Jörg Nissen
2013-Feb-21 08:36 UTC
[Samba] Samba PDC not in network environment (Windows 7/8)
I recently changed my clients (3 notebooks, 2 desktop pcs) from Windows XP Pro
to Windows 7/8 Pro. I followed the guides that can be found on samba.org and all
over the internet. Client migration worked after some minor trouble. There is
only one thing left that I could no resolve the last few days. All clients see
each other under "Network" but no client sees my samba server.
Though the samba PDC cannot be seen most of the network related stuff works as
expected. Domain logons work, the per user netlogon script ist executed (network
shares on the PDC get mapped, time is synced), shares can be opened with
"\\PDC\share". Executing "nbtstat" on the clients works
except for "-[s|S|R|RR]"
which results in "no connection". Executing "smbtree -N |
smbclient -N" works on
the PDC.
To prevent common questions:
- client installation is not older than 30 days
- disabled pw change after 30 days in registry
- no firewall on clients
- PDC firewall allows traffic to and from ports 137-139,445
- samba version Version 3.6.12-162.1-2943-SUSE-SL12.1-x86_64
----------------------------------------------------------------------------
Output of "netstat -an | egrep '13[789]|445'"
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN
tcp 0 0 192.168.11.10:60002 192.168.11.230:445 VERBUNDEN
udp 0 0 192.168.11.255:137 0.0.0.0:*
udp 0 0 192.168.11.10:137 0.0.0.0:*
udp 0 0 0.0.0.0:137 0.0.0.0:*
udp 0 0 192.168.11.255:138 0.0.0.0:*
udp 0 0 192.168.11.10:138 0.0.0.0:*
udp 0 0 0.0.0.0:138 0.0.0.0:*
Remark: 192.168.11.230 is a nas storage which cannot be seen from clients
either.
----------------------------------------------------------------------------
My "smb.conf":
[global]
unix charset = UTF8
display charset = UTF8
workgroup = <MyWorkgroupName>
server string = <MyServerString>
netbios name = <MyServerName>
netbios aliases = PDC
interfaces = eth0, 127.0.0.0/8
bind interfaces only = no
map to guest = Bad User
passdb backend = tdbsam
username map = /etc/samba/smbusers
username level = 1
server signing = auto
max protocol = SMB2
client NTLMv2 auth = Yes
log level = 2 smb:1 auth:1 sam:1 acls:1 passdb:1 tdb:1 winbind:1 idmap:1
syslog = 0
log file = /var/log/samba/log.%m
max xmit = 65535
name resolve order = wins bcast lmhosts hosts
time server = Yes
deadtime = 10
paranoid server security = No
socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY SO_BROADCAST SO
_SNDBUF=16384 SO_RCVBUF=16384
hostname lookups = Yes
add user script = /usr/sbin/useradd -d /home/%u -g users -k /etc/samba/s
kel -m -s /bin/false %u
delete user script = /usr/sbin/userdel %u
add user to group script = /usr/sbin/usermod -G %g %u
set primary group script = /usr/sbin/usermod -g %g %u
delete user from group script = /usr/sbin/groupmod -R %u %g
add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody -s
/bin/false -g machines %u
logon script = %U.bat
logon path = \\%N\profiles\%U\%a
domain logons = Yes
os level = 88
preferred master = Yes
domain master = Yes
local master = yes
time server = yes
wins support = Yes
client use spnego = no
ldap ssl = no
winbind enum users = Yes
winbind enum groups = Yes
winbind expand groups = 3
winbind use default domain = no
winbind rpc only = Yes
winbind offline logon = no
idmap config * : backend = tdb
idmap config * : range = 15000 - 25000
encrypt passwords = yes
pam password change = yes
passwd program = /usr/bin/passwd %u
passwd chat = Neues*Passwort* %n\nGeben Sie das neue Passwort erneut ein
* %n\nPass*dert.\n
veto files = /*.eml/*.nws/riched20.dll/*.{*}/
dos filetime resolution = Yes
printing = cups
printcap = cups
[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
write list = @samba-domain-admins @Administrators
read list = @samba-domain-users @machines @Familie
force group = samba-domain-users
browseable = No
[profiles]
path = /var/lib/samba/profiles
profile acls = yes
csc policy = disable
read only = No
browsable = no
store dos attributes = yes
guest ok = no
printable = no
hide files = /desktop.ini/*Briefcase*/
write list = %S %S%w%D root
hosts allow = 192.168.11., 127.0.0.1, 10.168.11.
create mask = 0600
directory mask = 0700
[IPC$]
path = /tmp
guest ok = Yes
hosts allow = 127.0.0.1, 192.168.11., 10.168.11.
[some other browseable shares]
--------------------------------------------------------------------------
I spend days reading samba log output (log level 5) to find a hint what was
wrong with computer browsing. Here is a small part of a logfile from workstation
"JOGO" trying to browse the network.
Doing spnego session setup
[2013/02/20 23:33:04.279626, 3] smbd/sesssetup.c:1107(reply_sesssetup_and_X_spn
ego)
NativeOS=[] NativeLanMan=[] PrimaryDomain=[]
[2013/02/20 23:33:04.279684, 3] ../libcli/auth/ntlmssp_server.c:348(ntlmssp_ser
ver_preauth)
Got user=[] domain=[] workstation=[JOGO] len1=1 len2=0
[2013/02/20 23:33:04.279761, 4] auth/user_util.c:361(map_username)
Scanning username map /etc/samba/smbusers
[2013/02/20 23:33:04.279842, 5] auth/auth_util.c:110(make_user_info_map)
Mapping user []\[] from workstation [JOGO]
[2013/02/20 23:33:04.279906, 5] auth/auth_util.c:131(make_user_info_map)
Mapped domain from [] to [ZUHAUSE] for user [] from workstation [JOGO]
[2013/02/20 23:33:04.279950, 5] auth/user_info.c:59(make_user_info)
attempting to make a user_info for ()
[2013/02/20 23:33:04.279993, 5] auth/user_info.c:70(make_user_info)
making strings for 's user_info struct
[2013/02/20 23:33:04.280038, 5] auth/user_info.c:87(make_user_info)
making blobs for 's user_info struct
[2013/02/20 23:33:04.280081, 3] auth/auth.c:219(check_ntlm_password)
check_ntlm_password: Checking password for unmapped user []\[]@[JOGO] with th
e new password interface
[2013/02/20 23:33:04.280126, 3] auth/auth.c:222(check_ntlm_password)
check_ntlm_password: mapped user is: [ZUHAUSE]\[]@[JOGO]
[2013/02/20 23:33:04.280168, 5] ../lib/util/util.c:415(dump_data)
[0000] 67 B2 BD E6 C1 B2 0B BF g.......
[2013/02/20 23:33:04.280241, 3] auth/auth.c:268(check_ntlm_password)
check_ntlm_password: guest authentication for user [] succeeded
[2013/02/20 23:33:04.280285, 5] auth/auth.c:309(check_ntlm_password)
check_ntlm_password: guest authentication for user [] -> [] -> [nobody]
succe
eded
[2013/02/20 23:33:04.280393, 4] smbd/sec_ctx.c:214(push_sec_ctx)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2013/02/20 23:33:04.280439, 4] smbd/uid.c:460(push_conn_ctx)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2013/02/20 23:33:04.280481, 4] smbd/sec_ctx.c:314(set_sec_ctx)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2013/02/20 23:33:04.280524, 5] ../libcli/security/security_token.c:53(security
_token_debug)
Security token: (NULL)
[2013/02/20 23:33:04.280566, 5] auth/token_util.c:527(debug_unix_user_token)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2013/02/20 23:33:04.280715, 4] smbd/sec_ctx.c:422(pop_sec_ctx)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2013/02/20 23:33:04.280777, 4] lib/privileges.c:97(get_privileges)
get_privileges: No privileges assigned to SID [S-1-5-21-3406496673-2355577635-
1274693878-501]
[2013/02/20 23:33:04.280831, 4] lib/privileges.c:97(get_privileges)
get_privileges: No privileges assigned to SID [S-1-5-21-3406496673-2355577635-
1274693878-514]
[2013/02/20 23:33:04.280886, 5] lib/privileges.c:175(get_privileges_for_sids)
get_privileges_for_sids: sid = S-1-1-0
Privilege set: 0x0
[2013/02/20 23:33:04.280953, 4] lib/privileges.c:97(get_privileges)
get_privileges: No privileges assigned to SID [S-1-5-2]
[2013/02/20 23:33:04.281003, 4] lib/privileges.c:97(get_privileges)
get_privileges: No privileges assigned to SID [S-1-5-32-546]
[2013/02/20 23:33:04.282192, 4] smbd/sec_ctx.c:214(push_sec_ctx)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2013/02/20 23:33:04.282244, 4] smbd/uid.c:460(push_conn_ctx)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2013/02/20 23:33:04.282287, 4] smbd/sec_ctx.c:314(set_sec_ctx)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2013/02/20 23:33:04.282330, 5] ../libcli/security/security_token.c:53(security
_token_debug)
Security token: (NULL)
[2013/02/20 23:33:04.282373, 5] auth/token_util.c:527(debug_unix_user_token)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2013/02/20 23:33:04.282459, 4] smbd/sec_ctx.c:422(pop_sec_ctx)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2013/02/20 23:33:04.282508, 4] smbd/sec_ctx.c:214(push_sec_ctx)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2013/02/20 23:33:04.282552, 4] smbd/uid.c:460(push_conn_ctx)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2013/02/20 23:33:04.282594, 4] smbd/sec_ctx.c:314(set_sec_ctx)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2013/02/20 23:33:04.282637, 5] ../libcli/security/security_token.c:53(security
_token_debug)
Security token: (NULL)
[2013/02/20 23:33:04.282679, 5] auth/token_util.c:527(debug_unix_user_token)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2013/02/20 23:33:04.282757, 4] smbd/sec_ctx.c:422(pop_sec_ctx)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2013/02/20 23:33:04.282847, 3] ../libcli/auth/ntlmssp_sign.c:535(ntlmssp_sign_
init)
NTLMSSP Sign/Seal - Initialising with flags:
[2013/02/20 23:33:04.282895, 3] ../libcli/auth/ntlmssp.c:34(debug_ntlmssp_flags
)
Got NTLMSSP neg_flags=0xe2088215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_VERSION
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP_NEGOTIATE_56
[2013/02/20 23:33:04.283131, 3] smbd/password.c:298(register_existing_vuid)
register_existing_vuid: User name: nobody Real name:
[2013/02/20 23:33:04.283178, 3] smbd/password.c:308(register_existing_vuid)
register_existing_vuid: UNIX uid 65534 is UNIX user nobody, and will be vuid 1
00
[2013/02/20 23:33:04.283255, 5] lib/util.c:332(show_msg)
[2013/02/20 23:33:04.283281, 5] lib/util.c:342(show_msg)
size=164
smb_com=0x73
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51203
smb_tid=65535
smb_pid=65279
smb_uid=100
smb_mid=320
smt_wct=4
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 0 (0x0)
smb_vwv[ 2]= 1 (0x1)
smb_vwv[ 3]= 9 (0x9)
smb_bcc=121
[2013/02/20 23:33:04.284485, 3] smbd/process.c:1662(process_smb)
Transaction 3 of length 88 (0 toread)
[2013/02/20 23:33:04.284537, 5] lib/util.c:332(show_msg)
[2013/02/20 23:33:04.284562, 5] lib/util.c:342(show_msg)
size=84
smb_com=0x75
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=0
smb_pid=65279
smb_uid=100
smb_mid=384
smt_wct=4
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 84 (0x54)
smb_vwv[ 2]= 12 (0xC)
smb_vwv[ 3]= 1 (0x1)
smb_bcc=41
[2013/02/20 23:33:04.284865, 3] smbd/process.c:1467(switch_message)
switch message SMBtconX (pid 24701) conn 0x0
[2013/02/20 23:33:04.284909, 4] smbd/sec_ctx.c:314(set_sec_ctx)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2013/02/20 23:33:04.284952, 5] ../libcli/security/security_token.c:53(security
_token_debug)
Security token: (NULL)
[2013/02/20 23:33:04.284994, 5] auth/token_util.c:527(debug_unix_user_token)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2013/02/20 23:33:04.285060, 5] smbd/uid.c:400(change_to_root_user)
change_to_root_user: now uid=(0,0) gid=(0,0)
[2013/02/20 23:33:04.285114, 4] smbd/reply.c:794(reply_tcon_and_X)
Client requested device type [?????] for share [IPC$]
[2013/02/20 23:33:04.285174, 5] smbd/service.c:1354(make_connection)
making a connection to 'normal' service ipc$
[2013/02/20 23:33:04.285293, 3] lib/access.c:338(allow_access)
Allowed connection from JOGO.familie-nissen.eu (192.168.11.1)
[2013/02/20 23:33:04.285351, 5] lib/username.c:171(Get_Pwnam_alloc)
Finding user nobody
[2013/02/20 23:33:04.285395, 5] lib/username.c:116(Get_Pwnam_internals)
Trying _Get_Pwnam(), username as lowercase is nobody
[2013/02/20 23:33:04.285440, 5] lib/username.c:149(Get_Pwnam_internals)
Get_Pwnam_internals did find user [nobody]!
[2013/02/20 23:33:04.285491, 3] smbd/service.c:872(make_connection_snum)
Connect path is '/var/tmp' for service [IPC$]
[2013/02/20 23:33:04.285567, 3] smbd/vfs.c:102(vfs_init_default)
Initialising default vfs hooks
[2013/02/20 23:33:04.285616, 5] smbd/vfs.c:92(smb_register_vfs)
Successfully added vfs backend '/[Default VFS]/'
[2013/02/20 23:33:04.285662, 5] smbd/vfs.c:92(smb_register_vfs)
Successfully added vfs backend 'posixacl'
[2013/02/20 23:33:04.285705, 3] smbd/vfs.c:128(vfs_init_custom)
Initialising custom vfs hooks from [/[Default VFS]/]
Successfully loaded vfs module [/[Default VFS]/] with the new modules system
[2013/02/20 23:33:04.285775, 5] smbd/connection.c:134(claim_connection)
claiming [IPC$]
[2013/02/20 23:33:04.285920, 4] smbd/sec_ctx.c:314(set_sec_ctx)
setting sec ctx (65534, 513) - sec_ctx_stack_ndx = 0
[2013/02/20 23:33:04.285971, 5] ../libcli/security/security_token.c:63(security
_token_debug)
Security token SIDs (8):
SID[ 0]: S-1-5-21-3406496673-2355577635-1274693878-501
SID[ 1]: S-1-5-21-3406496673-2355577635-1274693878-514
SID[ 2]: S-1-1-0
SID[ 3]: S-1-5-2
SID[ 4]: S-1-5-32-546
SID[ 5]: S-1-22-1-65534
SID[ 6]: S-1-22-2-514
SID[ 7]: S-1-22-2-10014
Privileges (0x 0):
Rights (0x 0):
[2013/02/20 23:33:04.286231, 5] auth/token_util.c:527(debug_unix_user_token)
UNIX token of user 65534
Primary group is 513 and contains 2 supplementary groups
Group[ 0]: 514
Group[ 1]: 10014
[2013/02/20 23:33:04.286335, 5] smbd/uid.c:317(change_to_user_internal)
Impersonated user: uid=(0,65534), gid=(0,513)
[2013/02/20 23:33:04.286383, 4] smbd/sec_ctx.c:314(set_sec_ctx)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2013/02/20 23:33:04.286427, 5] ../libcli/security/security_token.c:53(security
_token_debug)
Security token: (NULL)
[2013/02/20 23:33:04.286469, 5] auth/token_util.c:527(debug_unix_user_token)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2013/02/20 23:33:04.286538, 5] smbd/uid.c:400(change_to_root_user)
change_to_root_user: now uid=(0,0) gid=(0,0)
[2013/02/20 23:33:04.286596, 3] smbd/service.c:1114(make_connection_snum)
jogo (192.168.11.1) connect to service IPC$ initially as user nobody (uid=6553
4, gid=513) (pid 24701)
[2013/02/20 23:33:04.286648, 3] smbd/reply.c:871(reply_tcon_and_X)
tconX service=IPC$
[2013/02/20 23:33:04.287247, 5] lib/util_sock.c:319(read_fd_with_timeout)
read_fd_with_timeout: blocking read. EOF from client.
[2013/02/20 23:33:04.287315, 5] smbd/process.c:457(receive_smb_talloc)
receive_smb_raw_talloc failed for client 192.168.11.1 read error = NT_STATUS_E
ND_OF_FILE.
[2013/02/20 23:33:04.287363, 4] smbd/sec_ctx.c:314(set_sec_ctx)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2013/02/20 23:33:04.287407, 5] ../libcli/security/security_token.c:53(security
_token_debug)
Security token: (NULL)
[2013/02/20 23:33:04.287450, 5] auth/token_util.c:527(debug_unix_user_token)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2013/02/20 23:33:04.287517, 5] smbd/uid.c:400(change_to_root_user)
change_to_root_user: now uid=(0,0) gid=(0,0)
[2013/02/20 23:33:04.287566, 4] smbd/vfs.c:780(vfs_ChDir)
vfs_ChDir to /var/tmp
[2013/02/20 23:33:04.287621, 4] smbd/sec_ctx.c:314(set_sec_ctx)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2013/02/20 23:33:04.287664, 5] ../libcli/security/security_token.c:53(security
_token_debug)
Security token: (NULL)
[2013/02/20 23:33:04.287706, 5] auth/token_util.c:527(debug_unix_user_token)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2013/02/20 23:33:04.287772, 5] smbd/uid.c:400(change_to_root_user)
change_to_root_user: now uid=(0,0) gid=(0,0)
[2013/02/20 23:33:04.287816, 3] smbd/service.c:1378(close_cnum)
jogo (192.168.11.1) closed connection to service IPC$
[2013/02/20 23:33:04.287864, 3] smbd/connection.c:35(yield_connection)
Yielding connection to IPC$
[2013/02/20 23:33:04.287925, 4] smbd/vfs.c:780(vfs_ChDir)
vfs_ChDir to /
[2013/02/20 23:33:04.287972, 4] smbd/sec_ctx.c:314(set_sec_ctx)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2013/02/20 23:33:04.288016, 5] ../libcli/security/security_token.c:53(security
_token_debug)
Security token: (NULL)
[2013/02/20 23:33:04.288058, 5] auth/token_util.c:527(debug_unix_user_token)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2013/02/20 23:33:04.288124, 5] smbd/uid.c:400(change_to_root_user)
change_to_root_user: now uid=(0,0) gid=(0,0)
[2013/02/20 23:33:04.288240, 3] smbd/server_exit.c:181(exit_server_common)
Server exit (failed to receive smb request)
---------------------------------------------------------------------------
Any help on solving the computer browser problem would be appreciated.
Jörg Nissen
2013-Feb-21 11:36 UTC
[Samba] Samba PDC not in network environment (Windows 7/8)
Something I came across. Don't know if it is related. Trying to connect to a Windows 8 share from my PDC results in cli_session_setup: NT1 session setup failed: NT_STATUS_INVALID_PARAMETER session setup failed: NT_STATUS_INVALID_PARAMETER when "client NTLMv2 auth = yes" set in smb.conf. "smbtree" executed by a domain admin user lists all shares on PDC and nas but only the name of the client. Changing settings to client NTLMv2 auth = no client lanman auth = yes gives access to shares on the Windows 8 client. "smbtree" lists all adminstrative shares (C$, D$, etc.) on Windows 8 client. ----------------------------------------------------------------------- There are some entries in the samba logfile for client "JOGO" which seem to be problem related: [2013/02/21 12:17:27.638163, 0] rpc_server/srv_pipe.c:500(pipe_schannel_auth_bi nd) pipe_schannel_auth_bind: Attempt to bind using schannel without successful ser verauth2 [2013/02/21 12:17:27.762403, 2] rpc_server/samr/srv_samr_nt.c:4071(_samr_Lookup Domain) Returning domain sid for domain <MyDomainName> -> S-1-5-21-3406496673- 2355577635-1274 693878 [2013/02/21 12:17:32.774569, 2] ../libcli/auth/credentials.c:308(netlogon_creds _server_check_internal) credentials check failed [2013/02/21 12:17:32.774681, 0] rpc_server/netlogon/srv_netlog_nt.c:976(_netr_S erverAuthenticate3) _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth request from client JOGO machine account JOGO$ [2013/02/21 12:17:32.777495, 2] rpc_server/samr/srv_samr_nt.c:4071(_samr_Lookup Domain) Returning domain sid for domain <MyDomainName> -> S-1-5-21-3406496673- 2355577635-1274 693878 [2013/02/21 12:17:45.665467, 2] smbd/smb2_server.c:2628(smbd_smb2_request_incom ing) smbd_smb2_request_incoming: client read error NT_STATUS_CONNECTION_RESET [2013/02/21 12:18:03.168300, 2] smbd/smb2_server.c:2628(smbd_smb2_request_incom ing) smbd_smb2_request_incoming: client read error NT_STATUS_CONNECTION_RESET [2013/02/21 12:18:50.279081, 2] smbd/smb2_server.c:2628(smbd_smb2_request_incom ing) smbd_smb2_request_incoming: client read error NT_STATUS_CONNECTION_RESET [2013/02/21 12:21:36.293203, 2] smbd/smb2_server.c:2628(smbd_smb2_request_incom ing) smbd_smb2_request_incoming: client read error NT_STATUS_CONNECTION_RESET ----------------------------------------------------------------------------
Jörg Nissen
2013-Feb-22 08:36 UTC
[Samba] Samba PDC not in network environment (Windows 7/8)
Something weird... I connected one notbook to another samba (v3.5.5) network. Logged in as a local user on the notebook and guess what. The complete network environment is shown. The main difference between these two networks, apart form the version number of smbd, is that the working network is based on ldap while the not working network is based on tdb. Another small difference in smb.conf: 3.5.5: name resolve order = bcast lmhosts host 3.6.12: name resolve order = wins bcast lmhosts hosts Going to check if it has any impact if I remove "wins" from "name resolve order". And another small difference: In v3.5.5 computers are members of "Domain Users" while v3.6.12 lists them in "Domain Computers". Also going to check if this makes any difference. The last thing I will check is if it makes any difference when I login to a local account on my client. Will keep you updated.