Re: [Samba] Win7 Joining Domain, LDAP Profile Created but Join Fails
Hello Since SP1 of Windows 7, the Registry Settings of: HKLM\System\CCS\Services\Netlogon\Parameters DWORD RequireSignOrSeal = 1 DWORD RequireStrongKey = 1 Are not longer required to set to 0 and back 1 after join. This symptoms seems the me comming more from a wrongly configured winbind and id mapping. Can You post the ldap content and the smb.conf [global] settings? Regards Roland - Ursprüngliche Mail - Von: Anthony Boccia aboc...@afilias.info An: John Drescher dresche...@gmail.com CC: samba@lists.samba.org Gesendet: Freitag, 3. August 2012 17:38:37 Betreff: Re: [Samba] Win7 Joining Domain, LDAP Profile Created but Join Fails On Sat, Jul 28, 2012 at 9:06 AM, John Drescher dresche...@gmail.com wrote: I am back with yet another issue. I am currently running a Samba 3.5.10-125 PDC on RHEL 6.2. My backend is LDAP, and I am using the smbldap scripts for dealing with ldap profiles related to my samba instance. Currently I am able to fully browse all shares, and ID's for the users are mapped just fine. I run into my problem when attempting to join the domain. It seems the profile is created in ldap for the workstation as it should, however I am faced with a windows error stating that The Specified computer account could not be found. I have attached my config as well as DebugLevel 10 Log output when attempting to join. Any ideas as to what I could be doing wrong, or what could be causing my samba woes, would be greatly appreciated. Did you enable the registry settings? http://wiki.samba.org/index.php/Windows7 Also does the join succeed the second time? John Yes the registry settings are enables, and it failed the second time, it fails everytime :-( -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- Ziil Informatiklösungen GmbH Roland Käser Leiter Technik Romanshornerstr. 134, CH-8280 Kreuzlingen Tel: +41 71 671 27 78 Fax: +41 71 671 27 79 www.ziil.ch -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Strange: Repeatedly lose domain functionality
Hello All Since several weeks, we face a very strange problem with a samba pdc and ldapsam. It repeatedly seems to loose its pdc functionality. This brings very strange behaviours. The server is then already accessable (shares and browsing works as expected), but the windows machines cannot make a domain logon anymore (has then a priori no effect because they use their cached password), joining new machines to the domain is not longer possible and a new user cannot create a new roaming profile (creates only temporary profiles). After a samba restart, the server works again as expected. But one or a few days later, it begins again with the same problems until the samba service is restarted again. The log files don't say something special to this behaviour. Nscd isn't running. Using Samba 3.5.10 on a Centos 5.5 x64, 4GB Memory, 35 users. Has somebody experienced the same problems? Thanks Roland the samba smb.conf: workgroup = SAMBA netbios name = HALLE netbios aliases = INSTALL security = user domain logons = yes load printers = yes printing = cups cups options = raw guest account = guest # log file = /var/log/samba/%M.log log file = /var/log/samba/smbd.log log level = 0 sam:1 passdb:1 auth:1 winbind:1 # log level = 1 sam:16 passdb:16 auth:16 winbind:4 # log level = 1 tdb:16 sam:16 passdb:16 auth:16 ldap:16 # algorithmic rid base = 2000 os level = 64 local master = yes domain master = yes preferred master = yes logon script = login.cmd logon path = \\HALLE\Profiles\%U logon home = \\HALLE\Profiles\%U\.9xprofile logon drive = Z: password level = 8 wins support = yes dns proxy = yes passdb backend = ldapsam:ldap://localhost ldapsam:trusted = yes ldapsam:editposix = yes unix password sync = Yes nt pipe support = Yes nt status support = Yes time server = Yes ldap ssl = no host msdfs = no ldap suffix = dc=methabau-pur,dc=local ldap delete dn = yes ldap admin dn = uid=admin,dc=methabau-pur,dc=local ldap idmap suffix = ou=idmap ldap user suffix = ou=users ldap group suffix = ou=groups ldap machine suffix = ou=machines ldap passwd sync = yes null passwords = yes hide files = /desktop.ini/ntuser.ini/NTUSER.*/Thumbs.db/ admin users = Administrator map acl inherit = no socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY IPTOS_THROUGHPUT SO_SNDBUF=8192 SO_RCVBUF=8192 getwd cache = yes oplocks = yes read raw = yes write raw = yes level2 oplocks = no map archive = yes map hidden = no map read only = yes map system = no store dos attributes = no passwd program = /usr/sbin/smbldap-passwd %u idmap backend = ldap:ldap://localhost idmap uid = 1000-5 idmap gid = 1000-5 idmap cache time = 420 winbind cache time = 420 idmap alloc backend = ldap idmap alloc config : ldap_url = ldap://localhost idmap alloc config : ldap_base_dn = ou=idmap,dc=methabau-pur,dc=local idmap alloc config : ldap_user_dn = uid=admin,dc=methabau-pur,dc=local idmap alloc config : range = 1000-2 winbind enum users = yes winbind enum groups = yes add user script = /usr/sbin/smbldap-useradd -m '%u' delete user script = /usr/sbin/smbldap-userdel %u add group script = /usr/sbin/smbldap-groupadd -p '%g' delete group script = /usr/sbin/smbldap-groupdel '%g' add user to group script = /usr/sbin/smbldap-groupmod -m ’%u ’ ’%g ’ delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g' set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u' add machine script = /usr/sbin/smbldap-useradd -w '%u' # Share Definitions == [homes] comment = Home Directories browseable = no writable = yes create mode = 0700 vfs objects = recycle recycle:repository = .Papierkorb recycle:versions = Yes recycle:keeptree = yes recycle:touch = Yes aio write size = 16384 aio read size = 16384 write cache size = 2097152 [Netlogon] comment = Network Logon Service path = /Services/Netlogon guest ok = yes writable = no share modes = no aio write size = 16384 aio read size = 16384 write cache size = 2097152 [Profiles] comment = Network Profiles Share read only = no store dos attributes = yes force user = %U create mask = 0600 directory mask = 0700 path = /Services/Profiles aio write size = 16384 write cache size = 2097152 allocation roundup size = 2097152 use sendfile = yes browseable = no writable = yes guest ok = no printable = no csc policy = programs hide files = /desktop.ini/outlook*.lnk/*Briefcase*/ profile acls = yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Machines randomly kicks out of the domain
Hello Sorry to ask here, but all googeling doesn't helped. We have several samba domains (samba 3.5.6) with ldap backed and windows 7 clients, which worked fine so far. Know we begin to see that random machines begin to kick out of the domain with the error: _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth request from client MBBUCHHALTUNG04 machine account MBBUCHHALTUNG04$ Nothing was changed (no updates or anything else) on the client machine nor the samba server. The registry keys for SignOrSeal and StrongKey are already set correctly. I can't see any additional error Maybe somebody faced the same problem and give me a hint. Thanks a lot. Roland The Full log for the login try of the machine is: [2011/06/21 11:49:33.372812, 2] passdb/pdb_ldap.c:572(init_sam_from_ldap) init_sam_from_ldap: Entry found for user: MBBUCHHALTUNG04$ [2011/06/21 11:49:33.372837, 10] passdb/pdb_get_set.c:608(pdb_set_username) pdb_set_username: setting username MBBUCHHALTUNG04$, was [2011/06/21 11:49:33.372867, 11] passdb/pdb_get_set.c:510(pdb_set_init_flags) element 12 - now SET [2011/06/21 11:49:33.372894, 10] passdb/pdb_get_set.c:631(pdb_set_domain) pdb_set_domain: setting domain METHABAU-PUR, was [2011/06/21 11:49:33.372908, 11] passdb/pdb_get_set.c:522(pdb_set_init_flags) element 14 - now DEFAULT [2011/06/21 11:49:33.372922, 10] passdb/pdb_get_set.c:654(pdb_set_nt_username) pdb_set_nt_username: setting nt username MBBUCHHALTUNG04$, was [2011/06/21 11:49:33.372935, 11] passdb/pdb_get_set.c:510(pdb_set_init_flags) element 15 - now SET [2011/06/21 11:49:33.372952, 10] passdb/pdb_get_set.c:550(pdb_set_user_sid_from_string) pdb_set_user_sid_from_string: setting user sid S-1-5-21-2999790742-1775305604-2893609491-1046 [2011/06/21 11:49:33.372966, 10] passdb/pdb_get_set.c:537(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-21-2999790742-1775305604-2893609491-1046 [2011/06/21 11:49:33.372981, 11] passdb/pdb_get_set.c:510(pdb_set_init_flags) element 18 - now SET [2011/06/21 11:49:33.372994, 11] passdb/pdb_get_set.c:299(pdb_get_init_flags) element 18: SET [2011/06/21 11:49:33.373010, 11] passdb/pdb_get_set.c:510(pdb_set_init_flags) element 21 - now SET [2011/06/21 11:49:33.373051, 10] passdb/pdb_get_set.c:677(pdb_set_fullname) pdb_set_full_name: setting full name MBBUCHHALTUNG04$, was [2011/06/21 11:49:33.373065, 11] passdb/pdb_get_set.c:510(pdb_set_init_flags) element 13 - now SET [2011/06/21 11:49:33.373081, 10] passdb/pdb_get_set.c:746(pdb_set_dir_drive) pdb_set_dir_drive: setting dir drive Z:, was NULL [2011/06/21 11:49:33.373094, 11] passdb/pdb_get_set.c:522(pdb_set_init_flags) element 3 - now DEFAULT [2011/06/21 11:49:33.373113, 10] passdb/pdb_get_set.c:770(pdb_set_homedir) pdb_set_homedir: setting home dir \\HALLE\Profiles\mbbuchhaltung04_\.9xprofile, was [2011/06/21 11:49:33.373127, 11] passdb/pdb_get_set.c:522(pdb_set_init_flags) element 1 - now DEFAULT [2011/06/21 11:49:33.373144, 10] passdb/pdb_get_set.c:700(pdb_set_logon_script) pdb_set_logon_script: setting logon script login.cmd, was [2011/06/21 11:49:33.373157, 11] passdb/pdb_get_set.c:522(pdb_set_init_flags) element 4 - now DEFAULT [2011/06/21 11:49:33.373175, 10] passdb/pdb_get_set.c:723(pdb_set_profile_path) pdb_set_profile_path: setting profile path \\HALLE\Profiles\mbbuchhaltung04_, was [2011/06/21 11:49:33.373189, 11] passdb/pdb_get_set.c:522(pdb_set_init_flags) element 2 - now DEFAULT [2011/06/21 11:49:33.373218, 11] passdb/pdb_get_set.c:510(pdb_set_init_flags) element 32 - now SET [2011/06/21 11:49:33.373250, 11] passdb/pdb_ldap.c:4057(ldapsam_get_account_policy) ldapsam_get_account_policy: got valid value from cache [2011/06/21 11:49:33.373272, 11] passdb/pdb_get_set.c:510(pdb_set_init_flags) element 20 - now SET [2011/06/21 11:49:33.373286, 11] passdb/pdb_get_set.c:510(pdb_set_init_flags) element 16 - now SET [2011/06/21 11:49:33.373298, 11] passdb/pdb_get_set.c:510(pdb_set_init_flags) element 17 - now SET [2011/06/21 11:49:33.373396, 7] passdb/login_cache.c:88(login_cache_read) Looking up login cache for user MBBUCHHALTUNG04$ [2011/06/21 11:49:33.373415, 7] passdb/login_cache.c:104(login_cache_read) No cache entry found [2011/06/21 11:49:33.373428, 9] passdb/pdb_ldap.c:1126(init_sam_from_ldap) No cache entry, bad count = 0, bad time = 0 [2011/06/21 11:49:33.373443, 11] passdb/pdb_get_set.c:499(pdb_set_init_flags) element 34 - now CHANGED [2011/06/21 11:49:33.373474, 11] passdb/pdb_ldap.c:4057(ldapsam_get_account_policy) ldapsam_get_account_policy: got valid value from cache [2011/06/21 11:49:33.373493, 11] passdb/pdb_get_set.c:309(pdb_get_init_flags) element 3: DEFAULT [2011/06/21 11:49:33.373506, 11] passdb/pdb_get_set.c:309(pdb_get_init_flags) element 1: DEFAULT [2011/06/21 11:49:33.373519, 11] passdb/pdb_get_set.c:309(pdb_get_init_flags) element 4: DEFAULT [2011/06/21 11:49:33.373531, 11]
Re: [Samba] Machines randomly kicks out of the domain
Hello All Thanks very much for the great hints! I would have never thought about that in 100years! We just made the changes to the workstations and added a hack to our unattended setup. Thank You all. Regards Roland - Ursprüngliche Mail - Von: Daniel Müller muel...@tropenklinik.de An: Roland Kaeser roland.kae...@ziil.ch, samba@lists.samba.org Gesendet: Dienstag, 21. Juni 2011 13:31:37 Betreff: AW: [Samba] Machines randomly kicks out of the domain Hello, Try [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Netlogon\Parameters] Update=no On your Win7 clients. We had the same issue solved by doing this. --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Roland Kaeser Gesendet: Dienstag, 21. Juni 2011 13:01 An: samba@lists.samba.org Betreff: [Samba] Machines randomly kicks out of the domain Hello Sorry to ask here, but all googeling doesn't helped. We have several samba domains (samba 3.5.6) with ldap backed and windows 7 clients, which worked fine so far. Know we begin to see that random machines begin to kick out of the domain with the error: _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth request from client MBBUCHHALTUNG04 machine account MBBUCHHALTUNG04$ Nothing was changed (no updates or anything else) on the client machine nor the samba server. The registry keys for SignOrSeal and StrongKey are already set correctly. I can't see any additional error Maybe somebody faced the same problem and give me a hint. Thanks a lot. Roland The Full log for the login try of the machine is: [2011/06/21 11:49:33.372812, 2] passdb/pdb_ldap.c:572(init_sam_from_ldap) init_sam_from_ldap: Entry found for user: MBBUCHHALTUNG04$ [2011/06/21 11:49:33.372837, 10] passdb/pdb_get_set.c:608(pdb_set_username) pdb_set_username: setting username MBBUCHHALTUNG04$, was [2011/06/21 11:49:33.372867, 11] passdb/pdb_get_set.c:510(pdb_set_init_flags) element 12 - now SET [2011/06/21 11:49:33.372894, 10] passdb/pdb_get_set.c:631(pdb_set_domain) pdb_set_domain: setting domain METHABAU-PUR, was [2011/06/21 11:49:33.372908, 11] passdb/pdb_get_set.c:522(pdb_set_init_flags) element 14 - now DEFAULT [2011/06/21 11:49:33.372922, 10] passdb/pdb_get_set.c:654(pdb_set_nt_username) pdb_set_nt_username: setting nt username MBBUCHHALTUNG04$, was [2011/06/21 11:49:33.372935, 11] passdb/pdb_get_set.c:510(pdb_set_init_flags) element 15 - now SET [2011/06/21 11:49:33.372952, 10] passdb/pdb_get_set.c:550(pdb_set_user_sid_from_string) pdb_set_user_sid_from_string: setting user sid S-1-5-21-2999790742-1775305604-2893609491-1046 [2011/06/21 11:49:33.372966, 10] passdb/pdb_get_set.c:537(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-21-2999790742-1775305604-2893609491-1046 [2011/06/21 11:49:33.372981, 11] passdb/pdb_get_set.c:510(pdb_set_init_flags) element 18 - now SET [2011/06/21 11:49:33.372994, 11] passdb/pdb_get_set.c:299(pdb_get_init_flags) element 18: SET [2011/06/21 11:49:33.373010, 11] passdb/pdb_get_set.c:510(pdb_set_init_flags) element 21 - now SET [2011/06/21 11:49:33.373051, 10] passdb/pdb_get_set.c:677(pdb_set_fullname) pdb_set_full_name: setting full name MBBUCHHALTUNG04$, was [2011/06/21 11:49:33.373065, 11] passdb/pdb_get_set.c:510(pdb_set_init_flags) element 13 - now SET [2011/06/21 11:49:33.373081, 10] passdb/pdb_get_set.c:746(pdb_set_dir_drive) pdb_set_dir_drive: setting dir drive Z:, was NULL [2011/06/21 11:49:33.373094, 11] passdb/pdb_get_set.c:522(pdb_set_init_flags) element 3 - now DEFAULT [2011/06/21 11:49:33.373113, 10] passdb/pdb_get_set.c:770(pdb_set_homedir) pdb_set_homedir: setting home dir \\HALLE\Profiles\mbbuchhaltung04_\.9xprofile, was [2011/06/21 11:49:33.373127, 11] passdb/pdb_get_set.c:522(pdb_set_init_flags) element 1 - now DEFAULT [2011/06/21 11:49:33.373144, 10] passdb/pdb_get_set.c:700(pdb_set_logon_script) pdb_set_logon_script: setting logon script login.cmd, was [2011/06/21 11:49:33.373157, 11] passdb/pdb_get_set.c:522(pdb_set_init_flags) element 4 - now DEFAULT [2011/06/21 11:49:33.373175, 10] passdb/pdb_get_set.c:723(pdb_set_profile_path) pdb_set_profile_path: setting profile path \\HALLE\Profiles\mbbuchhaltung04_, was [2011/06/21 11:49:33.373189, 11] passdb/pdb_get_set.c:522(pdb_set_init_flags) element 2 - now DEFAULT [2011/06/21 11:49:33.373218, 11] passdb/pdb_get_set.c:510(pdb_set_init_flags) element 32 - now SET [2011/06/21 11:49:33.373250, 11] passdb/pdb_ldap.c:4057(ldapsam_get_account_policy) ldapsam_get_account_policy: got valid value from cache