I was running 3.0.25c (I think) LDAP PDC for a couple of years and just tried swapping in a new 3.5.4 setup. I had some problems so I wiped all the entries and *.tdb files, and started from scratch.
Problem in a nutshell: I can't browse the domain normally, nor can I logon to the domain. However I can access the server shares fine if I point to the server specifically. SOMETIMES this will then cause browsing to succeed as well. Normally I can see the domain in network neighborhood but if I click on I get the "domain is not accessible error". From a command prompt "net view /domain:DOMAIN" also typically produces an error 59. However if I "net view \\SERVER" then that works fine, and THEN I am sometimes able to successfully view the domain (about half the time sometimes more). I am able to successfully join machines to the domain (they show up in LDAP) but am unable to login to the domain from any of them. On XP/SP3 boxes the error is "the system cannot log you on now because the domain DOMAIN is not available", while Windows 7 says "there are currently no logon servers available to service the logon request" I have looked at the smb/nmb/winbind logs at level 3 and near as I can tell everything is operating correctly although something seems to be crashing a lot--there are many entries about brl and lock database after unclean shutdown. I don't know SMB protocol very well but from watching some wireshark traces and reading the corresponding logs it looks like the nodes are negotiating IPC$ connection but not getting data. Client asks for copy 4, server offers copy 1, client negotiates TCP/IP session then closes, and everything starts over again. Perhaps once they authenticate (enough to view \\SERVER shares) the negotiation is reused and this is what works? Are there security permissions on IPC$ that need to be set? Where should I be looking and what should I be looking for? Thanks -- Eric A. Hall http://www.eric-a-hall.com/ Network Technology Research Group http://www.ntrg.com/ Internet Core Protocols http://www.oreilly.com/catalog/coreprot/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
