samba - Jul 2008 - PDC cannot become master browser; cannot change passwords

I am having two problems, possibly related, while performing 
pre-deployment testing of a Samba/OpenLDAP PDC with data that was 
vampired from an NT4 PDC.  The Samba server fails to become a local 
master browser, and password change attempts (from a Windows client) fail.

I followed Samba-Guide/ntmigration.html (taking some liberties with 
various items of configuration), ending with step #19.  No problems were 
encountered.

I isolated the server and a client on a separate network, promoted Samba 
to a PDC (step #21), and started the Samba daemons.

On the closed network are the following machines:

Software: Debian Etch, Samba 3.0.24
NetBIOS: SPACETIME
Address: 192.168.1.2
Netmask: 255.255.255.0
Gateway: none

Software: Windows XP Professional
NetBIOS: ICE-LT021
Address: 192.168.1.50
Netmask: 255.255.255.0
Gateway: none
DNS: 192.168.1.2
WINS: 192.168.1.2

Here are my config files and logs:
   http://kdegraaf.net/samba-wtf/smb.conf
   http://kdegraaf.net/samba-wtf/slapd.conf
   http://kdegraaf.net/samba-wtf/log.smbd
   http://kdegraaf.net/samba-wtf/log.nmbd
   http://kdegraaf.net/samba-wtf/log.192.168.1.50
   http://kdegraaf.net/samba-wtf/log.ice-lt021

The server is running dnscache on 192.168.1.2 and tinydns on 127.0.0.1. 
  The client can ping the server by hostname, indicating that DNS and 
basic TCP/IP are in working order.  The client can successfully join the 
domain and log in.

Problem #1:

register_name_response: server at IP 192.168.1.50 rejected our name 
registration of INTERCLEAN<1d> IP 192.168.1.2 with error code 6.

become_local_master_fail2: failed to register name INTERCLEAN<1d> on 
subnet 192.168.1.2. Failed to become a local master browser.

unbecome_local_master_browser: unbecoming local master for workgroup 
INTERCLEAN on subnet 192.168.1.2

Seriously?  Clients can tell servers to stop being servers?  Imagine:

Internet Explorer: Please stop being a Web server.
Apache: I'm sorry, my bad.  *unbinds from port 80 and shuts down*

Problem #2:

I attempted to change my password from the Windows workstation.  The 
request hung for 35 seconds and then I received an error: "The system 
cannot change your password now because the domain INTERCLEAN is not 
available."

This happened immediately after logging into the domain (and that 
workstation's cached credential count is set to zero).

Per my Google search results, I ensured that the server was resolvable 
and pingable, and that the client's WINS server address was configured 
correctly, and that 'nbtstat -c' didn't show any incorrect cached
entries.

Any help will be appreciated.

-- 
Kevin DeGraaf

Kevin DeGraaf ha scritto:
> I am having two problems, possibly related, while performing 
> pre-deployment testing of a Samba/OpenLDAP PDC with data that was 
> vampired from an NT4 PDC.  The Samba server fails to become a local 
> master browser, and password change attempts (from a Windows client) 
> fail.
>
> I followed Samba-Guide/ntmigration.html (taking some liberties with 
> various items of configuration), ending with step #19.  No problems 
> were encountered.
>
> I isolated the server and a client on a separate network, promoted 
> Samba to a PDC (step #21), and started the Samba daemons.
>
> On the closed network are the following machines:
>
> Software: Debian Etch, Samba 3.0.24
> NetBIOS: SPACETIME
> Address: 192.168.1.2
> Netmask: 255.255.255.0
> Gateway: none
>
> Software: Windows XP Professional
> NetBIOS: ICE-LT021
> Address: 192.168.1.50
> Netmask: 255.255.255.0
> Gateway: none
> DNS: 192.168.1.2
> WINS: 192.168.1.2
>
> Here are my config files and logs:
>   http://kdegraaf.net/samba-wtf/smb.conf
>   http://kdegraaf.net/samba-wtf/slapd.conf
>   http://kdegraaf.net/samba-wtf/log.smbd
>   http://kdegraaf.net/samba-wtf/log.nmbd
>   http://kdegraaf.net/samba-wtf/log.192.168.1.50
>   http://kdegraaf.net/samba-wtf/log.ice-lt021
>
> The server is running dnscache on 192.168.1.2 and tinydns on 
> 127.0.0.1.  The client can ping the server by hostname, indicating 
> that DNS and basic TCP/IP are in working order.  The client can 
> successfully join the domain and log in.
>
> Problem #1:
>
> register_name_response: server at IP 192.168.1.50 rejected our name 
> registration of INTERCLEAN<1d> IP 192.168.1.2 with error code 6.
>
> become_local_master_fail2: failed to register name INTERCLEAN<1d> on 
> subnet 192.168.1.2. Failed to become a local master browser.
>
> unbecome_local_master_browser: unbecoming local master for workgroup 
> INTERCLEAN on subnet 192.168.1.2
>
> Seriously?  Clients can tell servers to stop being servers?  Imagine:
in the smb network every host can be a server, who is the server is who 
wins the election.
put  local master = yes in smb.conf and change os level = 255
> [CUT]
> Problem #2:
>
> I attempted to change my password from the Windows workstation.  The 
> request hung for 35 seconds and then I received an error: "The system 
> cannot change your password now because the domain INTERCLEAN is not 
> available."
>
>
I'm not sure but the admin must write on the tree ldap
> access to
attr=userPassword,sambaNTPassword,sambaLMPassword,shadowLastChange
        by dn="cn=Manager,dc=interclean,dc=com" write
        by anonymous auth
>	by self write
>	by * auth