Re: [Samba] Samba PDC not in network environment (Windows 7/8)
Something weird... I connected one notbook to another samba (v3.5.5) network. Logged in as a local user on the notebook and guess what. The complete network environment is shown. The main difference between these two networks, apart form the version number of smbd, is that the working network is based on ldap while the not working network is based on tdb. Another small difference in smb.conf: 3.5.5: name resolve order = bcast lmhosts host 3.6.12: name resolve order = wins bcast lmhosts hosts Going to check if it has any impact if I remove wins from name resolve order. And another small difference: In v3.5.5 computers are members of Domain Users while v3.6.12 lists them in Domain Computers. Also going to check if this makes any difference. The last thing I will check is if it makes any difference when I login to a local account on my client. Will keep you updated. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba PDC not in network environment (Windows 7/8)
I recently changed my clients (3 notebooks, 2 desktop pcs) from Windows XP Pro
to Windows 7/8 Pro. I followed the guides that can be found on samba.org and
all
over the internet. Client migration worked after some minor trouble. There is
only one thing left that I could no resolve the last few days. All clients see
each other under Network but no client sees my samba server.
Though the samba PDC cannot be seen most of the network related stuff works as
expected. Domain logons work, the per user netlogon script ist executed
(network
shares on the PDC get mapped, time is synced), shares can be opened with
\\PDC\share. Executing nbtstat on the clients works except for
-[s|S|R|RR]
which results in no connection. Executing smbtree -N | smbclient -N works
on
the PDC.
To prevent common questions:
- client installation is not older than 30 days
- disabled pw change after 30 days in registry
- no firewall on clients
- PDC firewall allows traffic to and from ports 137-139,445
- samba version Version 3.6.12-162.1-2943-SUSE-SL12.1-x86_64
Output of netstat -an | egrep '13[789]|445'
tcp0 0 0.0.0.0:139 0.0.0.0:* LISTEN
tcp0 0 0.0.0.0:445 0.0.0.0:* LISTEN
tcp0 0 192.168.11.10:60002 192.168.11.230:445 VERBUNDEN
udp0 0 192.168.11.255:137 0.0.0.0:*
udp0 0 192.168.11.10:137 0.0.0.0:*
udp0 0 0.0.0.0:137 0.0.0.0:*
udp0 0 192.168.11.255:138 0.0.0.0:*
udp0 0 192.168.11.10:138 0.0.0.0:*
udp0 0 0.0.0.0:138 0.0.0.0:*
Remark: 192.168.11.230 is a nas storage which cannot be seen from clients
either.
My smb.conf:
[global]
unix charset = UTF8
display charset = UTF8
workgroup = MyWorkgroupName
server string = MyServerString
netbios name = MyServerName
netbios aliases = PDC
interfaces = eth0, 127.0.0.0/8
bind interfaces only = no
map to guest = Bad User
passdb backend = tdbsam
username map = /etc/samba/smbusers
username level = 1
server signing = auto
max protocol = SMB2
client NTLMv2 auth = Yes
log level = 2 smb:1 auth:1 sam:1 acls:1 passdb:1 tdb:1 winbind:1 idmap:1
syslog = 0
log file = /var/log/samba/log.%m
max xmit = 65535
name resolve order = wins bcast lmhosts hosts
time server = Yes
deadtime = 10
paranoid server security = No
socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY SO_BROADCAST SO
_SNDBUF=16384 SO_RCVBUF=16384
hostname lookups = Yes
add user script = /usr/sbin/useradd -d /home/%u -g users -k /etc/samba/s
kel -m -s /bin/false %u
delete user script = /usr/sbin/userdel %u
add user to group script = /usr/sbin/usermod -G %g %u
set primary group script = /usr/sbin/usermod -g %g %u
delete user from group script = /usr/sbin/groupmod -R %u %g
add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody -s
/bin/false -g machines %u
logon script = %U.bat
logon path = \\%N\profiles\%U\%a
domain logons = Yes
os level = 88
preferred master = Yes
domain master = Yes
local master = yes
time server = yes
wins support = Yes
client use spnego = no
ldap ssl = no
winbind enum users = Yes
winbind enum groups = Yes
winbind expand groups = 3
winbind use default domain = no
winbind rpc only = Yes
winbind offline logon = no
idmap config * : backend = tdb
idmap config * : range = 15000 - 25000
encrypt passwords = yes
pam password change = yes
passwd program = /usr/bin/passwd %u
passwd chat = Neues*Passwort* %n\nGeben Sie das neue Passwort erneut ein
* %n\nPass*dert.\n
veto files = /*.eml/*.nws/riched20.dll/*.{*}/
dos filetime resolution = Yes
printing = cups
printcap = cups
[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
write list = @samba-domain-admins @Administrators
read list = @samba-domain-users @machines @Familie
force group = samba-domain-users
browseable = No
[profiles]
path = /var/lib/samba/profiles
profile acls = yes
csc policy = disable
read only = No
browsable = no
store dos attributes = yes
guest ok = no
printable = no
hide files = /desktop.ini/*Briefcase*/
write list = %S %S%w%D root
hosts allow = 192.168.11., 127.0.0.1, 10.168.11.
create mask = 0600
directory mask = 0700
[IPC$]
path
Re: [Samba] Samba PDC not in network environment (Windows 7/8)
Something I came across. Don't know if it is related. Trying to connect to a Windows 8 share from my PDC results in cli_session_setup: NT1 session setup failed: NT_STATUS_INVALID_PARAMETER session setup failed: NT_STATUS_INVALID_PARAMETER when client NTLMv2 auth = yes set in smb.conf. smbtree executed by a domain admin user lists all shares on PDC and nas but only the name of the client. Changing settings to client NTLMv2 auth = no client lanman auth = yes gives access to shares on the Windows 8 client. smbtree lists all adminstrative shares (C$, D$, etc.) on Windows 8 client. --- There are some entries in the samba logfile for client JOGO which seem to be problem related: [2013/02/21 12:17:27.638163, 0] rpc_server/srv_pipe.c:500(pipe_schannel_auth_bi nd) pipe_schannel_auth_bind: Attempt to bind using schannel without successful ser verauth2 [2013/02/21 12:17:27.762403, 2] rpc_server/samr/srv_samr_nt.c:4071(_samr_Lookup Domain) Returning domain sid for domain MyDomainName - S-1-5-21-3406496673- 2355577635-1274 693878 [2013/02/21 12:17:32.774569, 2] ../libcli/auth/credentials.c:308(netlogon_creds _server_check_internal) credentials check failed [2013/02/21 12:17:32.774681, 0] rpc_server/netlogon/srv_netlog_nt.c:976(_netr_S erverAuthenticate3) _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth request from client JOGO machine account JOGO$ [2013/02/21 12:17:32.777495, 2] rpc_server/samr/srv_samr_nt.c:4071(_samr_Lookup Domain) Returning domain sid for domain MyDomainName - S-1-5-21-3406496673- 2355577635-1274 693878 [2013/02/21 12:17:45.665467, 2] smbd/smb2_server.c:2628(smbd_smb2_request_incom ing) smbd_smb2_request_incoming: client read error NT_STATUS_CONNECTION_RESET [2013/02/21 12:18:03.168300, 2] smbd/smb2_server.c:2628(smbd_smb2_request_incom ing) smbd_smb2_request_incoming: client read error NT_STATUS_CONNECTION_RESET [2013/02/21 12:18:50.279081, 2] smbd/smb2_server.c:2628(smbd_smb2_request_incom ing) smbd_smb2_request_incoming: client read error NT_STATUS_CONNECTION_RESET [2013/02/21 12:21:36.293203, 2] smbd/smb2_server.c:2628(smbd_smb2_request_incom ing) smbd_smb2_request_incoming: client read error NT_STATUS_CONNECTION_RESET -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC not in network environment (Windows 7/8)
Jörg Nissen joerg at nissen.de.hm writes: Looks like I'm talking to myself all the time. Anyway, solved this small problem. Accidentally the parameter client use spnego was set to no during testing. Setting it back to yes made the client tools on the server behave normally. Still looking for help on my starting post. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
