[Samba] Going insane (can't logon from Windows) - Samba

This is a discussion on [Samba] Going insane (can't logon from Windows) - Samba ; I have Fedora Directory Server (1.0.4) running on a Red Hat Linux (RHEL 4) with Samba (3.0.10-1.4E.12.2). I have a Windows XP box that I have successfully joined to the domain. When I go to login with a domain user ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: [Samba] Going insane (can't logon from Windows)

  1. [Samba] Going insane (can't logon from Windows)

    I have Fedora Directory Server (1.0.4) running on a Red Hat Linux (RHEL 4)
    with Samba (3.0.10-1.4E.12.2).

    I have a Windows XP box that I have successfully joined to the domain.

    When I go to login with a domain user I get the following error:

    "Windows cannot connect to the domain, either because the domain controller
    is down or otherwise unavailable, or because your computer account was not
    found."

    In the Windows system event log there is the following entry:

    "Event Type: Error
    Event Source: NETLOGON
    Event Category: None
    Event ID: 3210
    Date: 6/12/2007
    Time: 10:08:02 AM
    User: N/A
    Computer: WINXP-CLEAN
    Description:
    This computer could not authenticate with \\RHEL-CLEAN2, a Windows domain
    controller for domain MYDOMAIN, and therefore this computer might deny logon
    requests. This inability to authenticate might be caused by another computer
    on the same network using the same name or the password for this computer
    account is not recognized. If this message appears again, contact your
    system administrator.

    For more information, see Help and Support Center at
    http://go.microsoft.com/fwlink/events.asp
    ..
    Data:
    0000: c0000022"


    The only thing in smb.log is:

    [2007/06/12 11:41:09, 0] lib/util_sock.c:get_peer_addr(1000)
    getpeername failed. Error was Transport endpoint is not connected

    The only thing in the machine's samba log is:

    [2007/06/12 11:41:09, 0] lib/util_sock.c:get_peer_addr(1000)
    getpeername failed. Error was Transport endpoint is not connected
    [2007/06/12 11:41:09, 0] lib/util_sock.c:write_socket_data(430)
    write_socket_data: write failure. Error = Connection reset by peer
    [2007/06/12 11:41:09, 0] lib/util_sock.c:write_socket(455)
    write_socket: Error writing 4 bytes to socket 24: ERRNO = Connection reset
    by peer
    [2007/06/12 11:41:09, 0] lib/util_sock.c:send_smb(647)
    Error writing 4 bytes to client. -1. (Connection reset by peer)


    There is nothing in the Fedora log near to when the workstation boots or the
    user tries to login.

    I can connect to a share on the server from the Windows computer, when
    logged in as a local user, using "net view" or entering the path directly
    (\\rhel-clean2\sharename\).

    I can ping the server from the workstation and vis-a-versa.

    I've explicitly added the workstation to the forward and reverse DNS zone
    files.

    The time of the server and workstation is less than 5 min apart.

    I have explicitly added the linux server as a WINS server on the Windows box
    (just in case).

    All of the Windows diagnostic test I have performed point to the machine's
    password being out of sync or various things about group policies for
    encryption and such. I tried turning off all of the related group policies
    with no effect.


    I am pulling my hair out trying to figure this out. Any and all help is
    appreciated.

    smb.conf is below.

    Thanks,
    -Mont


    [global]

    # workgroup = NT-Domain-Name or Workgroup-Name
    workgroup = mydomain

    # ldap settings
    passdb backend = ldapsam:ldap://mydomain.com:53911
    ldap admin dn = cn=Directory Manager
    ldap suffix = dc=mydomain,dc=com
    ldap user suffix = ou=People
    ldap machine suffix = ou=Computers
    ldap group suffix = ou=Groups

    # PDC Settings
    domain logons = yes
    domain master = yes
    local master = yes
    preferred master = yes

    # Windows integration settings
    wins support = yes
    logon home = \\%L\%u\profiles
    logon path = \\%L\profiles\%u
    logon drive = H:
    add machine script = /usr/sbin/adduser -n -g machinetrust -c Machine -d
    /dev/null -s /bin/false %u

    # Log Settings
    log file = /var/log/%m.log
    log file = /var/log/samba/%m.log
    max log size = 50

    # Misc Global Settings
    server string = FDS Server
    socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
    os level = 33
    time server = true
    hide files = /desktop.ini/
    dns proxy = no

    # Security Settings
    security = user
    obey pam restrictions = yes
    encrypt passwords = yes
    password server = None
    restrict anonymous = 2

    #============================ Share Definitions
    ==============================
    idmap uid = 16777216-33554431
    idmap gid = 16777216-33554431
    template shell = /bin/false
    winbind use default domain = no

    [netlogon]
    path = /var/lib/samba/netlogon
    read only = yes
    browsable = no

    [profiles]
    path = /var/lib/samba/profiles
    read only = no
    create mask = 0600
    directory mask = 0700
    browseable = no

    [homes]
    comment = Home Directories
    browseable = no
    writeable = yes

    [repository]
    path = /repository
    guest ok = yes
    writeable = yes
    browseable = yes
    create mask = 0600
    directory mask = 0700
    # Restrict access to only users in the following group(s)
    #valid users = "@shortdomainname\group name"
    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  2. Re: [Samba] Going insane (can't logon from Windows)

    > "Event Type: Error
    > Event Source: NETLOGON
    > Event Category: None
    > Event ID: 3210
    > Date: 6/12/2007
    > Time: 10:08:02 AM
    > User: N/A
    > Computer: WINXP-CLEAN
    > Description:
    > This computer could not authenticate with \\RHEL-CLEAN2, a Windows domain
    > controller for domain MYDOMAIN, and therefore this computer might deny logon
    > requests. This inability to authenticate might be caused by another computer
    > on the same network using the same name or the password for this computer
    > account is not recognized. If this message appears again, contact your
    > system administrator.
    > All of the Windows diagnostic test I have performed point to the machine's
    > password being out of sync or various things about group policies for
    > encryption and such. I tried turning off all of the related group policies
    > with no effect.
    > I am pulling my hair out trying to figure this out. Any and all help is
    > appreciated.


    Did you try leaving the domain, deleting the machine account, and
    rejoining?

    --
    Adam Tauno Williams, Network & Systems Administrator
    Consultant - http://www.whitemiceconsulting.com
    Developer - http://www.opengroupware.org

    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

+ Reply to Thread