Bug 25469

Summary: Login problem on SAMBA server.
Product: [Retired] Red Hat Linux Reporter: Niels B. Andersen <nba>
Component: sambaAssignee: Trond Eivind Glomsrxd <teg>
Status: CLOSED CURRENTRELEASE QA Contact: David Lawrence <dkl>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.0CC: abartlet
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2001-08-25 07:41:23 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Niels B. Andersen 2001-02-01 11:19:39 UTC 
Login problem on SAMBA server.

Sometimes it is not possible to logon on the Samba server. It says 
something like no domain controller available, or bad password. When you 
hit enter again, without changing or retyping the password you will 
sometimes be able to logon. Maybe not the first time, but normally sooner 
or later. Sometimes it is necessary to reboot both the server and the 
workstation. 
After successfully login, everything works fine until next login.

It might be a configuration problem, but why is it working most of the 
time ?

I have learned from the internet that others have the same problem, but no 
one has found the problem
As far as I know.

/Niels

I have cleaned out logentries except from the start-up and from the 31st. 
When you can see the problem.

Included smb.conf, error log from client and server


Log.smb


 [2001/01/25 09:11:21, 1] smbd/server.c:main(641)
  smbd version 2.0.7 started.
  Copyright Andrew Tridgell 1992-1998
[2001/01/25 09:11:21, 0] param/loadparm.c:map_parameter(1681)
  Unknown parameter encountered: "comments"
[2001/01/25 09:11:21, 0] param/loadparm.c:lp_do_parameter(2223)
  Ignoring unknown parameter "comments"
[2001/01/25 09:11:22, 1] smbd/files.c:file_init(216)
  file_init: Information only: requested 10000 open files, 1014 are 
available.
 [2001/01/31 09:55:01, 1] lib/util_sock.c:client_name(1007)
  Gethostbyaddr failed for 192.168.1.10
[2001/01/31 09:57:06, 1] lib/util_sock.c:client_name(1007)
  Gethostbyaddr failed for 192.168.1.10
[2001/01/31 10:16:22, 1] lib/util_sock.c:client_name(1007)
  Gethostbyaddr failed for 192.168.1.11
[2001/01/31 10:16:28, 1] lib/util_sock.c:client_name(1007)
  Gethostbyaddr failed for 192.168.1.11
[2001/01/31 10:16:31, 1] lib/util_sock.c:client_name(1007)
  Gethostbyaddr failed for 192.168.1.11
[2001/01/31 11:30:28, 1] lib/util_sock.c:client_name(1007)
  Gethostbyaddr failed for 192.168.1.11
[2001/01/31 11:30:49, 1] lib/util_sock.c:client_name(1007)
  Gethostbyaddr failed for 192.168.1.11
[2001/01/31 11:30:51, 1] lib/util_sock.c:client_name(1007)
  Gethostbyaddr failed for 192.168.1.11
[2001/01/31 11:30:55, 1] lib/util_sock.c:client_name(1007)
  Gethostbyaddr failed for 192.168.1.11
[2001/01/31 14:26:54, 1] lib/util_sock.c:client_name(1007)
  Gethostbyaddr failed for 192.168.1.11
[2001/01/31 15:57:21, 1] lib/util_sock.c:client_name(1007)
  Gethostbyaddr failed for 192.168.1.11

log.nmb


 [2001/01/25 09:11:22, 1] nmbd/nmbd.c:main(757)
  Netbios nameserver version 2.0.7 started.
  Copyright Andrew Tridgell 1994-1998
[2001/01/25 09:11:22, 0] nmbd/asyncdns.c:start_async_dns(150)
  started asyncdns process 1158
[2001/01/25 09:11:22, 0] nmbd/nmbd_logonnames.c:add_logon_names(158)
  add_domain_logon_names:
  Attempting to become logon server for workgroup DATA on subnet 
192.168.1.5
[2001/01/25 09:11:22, 0] nmbd/nmbd_logonnames.c:add_logon_names(158)
  add_domain_logon_names:
  Attempting to become logon server for workgroup DATA on subnet 
UNICAST_SUBNET
[2001/01/25 09:11:22, 0] 
nmbd/nmbd_become_dmb.c:become_domain_master_browser_wins(341)
  become_domain_master_browser_wins:
  Attempting to become domain master browser on workgroup DATA, subnet 
UNICAST_SUBNET.
[2001/01/25 09:11:22, 0] 
nmbd/nmbd_become_dmb.c:become_domain_master_browser_wins(356)
  become_domain_master_browser_wins: querying WINS server at IP 
192.168.1.5 for domain master browser name DATA<1b> on workgroup DATA
[2001/01/25 09:11:22, 0] nmbd/nmbd_logonnames.c:become_logon_server_success
(117)
  become_logon_server_success: Samba is now a logon server for workgroup 
DATA on subnet UNICAST_SUBNET
[2001/01/25 09:11:22, 0] nmbd/nmbd_become_dmb.c:become_domain_master_stage2
(117)
  *****
  
  Samba server JUPITER is now a domain master browser for workgroup DATA 
on subnet UNICAST_SUBNET
  
  *****
[2001/01/25 09:11:22, 0] 
nmbd/nmbd_become_dmb.c:become_domain_master_browser_bcast(293)
  become_domain_master_browser_bcast:
  Attempting to become domain master browser on workgroup DATA on subnet 
192.168.1.5
[2001/01/25 09:11:22, 0] 
nmbd/nmbd_become_dmb.c:become_domain_master_browser_bcast(307)
  become_domain_master_browser_bcast: querying subnet 192.168.1.5 for 
domain master browser on workgroup DATA
[2001/01/25 09:11:26, 0] nmbd/nmbd_logonnames.c:become_logon_server_success
(117)
  become_logon_server_success: Samba is now a logon server for workgroup 
DATA on subnet 192.168.1.5
[2001/01/25 09:11:30, 0] nmbd/nmbd_become_dmb.c:become_domain_master_stage2
(117)
  *****
  
  Samba server JUPITER is now a domain master browser for workgroup DATA 
on subnet 192.168.1.5
  
  *****
[2001/01/25 09:11:45, 0] nmbd/nmbd_become_lmb.c:become_local_master_stage2
(405)
  *****
  
  Samba name server JUPITER is now a local master browser for workgroup 
DATA on subnet 192.168.1.5
  
  *****
 [2001/01/31 04:02:32, 0] nmbd/nmbd.c:sig_hup(92)
  Got SIGHUP dumping debug info.
[2001/01/31 04:02:32, 0] nmbd/nmbd_workgroupdb.c:dump_workgroups(292)
  dump_workgroups()
   dump workgroup on subnet     192.168.1.5: netmask=  255.255.255.0:
  	DATA(1) current master browser = JUPITER
  		JUPITER 400c9b0b (Samba Server)
[2001/01/31 04:02:32, 0] nmbd/nmbd_workgroupdb.c:dump_workgroups(292)
  dump_workgroups()
   dump workgroup on subnet  UNICAST_SUBNET: netmask=    192.168.1.5:
  	DATA(1) current master browser = UNKNOWN
  		JUPITER 40099b0b (Samba Server)
[2001/01/31 09:55:01, 1] nmbd/nmbd_processlogon.c:process_logon_packet(70)
  process_logon_packet: Logon from 192.168.1.10: code = 0x0
[2001/01/31 10:16:11, 1] nmbd/nmbd_processlogon.c:process_logon_packet(70)
  process_logon_packet: Logon from 192.168.1.11: code = 0x0
[2001/01/31 10:16:28, 1] nmbd/nmbd_processlogon.c:process_logon_packet(70)
  process_logon_packet: Logon from 192.168.1.11: code = 0x0
[2001/01/31 10:16:31, 1] nmbd/nmbd_processlogon.c:process_logon_packet(70)
  process_logon_packet: Logon from 192.168.1.11:code = 0x7





Log for one client.


 [2001/01/31 10:16:22, 0] lib/util_sock.c:write_socket_data(540)	

	Here is the problem.

  write_socket_data: write failure. Error = Broken pipe
[2001/01/31 10:16:22, 0] lib/util_sock.c:write_socket(566)
  write_socket: Error writing 4 bytes to socket 6: ERRNO = Broken pipe
[2001/01/31 10:16:22, 0] lib/util_sock.c:send_smb(754)
  Error writing 4 bytes to client. -1. Exiting
[2001/01/31 10:16:28, 0] passdb/smbpassfile.c:trust_password_lock(119)
  trust_password_lock: cannot open file /etc/samba/DATA.JUPITER.mac - 
Error was No such file or directory.
[2001/01/31 10:16:28, 0] passdb/smbpassfile.c:trust_get_passwd(288)
  domain_client_validate: unable to open the machine account password file 
for machine JUPITER in domain DATA.
[2001/01/31 10:16:31, 0] passdb/smbpassfile.c:trust_password_lock(119)
  trust_password_lock: cannot open file /etc/samba/DATA.JUPITER.mac - 
Error was No such file or directory.
[2001/01/31 10:16:31, 0] passdb/smbpassfile.c:trust_get_passwd(288)
  domain_client_validate: unable to open the machine account password file 
for machine JUPITER in domain DATA.
[2001/01/31 10:16:31, 1] smbd/service.c:make_connection(550)
  niels-iii (192.168.1.11) connect to service netlogon as user niels 
(uid=500, gid=500) (pid 26442)
[2001/01/31 10:16:55, 1] smbd/service.c:make_connection(550)
  niels-iii (192.168.1.11) connect to service public as user niels 
(uid=500, gid=500) (pid 26442)
[2001/01/31 10:18:52, 1] smbd/service.c:close_cnum(583)
  niels-iii (192.168.1.11) closed connection to service netlogon
[2001/01/31 10:20:52, 1] smbd/service.c:close_cnum(583)
  niels-iii (192.168.1.11) closed connection to service public
[2001/01/31 11:30:51, 0] passdb/smbpassfile.c:trust_password_lock(119)
  trust_password_lock: cannot open file /etc/samba/DATA.JUPITER.mac - 
Error was No such file or directory.
[2001/01/31 11:30:51, 0] passdb/smbpassfile.c:trust_get_passwd(288)
  domain_client_validate: unable to open the machine account password file 
for machine JUPITER in domain DATA.
[2001/01/31 11:30:55, 0] passdb/smbpassfile.c:trust_password_lock(119)
  trust_password_lock: cannot open file /etc/samba/DATA.JUPITER.mac - 
Error was No such file or directory.
[2001/01/31 11:30:55, 0] passdb/smbpassfile.c:trust_get_passwd(288)
  domain_client_validate: unable to open the machine account password file 
for machine JUPITER in domain DATA.
[2001/01/31 11:30:55, 1] smbd/service.c:make_connection(550)
  niels-iii (192.168.1.11) connect to service niels as user niels 
(uid=500, gid=500) (pid 26542)
[2001/01/31 12:30:50, 1] smbd/service.c:close_cnum(583)
  niels-iii (192.168.1.11) closed connection to service niels
[2001/01/31 14:26:54, 0] passdb/smbpassfile.c:trust_password_lock(119)
  trust_password_lock: cannot open file /etc/samba/DATA.JUPITER.mac - 
Error was No such file or directory.
[2001/01/31 14:26:54, 0] passdb/smbpassfile.c:trust_get_passwd(288)
  domain_client_validate: unable to open the machine account password file 
for machine JUPITER in domain DATA.
[2001/01/31 14:26:54, 1] smbd/service.c:make_connection(550)
  niels-iii (192.168.1.11) connect to service public as user niels 
(uid=500, gid=500) (pid 26814)
[2001/01/31 14:30:48, 1] smbd/service.c:close_cnum(583)
  niels-iii (192.168.1.11) closed connection to service public
[2001/01/31 15:57:21, 0] passdb/smbpassfile.c:trust_password_lock(119)
  trust_password_lock: cannot open file /etc/samba/DATA.JUPITER.mac - 
Error was No such file or directory.
[2001/01/31 15:57:21, 0] passdb/smbpassfile.c:trust_get_passwd(288)
  domain_client_validate: unable to open the machine account password file 
for machine JUPITER in domain DATA.
[2001/01/31 15:57:21, 1] smbd/service.c:make_connection(550)
  niels-iii (192.168.1.11) connect to service public as user niels 
(uid=500, gid=500) (pid 26914)
[2001/01/31 15:57:27, 1] smbd/service.c:close_cnum(583)
  niels-iii (192.168.1.11) closed connection to service public




smb.conf

# Samba config file created using SWAT
# from 192.168.1.10 (192.168.1.10)
# Date: 2000/09/08 09:02:19

# Global parameters
[global]
	workgroup = DATA
	server string = Samba Server
	security = DOMAIN
	encrypt passwords = Yes
	log file = /var/log/samba/log.%m
	max log size = 50
	domain logons = Yes
	os level = 64
	preferred master = Yes
	domain master = Yes
	dns proxy = No
	wins support = Yes
	hosts allow = 192.168.1. 192.168.11. 192.168.100. 192.168.10. 127.

[homes]
	comment = Home Directories
	read only = No

[netlogon]
	comment = Network Logon Service
	path = /home/netlogon
	guest ok = Yes
	share modes = No

[printers]
	comment = All Printers
	path = /var/spool/samba
	print ok = Yes
	browseable = No

[public]
	comment = Expertype Data's data lager
	path = /usr/home/samba
	read only = No
	guest ok = Yes

[public2]
	comment = 36Gb disk
	path = /home/samba
	read only = No
	guest ok = Yes
	

[FAX]
	comment = Expertype Data's FAX
	path = /var/spool/fax
	read only = No
	guest ok = Yes

[FTP]
	comment = Expertype Data's /home/ftp/pub
	path = /home/ftp/pub
	read only = No
	create mask = 0777
	guest ok = Yes

[swat]
	comment = Samba administration
	path = /usr/share
	read only = No
	guest ok = Yes

[pccsrv]
	comments = Officescan
	path = /var/www/pccsrv
	read only = no
	guest ok = yes
	create mask = 0777
Comment 1 Andrew Bartlett 2001-02-04 07:40:38 UTC 
A few notes on your smb.conf file:

Firstly, always run 'testparam', as that will get rid of your 'comments' problem
(5th last line, should be comment).

You appear to be attempting to use domain level security without being a member
of a domain.  If your server has the password database it just needs either
'share' or (as I recommend) 'user' level security.  DOMAIN secuirty is for a
samba server that is a full member of an NT domain, IE with an NT domain
controller.  Similarly to 'SERVER' level security, 'DOMAIN' passes the entire
authentication over to the server/domain controller.  However, if this all
messes up, samba may try authenticating localy - hence why you could occasionaly
log in.

BTW, you make no mention of the client in this case, I presume you are using a
Win9X machine with domain logons.  Also, the 'client' log you supply is in fact
just samba's server logs, seperated to include only that clients activities.
Comment 2 Niels B. Andersen 2001-02-05 19:27:15 UTC 
I have done some further investigation and it seems that the problem is worse 
when I am using DHCP on the Windows Client, instead of a fixed IP address. (The 
DHCP server is running.)
It might be a timing problem ???
Comment 3 Trond Eivind Glomsrxd 2001-06-20 22:10:59 UTC 
Did you do as abartlet suggested? Is this a problem with the latest errata?
Comment 4 Trond Eivind Glomsrxd 2001-08-09 18:35:04 UTC 
Ping?
Comment 5 Andrew Bartlett 2001-08-09 21:38:26 UTC 
Looking back at the logs, and with 6 months more experience under my belt, I
think this is the know known reverse-lookup bug.  Basically samba does a revese
lookup on the client, but sufferes badly when it times out due to an internal
design flaw that was corrected in 2.2.1.  The solution is to either place the
client in your /etc/hosts or set up correct DNS, but the timeout will be *much*
smaller with 2.2.1.

This doesn't preclude the other problems, (which are probably still near-fatal)
but at least part of this is a bug.

Andrew Bartlett
Samba Team
Comment 6 Trond Eivind Glomsrxd 2001-08-09 21:41:31 UTC 
Can the reporter try a recent samba (2.2.1a or newer, from the Roswell public
beta or rawhide) and see if it helps on the situation?
Comment 7 Niels B. Andersen 2001-08-25 07:41:19 UTC 
Hello everyone

Sorry for my slow response.

I think I have solved the problem.
What I have done, is updating every thing to the newest version (RH 7.1) and I 
have also set up a local DNS server. This was done in June, and the login 
problem has gone away. 

/Niels B. Andersen