Jonathan,
A guess --
I had the same error message and similar log entries because I had set
server signing = auto
The 3.5.x PDC would work only with the default No.
Dale
On 10/22/2010 6:06 AM, Jonathan Knight wrote:
I'm building a replacement samba 3.5.6 domain controller to replace an
old 3.0 one. Some other things are changing too. Our user accounts
are now in LDAP rather than flat files (although the machine trust
accounts will remain in a flat file), but that should be hidden from
samba as it's going to be done through NSS. The smbpasswd file is a
TDB file and will remain so. Our users don't authenticate with any
native services on the server other than samba and PAM hasn't been
configured to use LDAP. Samba was built with --without-pam as it
authenticates using its own smbpasswd file and nothing else will need
to authenticate that way.
Our intention is to move over to an entirely LDAP based system, but
we're doing that a stage at a time.
So far, so good. Samba duly starts and I can join an XP PC to the
domain without an issue. But when I try to log into the domain using
my username I get:
The system cannot log you on now because the domain KIS2 is not
available
nmblookup happily returns
querying KIS2 on 160.5.10.3
160.5.10.3 KIS21c
so it looks like its registered as a domain controller happily and
besides, PC's can join the domain. I can mount shares from the server
using my username and I can see the IPC$ share anonymously. I can log
into the PC using a local account and mount shares using my username.
Anonymous login successful
Domain=[KIS2] OS=[Unix] Server=[Samba 3.5.6]
Sharename Type Comment
- ---
IPC$IPC IPC Service (Keele I.T. Services)
Anonymous login successful
Domain=[KIS2] OS=[Unix] Server=[Samba 3.5.6]
Server Comment
----
OATCAKE Keele I.T. Services
WorkgroupMaster
----
KIS2 OATCAKE
Oatcake is the samba server and nmblookup shows it with the right IP
address. Testparm shows the critical options as:
map untrusted to domain = Yes
domain logons = Yes
domain master = Yes
So I can't see an obvious problem there.
So clearly I've made some sort of obvious error somewhere that escapes
me. At the risk of appearing foolish amongst my peers I am posting in
the hope that you can point me in the direction I need to
investigate. I'll include the end of the log.smbd running at debug
level 5 which shows the logon process access the IPC$ share and then
the connection being dropped.
2010/10/22 12:01:55.413644, 3] smbd/sec_ctx.c:418(pop_sec_ctx)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/10/22 12:01:55.413761, 3] smbd/sec_ctx.c:210(push_sec_ctx)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2010/10/22 12:01:55.413789, 3] smbd/uid.c:429(push_conn_ctx)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2010/10/22 12:01:55.413810, 3] smbd/sec_ctx.c:310(set_sec_ctx)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/10/22 12:01:55.413832, 5]
auth/token_util.c:525(debug_nt_user_token)
NT user token: (NULL)
[2010/10/22 12:01:55.413853, 5]
auth/token_util.c:551(debug_unix_user_token)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2010/10/22 12:01:55.413896, 5]
passdb/pdb_interface.c:1473(lookup_global_sam_rid)
lookup_global_sam_rid: looking up RID 513.
[2010/10/22 12:01:55.413959, 3] smbd/sec_ctx.c:210(push_sec_ctx)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2010/10/22 12:01:55.413985, 3] smbd/uid.c:429(push_conn_ctx)
push_conn_ctx(0) : conn_ctx_stack_ndx = 1
[2010/10/22 12:01:55.414007, 3] smbd/sec_ctx.c:310(set_sec_ctx)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2010/10/22 12:01:55.414029, 5]
auth/token_util.c:525(debug_nt_user_token)
NT user token: (NULL)
[2010/10/22 12:01:55.414050, 5]
auth/token_util.c:551(debug_unix_user_token)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2010/10/22 12:01:55.414460, 5] passdb/pdb_tdb.c:609(tdbsam_getsampwrid)
pdb_getsampwrid (TDB): error looking up RID 513 by key RID_0201.
[2010/10/22 12:01:55.414652, 3] smbd/sec_ctx.c:418(pop_sec_ctx)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/10/22 12:01:55.414690, 3] smbd/sec_ctx.c:418(pop_sec_ctx)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/10/22 12:01:55.414718, 3] auth/auth.c:265(check_ntlm_password)
check_ntlm_password: guest authentication for user [] succeeded
[2010/10/22 12:01:55.414742, 5] auth/auth.c:304(check_ntlm_password)
check_ntlm_password: guest authentication for user [] - [] -
[nobody] succeeded
[2010/10/22 12:01:55.414765, 5] auth/auth_util.c:2119(free_user_info)
attempting to free (and zero) a user_info structure
[2010/10/22 12:01:55.414819, 3] smbd/sec_ctx.c:210(push_sec_ctx)