# WinXP clients can't see SAMBA domain anymore

## hajokries

I have a problem with some WinXP (SP3) clients connecting a SAMBA domain controller. Every client behaves a bit different although they should be more or less the same. All clients can still mount samba shares as before. One works perfect as before, some are still connected to the domain but except the admin group nobody can log in and one that I disconnected from the domain can not even see the domain anymore saying "A domain controller for the domain DOMAIN can not be contacted..."

For the disconnected client, I looked for entries in the log files, but nothing is recorded for the attempts to connect the domain. In log.nmbd there are entries like this (log level 10):

```
[2010/08/22 18:13:57, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(171)

  find_workgroup_on_subnet: workgroup search for DOMAIN on subnet xxx.xxx.xxx.xx: found.

[2010/08/22 18:13:57, 10] nmbd/nmbd_sendannounce.c:announce_myself_to_domain_master_browser(382)

  announce_myself_to_domain_master_browser: t (1282493627) - last(1282493298) < 900

[2010/08/22 18:13:57, 4] nmbd/nmbd_workgroupdb.c:dump_workgroups(282)

  dump_workgroups()

   dump workgroup on subnet  xxx.xxx.xxx.xx: netmask=  255.255.192.0:

        DOMAIN(1) current master browser = UNKNOWN

                xxx 40819a2b (xxx Workgroup Server)

[2010/08/22 18:13:57, 4] nmbd/nmbd_workgroupdb.c:dump_workgroups(282)

  dump_workgroups()

   dump workgroup on subnet  UNICAST_SUBNET: netmask= xxx.xxx.xxx.xx:

        DOMAIN(1) current master browser = UNKNOWN

                xxx 40899b2b (DOMAIN Workgroup Server)

[2010/08/22 18:13:57, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(171)

  find_workgroup_on_subnet: workgroup search for DOMAIN on subnet UNICAST_SUBNET: found.

[2010/08/22 18:13:57, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(171)

  find_workgroup_on_subnet: workgroup search for DOMAIN on subnet UNICAST_SUBNET: found.

[2010/08/22 18:13:57, 9] nmbd/nmbd_namelistdb.c:find_name_on_subnet(133)

  find_name_on_subnet: on subnet xxx.xxx.xxx.xx - name DOMAIN<1e> NOT FOUND
```

This is the global section of my smb.conf:

```
[global]

   workgroup = DOMAIN

   netbios name = XXX

   server string = Domain Workgroup Server

   printcap name = cups

   load printers = yes

   printing = cups

   log file = /var/log/samba/log.%m

   max log size = 5000

   log level = 10

   security = user

   encrypt passwords = yes

   unix password sync = Yes

   pam password change = yes

   username map = /etc/samba/smbusers

   obey pam restrictions = No

   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

   time server = Yes

   smb ports = 139 445

   enable privileges = yes

   domain master = yes

   preferred master = yes

   domain logons = yes

   os level = 65

   local master = yes

   hide dot files = yes

   name resolve order = wins bcast hosts

   logon script = logon.bat

   logon path = \\%L\%U\.WinConfig

   logon drive = Z:

   add user script = /usr/local/sbin/smbldap-useradd -m "%u"

   add group script = /usr/local/sbin/smbldap-groupadd -p "%g"

   add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g"

   delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u" "%g"

   set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" "%u"

   add machine script = /usr/sbin/useradd -s /bin/false -d /home/nobody %u

   passdb backend = smbpasswd

   passdb backend = ldapsam:ldap://xxx.xxx.xx

   ldap admin dn = cn=admin,dc=xxx,dc=xxx,dc=xx

   ldap suffix = dc=xxx,dc=xxx,dc=xx

   ldap group suffix = ou=Groups

   ldap user suffix = ou=People

   ldap machine suffix = ou=Hosts

   ldap idmap suffix = ou=Idmap

   ldap ssl = off

   ldap delete dn = Yes

   idmap backend = ldap://localhost

   idmap uid = 10000-20000

   idmap gid = 10000-20000

   wins support = Yes

   dns proxy = no

   dos charset = 850

   unix charset = ISO8859-1

```

Maybe a security update on the windows clients caused these problems. I didn't change anything on the server at that time. That could explain why it occurred at different times with different symptoms. Can anyone help to solve the problem?

----------

## msalerno

Go through the event logs on the xp machines to see what patches were installed and when.  I believe that this month was one of Microsoft largest patch releases.  

http://www.microsoft.com/technet/security/bulletin/ms10-aug.mspx

http://www.zdnet.com/blog/security/microsoft-drops-record-14-bulletins-in-largest-ever-patch-tuesday/7097

----------

## hajokries

 *msalerno wrote:*   

> Go through the event logs on the xp machines to see what patches were installed and when.  I believe that this month was one of Microsoft largest patch releases. 

 

The only security update that seems related to network authentication is KB982214 (Vulnerabilities in SMB Server Could Allow Remote Code Execution). I uninstalled it but neither login nor joining the domain worked any better.

Is it normal that in the log.nmbd it says "DOMAIN(1) current master browser = UNKNOWN"? Could that be related to the problem? Normally, when computers had issues contacting the domain, I saw at least entries in the respective log of that particular computer on the samba server documenting the failure. And there are log entries for the affected clients but only for the successful mount of samba-shares.

----------

