Ralf Gorholt
2013-Apr-29 18:37 UTC
[Samba] SAMBA 3.6.6 PDC domain not available / no challenge sent to client
Dear all,
I am new to this list so please excuse me if my posting should not
correspond 100% to the rules. Furthermore, even if I use SAMBA since
many years, I have only a very basic knowledge of this software.
I am experiencing a problem with my SAMBA primary domain controller that
I have migrated from an openSUSE server to LinuxMint Debian Edition
201303 a week ago. I am able to join a new PC to the domain (up to now,
I have only tried one with Windows XP) but when I want to log on, I get
a message like: The system could not log you on because the domain XXX
is not available (it is a german message and says "domain" and not
"domain controller"). Google has found a lot of postings concerning
this
problem but they concern mainly LDAP backends and none of the proposed
solutions worked for me. Most liekly I have done something absolutely
silly...
What I have done so far:
I have set up the SAMBA server, version is 3.6.6 with tdb backend. I
have copied the smb.conf, passdb.tdb and secrets.tdb from the old
installation. Perhaps this was wrong, but in the past this has worked. I
wanted to avoid changes of the SIDs of the domain and the users/groups
so that I did not need to reinstall my PCs...
For the PCs that are already in the domain everything seems ok, even if
there are error messages in the log files for the PCs running Windows 7,
but that was already the case on the old server (e.g. [2013/04/27
14:16:04.751908, 0]
rpc_server/netlogon/srv_netlog_nt.c:976(_netr_ServerAuthenticate3)
_netr_ServerAuthenticate3: netlogon_creds_server_check failed.
Rejecting auth request from client XXXXX machine account XXXXX$)
The new PC can join the domain and it seems to be in the domain because
I can see it with pdbedit:
# pdbedit -L -v -u vm1$
Unix username: VM1$
NT username:
Account Flags: [W ]
User SID: S-1-5-21-3864121432-1942842389-509402871-1023
Primary Group SID: S-1-5-21-3864121432-1942842389-509402871-513
Full Name: VM1$
Home Directory: \\matrix\homes
HomeDir Drive: H:
Logon Script: startup.bat vm1_ matrix
Profile Path:
Domain: MYDOMAIN
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: Mi, 06 Feb 2036 16:06:39 CET
Kickoff time: Mi, 06 Feb 2036 16:06:39 CET
Password last set: Mo, 29 Apr 2013 20:02:42 CEST
Password can change: Mo, 29 Apr 2013 20:02:42 CEST
Password must change: never
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
#
It also has a corresponding UNIX account:
#grep -i vm1 /etc/passwd
vm1$:x:1201:1201::/nonexistent:/bin/false
When I try to log on to the domain or to access a public share on the
server which is not possible either, I get the following message in the
log file of the PC:
[2013/04/29 20:02:42.089737, 0]
rpc_server/netlogon/srv_netlog_nt.c:931(_netr_ServerAuthenticate3)
_netr_ServerAuthenticate: no challenge sent to client VM1
I do not use winbind. Every user has a corresponding UNIX account.
My smb.conf looks like this:
# Samba config file created using SWAT
# from UNKNOWN (192.168.1.11)
# Date: 2013/04/24 21:37:53
[global]
workgroup = MYDOMAIN
server string = Samba-Server
map to guest = Bad User
username map = /etc/samba/smbusers
log file = /var/log/samba/%m
name resolve order = lmhosts host bcast
time server = Yes
server signing = auto
printcap name = cups
show add printer wizard = No
add user script = /usr/sbin/useradd -m '%u'
delete user script = /usr/sbin/userdel -r '%u'
add group script = /usr/sbin/groupadd '%g'
delete group script = /usr/sbin/groupdel '%g'
add user to group script = /usr/sbin/groupmod -A '%u'
'%g'
delete user from group script = /usr/sbin/groupmod -R '%u'
'%g'
add machine script = /usr/sbin/useradd -s /bin/false -d
/nonexistent '%m'$
logon script = startup.bat %U %m %N
logon path logon drive = H:
logon home = \\%N\homes
domain logons = Yes
os level = 65
preferred master = Yes
ldap ssl = no
idmap config * : range idmap config * : backend = tdb
cups options = raw
hide special files = Yes
[homes]
comment = Home Directories
path = /home/samba/shares/homes/%U
valid users = %S, %D%w%S
read only = No
create mask = 0700
directory mask = 0700
inherit acls = Yes
browseable = No
[profiles]
comment = Network Profiles Service
path = /var/lib/samba/profiles
read only = No
create mask = 0600
directory mask = 0700
store dos attributes = Yes
[users]
comment = All users
path = /home
read only = No
inherit acls = Yes
veto files = /aquota.user/groups/shares/
[groups]
comment = All groups
path = /home/groups
read only = No
inherit acls = Yes
[printers]
comment = All Printers
path = /var/tmp
create mask = 0600
printable = Yes
print ok = Yes
use client driver = Yes
browseable = No
[print$]
comment = Printer Drivers
path = /var/lib/samba/drivers
write list = @ntadmin, root
force group = ntadmin
create mask = 0664
directory mask = 0775
[netlogon]
path = /var/lib/samba/netlogon
browseable = No
[logs]
path = /var/log/samba/userlogs
read only = No
create mask = 0200
browseable = No
[public]
path = /home/samba/shares/public
read only = No
guest ok = Yes
[lp]
comment = HP LaserJet P2015dn
path = /var/tmp
printable = Yes
print ok = Yes
printer name = lp
use client driver = Yes
[lpcolor]
comment = HP Officejet Pro 8000 Wireless
path = /var/tmp
printable = Yes
print ok = Yes
printer name = lpcolor
use client driver = Yes
Perhaps somebody here can give me a hint where to look? I did not want
to include a logfile with debug level 10 enabled in my first posting ;-)
Any help is greatly appreciated but please don't forget that as far as
SAMBA is concerned, I am a beginner...
Kind regards,
Ralf
Possibly Parallel Threads
Wisdom of the Ancients
