Kyle
2008-Oct-08 23:14 UTC
[Samba] client/server signing disabled or not - domain Controller is down or unavailable
Hi Folks, hoping someone can help me out please. Using Samba 3.0.28-1.el5_2.1 on CentOS 5.2 I've read the samba docs wrt "incompatible settings between the Windows client and the Samba-3 server for schannel (secure channel) settings or smb signing". So, I've tried smb.conf with client/server signing/schannel at settings of 'yes', 'no' and 'auto' and with the XP settings; "Domain member: Digitally encrypt or sign secure channel data (always)" "Domain member: Digitally encrypr secure channel data (when possible)" "Domain member: Digitally sign secure channel data (when possible)" all set to both 'enabled' and 'disabled'. Either way however, I continue to receive the; "Windows cannot connect to the domain, either because the domain controller is down or otherwise unavailable, or because your computer account was not found...." I have checked the passwd file to see the machine account was created. From what I can read of passdb.tdb, the client's hostname certainly appears in the file. A 'net groupmap list' shows both PDC hostname and domain name SID are the same. The only error I can find is in the individual host's log; [2008/10/09 09:56:59, 2] smbd/sesssetup.c:setup_new_vc_session(1209) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2008/10/09 09:56:59, 2] smbd/sesssetup.c:setup_new_vc_session(1209) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2008/10/09 09:56:59, 2] smbd/service.c:make_connection_snum(605) guest user (from session setup) not permitted to access this share (IPC$) I'm a bit stumped. smb.conf for appraisal is below. Can you help pls? ---------------------------------------------------------------------------------------- [global] # Domain Controller # ----------------- domain master = yes domain logons = yes security = user os level = 95 # Domain Options # -------------- passdb backend = tdbsam admin users = @admins unix password sync = yes passwd program = /usr/bin/userpasswd %u passwd chat = *password:* %n\n *password:* %n\n *successfully.* netbios name = Bottlenose workgroup = ATTITIA server string bind interfaces only = yes interfaces = lo eth1 smb ports = 139 guest account = nobody encrypt passwords = yes ; smb passwd file = /etc/samba/smbpasswd # Unix users can map to different SMB User names ; username map = /etc/samba/smbusers syslog = false socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 dns proxy = no utmp = yes time server = yes preserve case = yes deadtime = 15 client signing = auto server signing = auto client schannel = auto server schannel = auto restrict anonymous = 2 hide unreadable = yes # WINS / VPN # ---------- wins support = yes # Other handy directives # ---------------------- preferred master = yes # remote announce = 192.168.<x.x> # remote browse sync # Logon options # ------------- logon home = \\%N\%U logon drive = H: logon script = %U.cmd # Disable roaming profiles ; logon home logon path # Enable roaming profiles ; logon home = \\%L\%U ; logon path = \\%L\profiles\%m\%u # For low-risk security reasons on Win2000/WinXP networks (no Win98) # Using the following line enables you to customise your configuration # on a per machine basis. The %m gets replaced with the netbios name # of the machine that is connecting include = /etc/samba/%m.smb.conf # Authconfig adds these #---------------------- idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 template shell = /bin/false winbind use default domain = no # PDC Scripts #---- add user script = /usr/sbin/useradd -n -g smb-users -m %u delete user script = /usr/sbin/userdel %u add user to group script = /usr/sbin/usermod -G %g %u add group script = /etc/samba/smbGrpAdd.sh "%g" delete user from group script = /usr/sbin/userdel %u %g delete group script = /usr/sbin/groupdel %g add machine script = /usr/sbin/useradd -d /dev/null -n -g smb-hosts -c "Machine Account (%u)" -M -s /bin/false %u # Printing # -------- use client driver = yes printcap name = /etc/printcap load printers = yes # Logging # ------- log level = 2 log file = /var/log/samba/%m.log max log size = 50 # ============================ Share Definitions ============================= [netlogon] comment = Attitia LAN Logon path = /home/samba/netlogon guest ok = yes writable = no ; share modes = no [homes] valid users = %S read only = no browseable = no [public] comment = Public Shared path = /home/shares/pub browseable = yes guest only = yes writable = yes public = yes [ftpsite] comment = Public FTP Folder path = /var/ftp/pub browseable = yes guest only = yes writable = yes public = yes include = /etc/samba/shares.conf # [profiles] # path = /home/samba/profiles # read only = No # create mask = 0600 # directory mask = 0700 # hide unwriteable files = yes ## profile acls = Yes -- ------------------------------------------------------------------------ Kind Regards Kyle