Environment: Clients: Win 2000 Server: Suse Linux Enterprise Server 10.1 Package: Prebuild Samba 3.0.24-2.23 I have a situation where joining Samba domain works just fine when I am joining an installed client but it fails with a "User name not found" error when joining a client during OS installation. After looking at the logs I found that when a client is joined during installation the Samba does not receive correct clients NetBios name ( the value thats bound to %m ). Instead of actual name it receives a literal string "machinename". My "add machine script" faithfully adds an account for "machinename$" but when client tries to join it is unable to find the right account. Thus the dreaded "user name not found". Of course if I add the correct account before the join attempt everything works like on butter. This behavior goes not occur when I join already installed workstations. The Samba receives the correct NetBios name and the computer account is created successfully. I don't think this is the Clients fault because if its a non Samba DC then everything works. I am using Unattended for installation but I don't thing that it matters. Unattended only generates the standard file for Windows unattended installation. smb.conf. [global] log file = /var/log/samba/samba.log log level = 3 #syslog = 3 workgroup = NETCE.com printing = cups printcap name = cups printcap cache time = 750 cups options = raw map to guest = Bad User include = /etc/samba/dhcp.conf logon path = \\%L\profiles\%U\Profile logon drive = H: logon home = "" # Sending more information than needed to the script for logging purposes. add machine script = /cluster/samba-ntprofiles/create_computer_account2 %M %m %U domain logons = Yes domain master = Yes local master = Yes os level = 65 passdb backend = ldapsam:ldap://############### preferred master = Yes security = user usershare max shares = 100 logon script = scripts\logon.bat %U %G %m samba 1>>\\%L\profiles\.log\logon.log 2>>&1 netbios name = samba ldap admin dn = ################################## ldap passwd sync = Yes ldap suffix = dc=netce,dc=com ldap group suffix = ou=group ldap user suffix = ou=people wins support = Yesinstal idmap backend = ldap:ldap://################ ldap idmap suffix = ou=idmap ldap machine suffix = ou=machine ldap ssl = Off hide dot files = Yes hide special files = Yes hide unreadable = Yes username map = /etc/samba/smbusers guest account = nobody server string = Samba NETServer host msdfs = Yes #interfaces = eth1 eth0 interfaces = 192.168.8.2 192.168.9.2 127.0.0.1 bind interfaces only = yes time server = Yes dos filetimes = Yes usershare allow guests = No winbind enum users = yes winbind enum groups = yes #winbind expand groups = 3 browseable = Yes map archive = No When joining the client during installation the log contains a line: [2007/11/13 16:03:41, 3] passdb/pdb_interface.c:pdb_default_create_user(368) _samr_create_user: Running the command `/cluster/samba-ntprofiles/create_computer_account2 192.168.9.99 machinename netce.admin' gave 0 This is a copy from the log. "MachineName" is what samba thinks is the NetBios of the client when in fact it is something like "test_comp..." When an installed client is being joined the same line is as followes. [2007/11/14 09:20:07, 3] passdb/pdb_interface.c:pdb_default_create_user(368) _samr_create_user: Running the command `/cluster/samba-ntprofiles/create_computer_account2 192.168.9.97 testcomp01 netce.admin' gave 0 I'll try to attach sniffs and full logs later.
Created attachment 2968 [details] Samba log for joining of the client during installation
Created attachment 2969 [details] Samba log for joining of the installed client
Created attachment 2970 [details] Ethereal sniff for joining client during installation
Created attachment 2971 [details] Ethereal sniff for joining installed client
Set "smb ports = 139"
(In reply to comment #5) > Set "smb ports = 139" > Yes that fixed the problem. But it seems like a hack, not a solution. Do you really think that blocking port 445 is the final solution. Actually, port 455 supposed to be the newer implementation of SMB protocol. Wouldn't I loose some functionality by blocking it? I believe there is a bug in the samba code that prevents it from getting correct clients name. According to sniffs the name is in the packets. Samba just don't see it. Please explain to me if you think that I am wrong. I am not familiar with how exactly Samba works internally, but have experience setting up company level network.
(In reply to comment #6) > (In reply to comment #5) > > Set "smb ports = 139" > > > > Yes that fixed the problem. But it seems like a hack, not a solution. Do you > really think that blocking port 445 is the final solution. YYes I do. In fact, the useradd (and machine add) should use %u and not %m. %m is the NetBIOS machine name and is only reliably available when the client establishes a NetBIOS session (which it does not on port 445).
(In reply to comment #5) > Set "smb ports = 139" > (In reply to comment #7) > (In reply to comment #6) > > (In reply to comment #5) > > > Set "smb ports = 139" > > > > > > > Yes that fixed the problem. But it seems like a hack, not a solution. Do you > > really think that blocking port 445 is the final solution. > > YYes I do. In fact, the useradd (and machine add) should use %u and > not %m. %m is the NetBIOS machine name and is only reliably available > when the client establishes a NetBIOS session (which it does not on port 445). > (In reply to comment #7) > (In reply to comment #6) > > (In reply to comment #5) > > > Set "smb ports = 139" > > > > > > > Yes that fixed the problem. But it seems like a hack, not a solution. Do you > > really think that blocking port 445 is the final solution. > > YYes I do. In fact, the useradd (and machine add) should use %u and > not %m. %m is the NetBIOS machine name and is only reliably available > when the client establishes a NetBIOS session (which it does not on port 445). > Thanks. Using %u instead of %m is definitely a better solution than blocking the port. Thanks for the explanation too.