Help please, a file server was upgraded from: Mandriva 2007.1, Samba 3.0.24-2.7mdv2007.1 to Mandriva 2008.1, Samba 3.0.28a-2.1mdv2008.1 and it broke something badly. After the upgrade logins from all XP workstations broke - some of the time. For an existing account (one with a profile already in the home directory) sometimes it will login normally. Well, almost normally, it never seems to leave a new copy of the profile on the XP workstation. Other times, and this is most attempts, it will put up a "Windows did not load your roaming profile..." dialog, then after that a "Windows could not find your local profile...". Eventually it will sort of login using a temporary profile (sorry, I have not been able to catch the exact message yet). For a normal login, a normal looking workstation log file will appear in /var/log/samba/name.log on the server, and will contain both the "connect to service <username> initially as user <username> (uic=2005, gid=192) (pid 7156)" message, and at logout, the "closed connection to service" messages for all of the mounts (netlogin, <username>, and pdb). If a new user (valid username, password, home directory, but no existing profile in that home directory) tries to login it will never succeed. The first error message on the XP side is: "The system could not log you on. Make sure that your user name and domain are correct, then type your password again." They were. I can log into that account on linux with no problems. I already tried turning off the firewall on the server and it made no difference. SMB folder mounting works 100% reliably. It is only the domain logins that are (very) iffy. tcpdump of failed logins shows a very large number of packets being sent from the workstation like this: xpmachine.caltech.edu.1026 > smbserver.netbios-ssn with absolutely nothing going back. log.nmbd has these lines (as if it is working correctly) Samba server SAFSERVER is now a domain master browser for workgroup SAF on subnet 131.215.12.42 Samba server SAFSERVER is now a local master browser for workgroup SAF on subnet 13.215.12.42 These are unchanged from the previous version. The smb.conf was not modified. It still uses the smbpasswd mechanism. Anybody have a suggestion what to try next? Thanks, David Mathog mathog@caltech.edu Manager, Sequence Analysis Facility, Biology Division, Caltech
Perhaps this is relevant? I temporarily allowed file and print sharing
connections from the local subnet on the saf01 workstation, then did:
% smbclient -L saf01 -U 'saf01/Administrator%(password)'
Domain=[SAF] OS=[Windows 5.1] Server=[Windows 2000 LAN Manager]
(SNIP - shares were shown correctly)
Domain=[SAF] OS=[Windows 5.1] Server=[Windows 2000 LAN Manager]
Server Comment
--------- -------
SAF01
SAFSERVER Samba Server
Workgroup Master
--------- -------
SAF SAF01
WORKGROUP CONSTANTIN-PC
Shouldn't the Master for the SAF workgroup (the domain safserver
controls) be listed as SAFSERVER and not SAF01? Safserver certainly
thinks it is the domain master, from this in log.nmbd
Samba name server SAFSERVER is now a local master browser for
workgroup SAF on subnet 131.215.12.42
But the machine saf01 seems to be confused. Even stranger, when I did this:
% smbclient -L saf01 -U 'saf/mathog%(password)'
Password:
session setup failed: NT_STATUS_LOGON_FAILURE
and subsequently
% smbclient -L saf01 -U 'saf01/Administrator%(password)'
Domain=[SAF] OS=[Windows 5.1] Server=[Windows 2000 LAN Manager]
(SNIP - shares shown correctly)
Domain=[SAF] OS=[Windows 5.1] Server=[Windows 2000 LAN Manager]
Server Comment
--------- -------
Workgroup Master
--------- -------
That is, nothing listed under either Server or Workgroup.
Conversely:
% smbclient -L safserver -U 'saf/mathog%(password)'
Domain=[SAF] OS=[Unix] Server=[Samba 3.0.28a]
(SNIP - shares shown correctly)
Domain=[SAF] OS=[Unix] Server=[Samba 3.0.28a]
Server Comment
--------- -------
SAF01
SAFSERVER Samba Server
Workgroup Master
--------- -------
SAF SAFSERVER
WORKGROUP CONSTANTIN-PC
Which is as it should be. The login worked
The XP workstation is at SP3, and it was upgraded to that shortly before
the server was upgraded. I know I tested network logins ONCE after
upgrading, but since it works sometimes, by pure bad luck it may have
worked that one time. Are there any known SP3 issues with certain
versions of Samba?
Thanks,
David Mathog
mathog@caltech.edu
Manager, Sequence Analysis Facility, Biology Division, Caltech
On Tuesday 02 September 2008 06:27:56 pm David Mathog wrote:> The smb.conf was not modified.Maybe it should have been. Not a good idea to upgrade without carefully reading all of the release notes between versions. Defaults do change.
Some progress following these actions:
saf01 workstation: changed domain SAF -> Workgroup WORKGROUP
SMB server: smbpasswd -x -m saf01
smbpasswd -a -m saf01
saf01: reboot
changed workgroup WORKGROUP -> domain SAF
reboot
After that
% smbclient -L saf01 -U 'saf/mathog%(password)'
did connect. Howerver, as before it cleared the contents of
the server and workgroup fields shown by the smbclient command.
Seems like there is some incompatibility on the upgrade for the existing
workstation passwords.
Anyway, and better yet, domain logon succeeded after the above changes,
both for an old user (had a profile) and a new user (had no profile)
On the other hand...
Changes to the desktop of "mathog" (an existing user) are not being
maintained between logins. For instance change the Start menu from
normal to classic, log out, log back in, and it is back to "normal".
Ditto for desktop rearrangements. Conversely, changes for the new user
(profile just created) are maintained. The only difference that is
obvious in the profile directories is that the former has a file:
-r-x------ 1 mathog biostaff 8 2008-09-03 11:02 ntuser.pol*
and the latter doesn't. The contents of that file are:
% od -c ~mathog/profile/ntuser.pol
0000000 P R e g 001 \0 \0 \0
0000010
Removing it didn't make any difference though. Presumably nuking the
profile directory in the existing accounts will enable them to save
changes, although that seems like a very crude fix.
It has been suggested that my smb.conf should have been changed at the
upgrade. Well, here it is (minus blank lines and comments), I don't see
anything wrong with it, perhaps one of you does:
[global]
workgroup = SAF
server string = Samba Server
interfaces = eth0
smb passwd file = /usr/local/samba/private/smbpasswd
passwd chat =
log file = /var/log/samba/%m.log
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
load printers = No
logon script = scripts\everybody.bat
domain logons = Yes
os level = 64
preferred master = Yes
domain master = Yes
dns proxy = No
wins server = 131.215.220.220
ldap ssl = no
hosts allow = 131.215., 127.
[homes]
comment = Home Directories
read only = No
create mask = 0700
directory mask = 0700
browseable = No
[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = No
[netlogon]
comment = Contains login script which just mounts PDB area
path = /u1/usr/netlogon
[pdb]
comment = PDB database directory
path = /u4/pdb
[profiles]
comment = user's profile directories
path = /u1/usr/people/%u/profile
read only = No
create mask = 0700
directory mask = 0700
browseable = No
This is Samba 3.0.28a (32bit, if that matters).
Thanks,
David Mathog
mathog@caltech.edu
Manager, Sequence Analysis Facility, Biology Division, Caltech
Maybe Matching Threads
- enable client to join domain with no or any password?
- fixed delay logging onto Samba3.3 from Vista Business
- method to simulate domain logon from a node?
- upgraded 3.0.28a-2 to 3.4.7-0.2, profile desktop configuration no longer saved
- Maruson power net 1500 support?