samba-users May 2010 archive
Main Archive Page > Month Archives  > samba-users archives
samba-users: [Samba] (no subject)

[Samba] (no subject)

From: Thomas Burkholder <thomas.burkholder_at_nospam>
Date: Sun May 23 2010 - 13:29:19 GMT
To: samba@lists.samba.org

I've been trying to upgrade from samba 3.4.5 to 3.5.x (currently 3.5.3) on
a Ubuntu 9.10 system where I compile my own Samba. The server is a PDC for
several win2000 clients and uses an LDAP backend hosted on the same
machine. After the upgrade, clients can connect to shares but can not
perform domain logons. 3.5.3 does not build a browse list of other domains
on the subnet. Executing "net view /DOMAIN:mydomain" on the client
produces an error 59 or error 64.

Log-3 during the net view is basically the same between 3.4.5 and 3.5.3,
and I can see both successfully connect, negotiate sign/seal, and
authenticate a guest session with LDAP. After that, the working 3.4.5 log
says:

[2010/05/23 08:33:34, 3] smbd/service.c:1047(make_connection_snum)
   CLIENT (x.x.x.x) connect to service IPC$ initially as user nobody
(uid=65534, gid=65534) (pid 2454)
[2010/05/23 08:33:34, 3] smbd/sec_ctx.c:310(set_sec_ctx)
   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/05/23 08:33:34, 3] smbd/reply.c:759(reply_tcon_and_X)
   tconX service=IPC$
[2010/05/23 08:33:34, 3] smbd/process.c:1459(process_smb)
   Transaction 4 of length 129 (0 toread)
[2010/05/23 08:33:34, 3] smbd/process.c:1273(switch_message)
   switch message SMBtrans (pid 2454) conn 0xb9034f58
[2010/05/23 08:33:34, 3] smbd/sec_ctx.c:310(set_sec_ctx)
   setting sec ctx (65534, 65534) - sec_ctx_stack_ndx = 0
[2010/05/23 08:33:34, 3] smbd/ipc.c:536(handle_trans)
   trans <\PIPE\LANMAN> data=0 params=33 setup=0
[2010/05/23 08:33:34, 3] smbd/ipc.c:487(named_pipe)
   named pipe command on <LANMAN> name
[2010/05/23 08:33:34, 3] smbd/lanman.c:4694(api_reply)
   Got API command 104 of form <WrLehDz> <B16BBDz>
(tdscnt=0,tpscnt=33,mdrcnt=4200,mprcnt=8)
[2010/05/23 08:33:34, 3] smbd/lanman.c:4698(api_reply)
   Doing NetServerEnum
[2010/05/23 08:33:34, 3] smbd/lanman.c:1511(api_RNetServerEnum)
   NetServerEnum domain = mydomain uLevel=1 counted=1 total=1
[2010/05/23 08:33:34, 3] smbd/process.c:1459(process_smb)
   Transaction 5 of length 43 (0 toread)
[2010/05/23 08:33:34, 3] smbd/process.c:1273(switch_message)
   switch message SMBulogoffX (pid 2454) conn 0x0
[2010/05/23 08:33:34, 3] smbd/sec_ctx.c:310(set_sec_ctx)
   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/05/23 08:33:34, 3] smbd/reply.c:1948(reply_ulogoffX)
   ulogoffX vuid=100
[2010/05/23 08:33:34, 3] smbd/process.c:1459(process_smb)
   Transaction 6 of length 39 (0 toread)
[2010/05/23 08:33:34, 3] smbd/process.c:1273(switch_message)
   switch message SMBtdis (pid 2454) conn 0xb9034f58
[2010/05/23 08:33:34, 3] smbd/sec_ctx.c:310(set_sec_ctx)
   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/05/23 08:33:34, 3] smbd/sec_ctx.c:310(set_sec_ctx)
   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/05/23 08:33:34, 3] smbd/service.c:1226(close_cnum)
   CLIENT (x.x.x.x) closed connection to service IPC$
[2010/05/23 08:33:34, 3] smbd/connection.c:31(yield_connection)
   Yielding connection to IPC$
[2010/05/23 08:33:34, 3] smbd/sec_ctx.c:310(set_sec_ctx)
   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/05/23 08:33:34, 3] smbd/sec_ctx.c:310(set_sec_ctx)
   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/05/23 08:33:34, 3] smbd/connection.c:31(yield_connection)
   Yielding connection to
[2010/05/23 08:33:34, 3] smbd/server.c:845(exit_server_common)
   Server exit (failed to receive smb request)

where the not-working 3.5.3 says

[2010/05/23 08:25:50.455781, 3] smbd/service.c:1069(make_connection_snum)
   CLIENT (x.x.x.x) connect to service IPC$ initially as user nobody
(uid=65534, gid=65534) (pid 2128)
[2010/05/23 08:25:50.455844, 3] smbd/sec_ctx.c:310(set_sec_ctx)
   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/05/23 08:25:50.455914, 3] smbd/reply.c:846(reply_tcon_and_X)
   tconX service=IPC$
[2010/05/23 08:25:50.458037, 3] smbd/sec_ctx.c:310(set_sec_ctx)
   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/05/23 08:25:50.458221, 3] smbd/sec_ctx.c:310(set_sec_ctx)
   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/05/23 08:25:50.458326, 3] smbd/service.c:1250(close_cnum)
   CLIENT (x.x.x.x) closed connection to service IPC$
[2010/05/23 08:25:50.458394, 3] smbd/connection.c:31(yield_connection)
   Yielding connection to IPC$
[2010/05/23 08:25:50.458530, 3] smbd/sec_ctx.c:310(set_sec_ctx)
   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/05/23 08:25:50.458643, 3] smbd/connection.c:31(yield_connection)
   Yielding connection to
[2010/05/23 08:25:50.458869, 3] smbd/server.c:902(exit_server_common)
   Server exit (failed to receive smb request)
[2010/05/23 08:25:50.476063, 3] smbd/server.c:259(remove_child_pid)
   smbd/server.c:259 Unclean shutdown of pid 2128
[2010/05/23 08:25:50.476423, 1] smbd/server.c:267(remove_child_pid)
   Scheduled cleanup of brl and lock database after unclean shutdown

after which it logs a second sign/seal negotiation, authentication, and
failed $IPC connection.

smb.conf is
[global]
         unix charset = iso8859-1
         workgroup = mydomain
         server schannel = Yes
         passdb backend = ldapsam:ldap://x.x.x.x
         passwd program = /usr/sbin/smbldap-passwd %u
         passwd chat = *New*password* %n\n *Retype*new*password* %n\n
*all*authentication*tokens*updated*
         client NTLMv2 auth = Yes
         log level = 1
         syslog = 0
         log file = /var/log/samba/log.%U
         name resolve order = hosts lmhosts wins bcast
         time server = Yes
         server signing = Yes
         deadtime = 30
         keepalive = 180
         socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
         printcap name = cups
         add user script = /usr/sbin/smbldap-useradd -m "%u" -m
         delete user script = /usr/sbin/smbldap-userdel "%u"
         add group script = /usr/sbin/smbldap-groupadd -p "%g"
         delete group script = /usr/sbin/smbldap-groupdel "%g"
         add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
         delete user from group script = /usr/sbin/smbldap-groupmod -x "%u"
"%g"
         set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
         add machine script = /usr/sbin/smbldap-useradd -w "%u"
         logon script = scripts\logon.bat
         logon path = \\%L\[path]
         logon drive = z:
         logon home = \\%L\[home]
         domain logons = Yes
         os level = 65
         preferred master = Yes
         domain master = Yes
         wins support = Yes
         kernel oplocks = No
         ldap admin dn = "[----]"
         ldap machine suffix = ou=machines
         ldap passwd sync = yes
         ldap suffix = [----]
         ldap ssl = no
         ldap user suffix = ou=People
         eventlog list = syslog, apache2
         idmap uid = 10000-15000
         idmap gid = 10000-15000
         winbind enum users = Yes
         winbind enum groups = Yes
         hosts allow = 127.0.0.0/16, x.x.x.x/25
         hosts deny = all

-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba