SAMBA NT PDC problem

David Demland ddemland@cadtel.com
Tue, 14 Nov 2000 13:47:47 -0700


I have added the line:

password server = NTSQLSRVR ACCTSRVR_1

This points to both the primary and backup PDCs.

This is what is in the log:

[2000/11/14 13:39:22, 0] lib/util_sock.c:set_socket_options(151)
  Failed to set socket option SO_KEEPALIVE (Error Bad file descriptor)
[2000/11/14 13:39:22, 0] lib/util_sock.c:set_socket_options(151)
  Failed to set socket option TCP_NODELAY (Error Bad file descriptor)
[2000/11/14 13:39:22, 1] lib/util_sock.c:client_name(1007)
  Gethostbyaddr failed for 192.168.1.57
[2000/11/14 13:39:24, 0] rpc_client/cli_netlogon.c:cli_net_sam_logon(391)
  cli_net_sam_logon: NT_STATUS_NO_SUCH_USER
[2000/11/14 13:39:24, 0] smbd/password.c:domain_client_validate(1470)
  domain_client_validate: unable to validate password for user cjg in domain
CJG to Domain controller NTSQLSRVR. Error was NT_STATUS_NO_SUCH_USER.
[2000/11/14 13:39:24, 1] smbd/password.c:pass_check_smb(492)
  Couldn't find user 'cjg' in UNIX password database.
[2000/11/14 13:39:24, 1] smbd/password.c:pass_check_smb(492)
  Couldn't find user 'cjg' in UNIX password database.
[2000/11/14 13:39:24, 1] smbd/reply.c:reply_sesssetup_and_X(925)
  Rejecting user 'cjg': authentication failed
[2000/11/14 13:39:24, 1] lib/util_sock.c:client_name(1007)
  Gethostbyaddr failed for 192.168.1.57
[2000/11/14 13:39:26, 0] rpc_client/cli_netlogon.c:cli_net_sam_logon(391)
  cli_net_sam_logon: NT_STATUS_NO_SUCH_USER
[2000/11/14 13:39:26, 0] smbd/password.c:domain_client_validate(1470)
  domain_client_validate: unable to validate password for user cjg in domain
CJG to Domain controller NTSQLSRVR. Error was NT_STATUS_NO_SUCH_USER.
[2000/11/14 13:39:26, 1] smbd/password.c:pass_check_smb(492)
  Couldn't find user 'cjg' in UNIX password database.
[2000/11/14 13:39:26, 1] smbd/password.c:pass_check_smb(492)
  Couldn't find user 'cjg' in UNIX password database.
[2000/11/14 13:39:26, 1] smbd/reply.c:reply_sesssetup_and_X(925)
  Rejecting user 'cjg': authentication failed

Question: By this log it looks like it never goes to the backup PDC. Why is
this?

Thank You,

David Demland
Qa/Testing Manager
CADTEL Systems, Inc.
11201 N. Tatum Ste. 200
Phoenix, AZ 85028
(602) 953-4888
Fax: (602) 953-4833
ddemland@cadtel.com

-----Original Message-----
From: plug-discuss-admin@lists.PLUG.phoenix.az.us
[mailto:plug-discuss-admin@lists.PLUG.phoenix.az.us]On Behalf Of Mark
Peoples
Sent: Tuesday, November 14, 2000 1:11 PM
To: plug-discuss@lists.PLUG.phoenix.az.us
Subject: RE: SAMBA NT PDC problem


try changing:

password server = <FQDN of an NT DC>

marco

-----Original Message-----
From: plug-discuss-admin@lists.PLUG.phoenix.az.us
[mailto:plug-discuss-admin@lists.PLUG.phoenix.az.us]On Behalf Of David
Demland
Sent: Tuesday, November 14, 2000 1:13 PM
To: plug-discuss@lists.PLUG.phoenix.az.us
Subject: RE: SAMBA NT PDC problem


Here is the output from testparm. It all looks good to me. This also shows
it is read the smb.conf I would expect.

[root@cadtel1 samba]# testparm | more
Load smb config files from /etc/smb.conf
Processing section "[sys]"
Processing section "[soft]"
Processing section "[vol2]"
Processing section "[vol3]"
Loaded services file OK.
Press enter to see a dump of your service definitions
# Global parameters
[global]
        coding system =
        client code page = 850
        workgroup = NTSRVR
        netbios name = CADTEL2
        netbios aliases =
        netbios scope =
        server string = Samba 2.0.7
        interfaces =
        bind interfaces only = No
        security = DOMAIN
        encrypt passwords = Yes
        update encrypted = No
        allow trusted domains = Yes
        hosts equiv =
        min password length = 5
        map to guest = Never
        null passwords = No
        password server = *
        smb passwd file = /etc/smbpasswd
        root directory = /
        passwd program = /bin/passwd
        passwd chat = *new*password* %n\n *new*password* %n\n *changed*
        passwd chat debug = No
        username map =
        password level = 0
        username level = 0
        unix password sync = No
        restrict anonymous = No
        use rhosts = No
        debug level = 2
        syslog = 1
        syslog only = No
        log file =
        max log size = 5000
        debug timestamp = Yes
        debug hires timestamp = No
        debug pid = No
        debug uid = No
        protocol = NT1
        read bmpx = No
        read raw = Yes
        write raw = Yes
        nt smb support = Yes
        nt pipe support = Yes
        nt acl support = Yes
        announce version = 4.2
        announce as = NT
        max mux = 50
        max xmit = 65535
        name resolve order = lmhosts host wins bcast
        max ttl = 259200
        max wins ttl = 518400
        min wins ttl = 21600
        time server = No
        change notify timeout = 60
        deadtime = 0
        getwd cache = Yes
        keepalive = 300
        lpq cache time = 10
        max disk size = 0
        max open files = 10000
        read prediction = No
        read size = 16384
        shared mem size = 1048576
        socket options = TCP_NODELAY
        stat cache size = 50
        load printers = Yes
        printcap name = /etc/printcap
        printer driver file = /etc/printers.def
        strip dot = No
        character set =
        mangled stack = 50
        stat cache = Yes
        domain groups =
        domain admin group =
        domain guest group =
        domain admin users =
        domain guest users =
        machine password timeout = 604800
        add user script =
        delete user script =
        logon script =
        logon path = \\%N\%U\profile
        logon drive =
        logon home = \\%N\%U
        domain logons = No
        os level = 0
        lm announce = Auto
        lm interval = 60
        preferred master = No
        local master = No
        domain master = No
        browse list = Yes
        dns proxy = Yes
        wins proxy = No
        wins server =
        wins support = Yes
        wins hook =
        kernel oplocks = Yes
        ole locking compatibility = Yes
        oplock break wait time = 10
        smbrun = /usr/bin/smbrun
        config file =
        auto services =
        lock directory = /var/lock/samba
        default service =
        message command =
        dfree command =
        valid chars =
        remote announce =
        remote browse sync =
        socket address = 0.0.0.0
        homedir map = auto.home
        time offset = 0
        unix realname = No
        NIS homedir = No
        source environment =
        panic action =
        comment =
        path =
        revalidate = No
        username =
        guest account = nobody
        invalid users =
        valid users =
        admin users =
        read list =
        write list =
        force user =
        force group =
        writeable = No
        create mask = 0744
        force create mode = 00
        security mask = -1
        force security mode = -1
        directory mask = 0755
        force directory mode = 00
        directory security mask = -1
        force directory security mode = -1
        inherit permissions = No
        guest only = No
        guest ok = No
        only user = No
        hosts allow = 192.168.1.
        hosts deny =
        status = Yes
        max connections = 0
        min print space = 0
        strict sync = No
        sync always = No
        write cache size = 0
        printable = No
        postscript = No
        printing = bsd
        print command = lpr -r -P%p %s
        lpq command = lpq -P%p
        lprm command = lprm -P%p %j
        lppause command =
        lpresume command =
        queuepause command =
        queueresume command =
        printer =
        printer driver = NULL
        printer driver location =
        default case = lower
        case sensitive = No
        preserve case = Yes
        short preserve case = Yes
        mangle case = No
        mangling char = ~
        hide dot files = Yes
        delete veto files = No
        veto files =
        hide files =
        veto oplock files =
        map system = No
        map hidden = No
        map archive = Yes
        mangled names = Yes
        mangled map =
        browseable = Yes
        blocking locks = Yes
        fake oplocks = No
        locking = Yes
        oplocks = Yes
        level2 oplocks = No
        oplock contention limit = 2
        strict locking = No
        share modes = Yes
        copy =
        include =
        preexec =
        preexec close = No
        postexec =
        root preexec =
        root preexec close = No
        root postexec =
        available = Yes
        volume =
        fstype = NTFS
        set directory = No
        wide links = Yes
        follow symlinks = Yes
        dont descend =
        magic script =
        magic output =
        delete readonly = No
        dos filetimes = No
        dos filetime resolution = No
        fake directory create times = No

[sys]
        comment = Old Novell Sys Drive
        path = /SharedDrives/sys
        writeable = Yes
        guest ok = Yes

[soft]
        comment = Old Novell Soft Drive
        path = /SharedDrives/soft
        writeable = Yes
        guest ok = Yes

[vol2]
        comment = Old Novell Vol2 Drive
        path = /SharedDrives/vol2
        writeable = Yes
        guest ok = Yes

[vol3]
        comment = Old Novell Vol3 Drive
        path = /SharedDrives/vol3
        writeable = Yes
        guest ok = Yes

Thank You,

David Demland
Qa/Testing Manager
CADTEL Systems, Inc.
11201 N. Tatum Ste. 200
Phoenix, AZ 85028
(602) 953-4888
Fax: (602) 953-4833
ddemland@cadtel.com

-----Original Message-----
From: plug-discuss-admin@lists.PLUG.phoenix.az.us
[mailto:plug-discuss-admin@lists.PLUG.phoenix.az.us]On Behalf Of Mark
Peoples
Sent: Tuesday, November 14, 2000 12:39 PM
To: plug-discuss@lists.PLUG.phoenix.az.us
Subject: RE: SAMBA NT PDC problem


When you run testparm, does it give you any noise? Also, it says its reading
the config from the right smb.conf, right?

marco

-----Original Message-----
From: plug-discuss-admin@lists.PLUG.phoenix.az.us
[mailto:plug-discuss-admin@lists.PLUG.phoenix.az.us]On Behalf Of David
Demland
Sent: Tuesday, November 14, 2000 12:09 PM
To: plug-discuss@lists.PLUG.phoenix.az.us
Subject: RE: SAMBA NT PDC problem


The security is set to domain and the Samba box is part of the NT domain.

Thank You,

David Demland
Qa/Testing Manager
CADTEL Systems, Inc.
11201 N. Tatum Ste. 200
Phoenix, AZ 85028
(602) 953-4888
Fax: (602) 953-4833
ddemland@cadtel.com

-----Original Message-----
From: plug-discuss-admin@lists.PLUG.phoenix.az.us
[mailto:plug-discuss-admin@lists.PLUG.phoenix.az.us]On Behalf Of Mark
Peoples
Sent: Tuesday, November 14, 2000 11:52 AM
To: plug-discuss@lists.PLUG.phoenix.az.us
Subject: RE: SAMBA NT PDC problem


1. What is security set to? <g>
2. Did you get the samba box added into the NT domain?

marco

-----Original Message-----
From: plug-discuss-admin@lists.PLUG.phoenix.az.us
[mailto:plug-discuss-admin@lists.PLUG.phoenix.az.us]On Behalf Of David
Demland
Sent: Tuesday, November 14, 2000 11:09 AM
To: Plug-Discuss
Subject: SAMBA NT PDC problem


I have a Samba 2.0.7 Red Hat 6.1 box. We use an WindBlose Nice Try box for
the PDC. I can not get any of the Windblose boxes to log onto the Samba
server. There seems to be a problem. The Samba log file has the following
messages:

[2000/11/14 11:01:05, 1] lib/util_sock.c:client_name(1007)
  Gethostbyaddr failed for 192.168.1.57
[2000/11/14 11:01:07, 0] rpc_client/cli_netlogon.c:cli_net_sam_logon(391)
  cli_net_sam_logon: NT_STATUS_NO_SUCH_USER
[2000/11/14 11:01:07, 0] smbd/password.c:domain_client_validate(1470)
  domain_client_validate: unable to validate password for user cjg in domain
CJG
 to Domain controller NTSQLSRVR. Error was NT_STATUS_NO_SUCH_USER.
[2000/11/14 11:01:07, 1] smbd/password.c:pass_check_smb(492)
  Couldn't find user 'cjg' in UNIX password database.
[2000/11/14 11:01:07, 1] smbd/password.c:pass_check_smb(492)
  Couldn't find user 'cjg' in UNIX password database.
[2000/11/14 11:01:07, 1] smbd/reply.c:reply_sesssetup_and_X(925)
  Rejecting user 'cjg': authentication failed
[2000/11/14 11:01:07, 1] lib/util_sock.c:client_name(1007)
  Gethostbyaddr failed for 192.168.1.57
[2000/11/14 11:01:09, 0] rpc_client/cli_netlogon.c:cli_net_sam_logon(391)
  cli_net_sam_logon: NT_STATUS_NO_SUCH_USER
[2000/11/14 11:01:09, 0] smbd/password.c:domain_client_validate(1470)
  domain_client_validate: unable to validate password for user cjg in domain
CJG to Domain controller NTSQLSRVR. Error was NT_STATUS_NO_SUCH_USER.
[2000/11/14 11:01:09, 1] smbd/password.c:pass_check_smb(492)
  Couldn't find user 'cjg' in UNIX password database.
[2000/11/14 11:01:09, 1] smbd/password.c:pass_check_smb(492)
  Couldn't find user 'cjg' in UNIX password database.
[2000/11/14 11:01:09, 1] smbd/reply.c:reply_sesssetup_and_X(925)
  Rejecting user 'cjg': authentication failed

By these messages it would seem that the Samba server is not talking the
PDC. Yet when I use smbclient with the same user I log on just fine. The log
has these messages:

[2000/11/14 10:53:30, 1] smbd/service.c:make_connection(550)
  cadtel2 (127.0.0.1) connect to service sys as user nobody (uid=99, gid=99)
(pid 5086)
[2000/11/14 10:56:03, 1] smbd/service.c:close_cnum(583)
  cadtel2 (127.0.0.1) closed connection to service sys

This would lead to the believe that the Samba server is talking to the PDC.
Any ideas on what the problem might be?

Thank You,

David Demland
Qa/Testing Manager
CADTEL Systems, Inc.
11201 N. Tatum Ste. 200
Phoenix, AZ 85028
(602) 953-4888
Fax: (602) 953-4833
ddemland@cadtel.com


________________________________________________
See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post
to the list quickly and you use Netscape to write mail.

Plug-discuss mailing list  -  Plug-discuss@lists.PLUG.phoenix.az.us
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss


________________________________________________
See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post
to the list quickly and you use Netscape to write mail.

Plug-discuss mailing list  -  Plug-discuss@lists.PLUG.phoenix.az.us
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss


________________________________________________
See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post
to the list quickly and you use Netscape to write mail.

Plug-discuss mailing list  -  Plug-discuss@lists.PLUG.phoenix.az.us
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss


________________________________________________
See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post
to the list quickly and you use Netscape to write mail.

Plug-discuss mailing list  -  Plug-discuss@lists.PLUG.phoenix.az.us
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss


________________________________________________
See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post
to the list quickly and you use Netscape to write mail.

Plug-discuss mailing list  -  Plug-discuss@lists.PLUG.phoenix.az.us
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss


________________________________________________
See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post
to the list quickly and you use Netscape to write mail.

Plug-discuss mailing list  -  Plug-discuss@lists.PLUG.phoenix.az.us
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss