On Tue, Jan 18, 2011 at 1:03 PM, Farhan Ahmad <[email protected]> wrote:
> Hi, > > I am setting up a PDC with LDAP, but having no luck with it. Basically, > the > Win XP computer successfully joins the domain, but after restarting when I > try to login it says "The system cannot log you on now because the domain > THEBITGURU.LAN is not available." I am running a Ubuntu 10.10 server with > Samba 3.5.4 and OpenLDAP 2.4.3 (slapd). > > I have compressed all of the samba logs (/var/log/samba) files along with > the smb.conf: > http://www.thebitguru.com/site_media/uploads/samba_troubleshooting.tar.gz I > turned up the logging (log level = 4) and created a folder with the log > files after each step. > > Below is what I have gathered so far about the different steps. > > *Relevant Notes* > > 1. I installed ClearOS on another virtual machine and set it up as a PDC. > This same WinXP virtual machine successfully joined that domain and was > able to login without any issues. So, I am concluding that the client is > setup correctly. > 1. I even tried comparing the smb.conf files and updating the one my > actual server, but no luck. > 2. Another Windows 7 machine with the changes listed on > http://wiki.samba.org/index.php/Windows7 behaves similarly, i.e. cannot > login after joining the domain. > 3. I can mount the share (\\visionary\shared) served by this server on > both WinXP and Windows 7 without any issues. This tells me that the > authentication with the LDAP server is working OK. > > * > * > *Domain Join (log files in after_domain_join folder)* > 1. Note how the sending machine correctly sent the user and domains in this > case. > [2011/01/18 10:24:35.521835, 3] libsmb/ntlmssp.c:747(ntlmssp_server_auth) > Got user=[root] domain=[THEBITGURU.LAN] workstation=[VIRTUALXP-32744] > len1=24 len2=24 > > 2. Also, note that the user authentication and mapping seemed to work OK in > this case. > [2011/01/18 10:24:35.521954, 3] auth/auth.c:219(check_ntlm_password) > check_ntlm_password: mapped user is: > [THEBITGURU.LAN]\[root]@[VIRTUALXP-32744] > . > . > . > [2011/01/18 10:24:35.523891, 2] passdb/pdb_ldap.c:572(init_sam_from_ldap) > init_sam_from_ldap: Entry found for user: root > > > 3. Even though the Win XP system says that it joined the domain OK, the > following output in the log file seems suspicious. This is at the end of > log.virtualxp-32744. > [2011/01/18 10:24:36.932921, 3] smbd/connection.c:31(yield_connection) > Yielding connection to > [2011/01/18 10:24:36.933031, 3] smbd/server.c:906(exit_server_common) > Server exit (failed to receive smb request) > > > *First Failed Login** (log files in after_first_failed_login folder)* > 1. Unlike #1 above, in this case we neither see the user nor the domain. I > think this is where the problem lies. > [2011/01/18 10:26:01.920055, 3] libsmb/ntlmssp.c:747(ntlmssp_server_auth) > Got user=[] domain=[] workstation=[VIRTUALXP-32744] len1=1 len2=0 > > 2. The server still falls back to the domain, but still no user. > [2011/01/18 10:26:01.920172, 3] auth/auth.c:219(check_ntlm_password) > check_ntlm_password: mapped user is: > [THEBITGURU.LAN]\[]@[VIRTUALXP-32744] > > 3. So it goes looking for the guest user. > [2011/01/18 10:26:01.922536, 3] auth/auth.c:265(check_ntlm_password) > check_ntlm_password: guest authentication for user [] succeeded > > 4. There might be other weird things, for instance, the "Server exit > (failed > to receive smb request)" message, but I can figure out the issue with #1 > then I am thinking that the rest will be fixed. > > > > I have tried a lot of stuff, but haven't had any luck. What should I do > next to fix this issue? > > Thanks! > Farhan > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > It looks to me like communication issue. Put tcpdump and check for dropped packets. Is there a firewall between the systems? Does the kinit <username> works? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
