No

      create mask = 0600

      directory mask = 0700

      use sendfile = Yes

      browseable = No

 

[email]

      path = /data/email/

      read only = No

      inherit permissions = Yes

      inherit acls = Yes

      inherit owner = Yes

      case sensitive = No

      browseable = No

      blocking locks = No

      locking = No

      oplocks = No

      posix locking = No

      strict locking = No

      msdfs proxy = no 

 

 

Thanks for your help and let me know if you need more infos,

 

Mathieu Beaudoin

Responsable des T.I.

CVT Corp

Technologies de vitesse variable

Variable Speed Technologies

On Thu, 2008-03-13 at 20:10 -0400, Mathieu Beaudoin
wrote:
> Hi,
> 
> I had a Samba PDC running on unstable hardware. I migrate everything on a
> new machine, I transferred all the configuration files (smb.conf,
smbpasswd,
> .), transferred all the users and groups. Everything was working 100% until
> I had to join a new machine to Domain, WinXP Pro SP2 can't find de
Domin
> Controler, but all the WinXP Pro SP2 that where already in the Domain
before
> the migration can logon fine, their roaming profiles are updated fine and
> they access the shares with no problems. I just can't join a new
machine. I
> reinstall Samba completely on the server, reconfigure everything manually
> (not using the old smb.conf) and no change. I try to disable the firewall,
> no change. I'm out of idea.
> 
I've seen similar behaviour before, always after an upgrade (it seems
more common when upgrading a 32bit OS to a 64 bit, IIRC).  My fix was to
export the tdb to smbpasswd, and reimport.  That seems to fix it pretty
consistently.

Rubin
>  
> 
> I run samba 3.0.26 on Opensuse 10.3 (same as the old server).
> 
>  
> 
> 
> 
> [global]
> 
>       workgroup = SOE-DOMAIN
> 
>       server string = PDC - File Server
> 
>       log file = /data/log/samba_log.txt
> 
>       deadtime = 15
> 
>       printcap name = cups
> 
>       add machine script = /usr/sbin/useradd  -c Machine -d /var/lib/nobody
> -s /bin/false %m$
> 
>       logon path = \\%L\profiles\.msprofile
> 
>       logon drive = P:
> 
>       logon home = \\%L\%U\.9xprofile
> 
>       domain logons = Yes
> 
>       preferred master = Yes
> 
>       domain master = Yes
> 
>       wins proxy = Yes
> 
>       wins support = Yes
> 
>       ldap ssl = no
> 
>       usershare allow guests = Yes
> 
>       acl group control = Yes
> 
>       profile acls = Yes
> 
>       map acl inherit = Yes
> 
>       printing = cups
> 
>       cups options = raw
> 
>       print command = 
> 
>       lpq command = %p
> 
>       lprm command = 
> 
>       store dos attributes = Yes
> 
>       strict locking = Yes
> 
>       include = /etc/samba/dhcp.conf
> 
>  
> 
> [profiles]
> 
>       comment = Network Profiles Service
> 
>       path = %H
> 
>       read only = No
> 
>       create mask = 0600
> 
>       directory mask = 0700
> 
>       browseable = No
> 
>  
> 
> [users]
> 
>       comment = All users
> 
>       path = /home
> 
>       read only = No
> 
>       inherit acls = Yes
> 
>       veto files = /aquota.user/groups/shares/
> 
>       browseable = No
> 
>  
> 
> [groups]
> 
>       comment = All groups
> 
>       path = /home/groups
> 
>       read only = No
> 
>       inherit acls = Yes
> 
>       browseable = No
> 
>  
> 
> [printers]
> 
>       comment = All Printers
> 
>       path = /var/tmp
> 
>       create mask = 0600
> 
>       printable = Yes
> 
>       browseable = No
> 
>  
> 
> [print$]
> 
>       comment = Printer Drivers
> 
>       path = /var/lib/samba/drivers
> 
>       write list = @ntadmin, root
> 
>       force group = ntadmin
> 
>       create mask = 0664
> 
>       directory mask = 0775
> 
>  
> 
> [data]
> 
>       comment = data
> 
>       path = /data/data
> 
>       read only = No
> 
>       inherit permissions = Yes
> 
>       inherit acls = Yes
> 
>       inherit owner = Yes
> 
>  
> 
> [programme]
> 
>       comment = Network Profiles Service
> 
>       path = %H
> 
>       read only = No
> 
>       create mask = 0600
> 
>       directory mask = 0700
> 
>       use sendfile = Yes
> 
>       browseable = No
> 
>  
> 
> [email]
> 
>       path = /data/email/
> 
>       read only = No
> 
>       inherit permissions = Yes
> 
>       inherit acls = Yes
> 
>       inherit owner = Yes
> 
>       case sensitive = No
> 
>       browseable = No
> 
>       blocking locks = No
> 
>       locking = No
> 
>       oplocks = No
> 
>       posix locking = No
> 
>       strict locking = No
> 
>       msdfs proxy = no 
> 
>  
> 
> 
> 
> Thanks for your help and let me know if you need more infos,
> 
>  
> 
> Mathieu Beaudoin
> 
> Responsable des T.I.
> 
> CVT Corp
> 
> Technologies de vitesse variable
> 
> Variable Speed Technologies
> 
>  
> 
-- 
Rubin Bennett
RB Technologies
http://thatitguy.com
rbennett@thatitguy.com
(802)223-4448

"They that can give up essential liberty to obtain a little
temporary security deserve neither liberty nor safety"
  --Benjamin Franklin, Historical Review of Pennsylvania, 1759