[Samba] Domain authentication failing after a period of time

William R. Knox wknox at mitre.org
Tue Nov 30 21:31:44 GMT 2004 

I didn't see that the "1c" server wasn't being queried until after 15
minutes (thanks to Jeremy for taking hold of my hand and pointing this out
- I will never, EVER get my head wrapped around Windows browsing and why
that isn't queried until fifteen minutes after I join the domain). It
turned out that I was able to alert my Windows admin brethren to a problem
wherein one of their domain controller had a "tombstone" for their "logon
server (1c)" records, and so were not responding properly.

One final note - though I hadn't had it before, during the course of some
testing, I put in a second domain controller that did have the 1c entries,
and that didn't help the situation, i.e. only the first "wins server"
parameter entry seems to get queried for the DOMAIN#1C servers. I don't
know if this is a bug or the expected behavior, but I thought I would
mention it as part of the final wrap-up.

Thanks again to Jeremy for picking up my calls for help and pointing out
the flaw in my investigation.

			Bill Knox
			Lead Operating Systems Programmer/Analyst
			The MITRE Corporation

On Tue, 30 Nov 2004, Jeremy Allison wrote:

> Date: Tue, 30 Nov 2004 10:06:41 -0800
> From: Jeremy Allison <jra at samba.org>
> To: William R. Knox <wknox at mitre.org>
> Cc: Jeremy Allison <jra at samba.org>
> Subject: Re: [Samba] Domain authentication failing after a period of time
>
> On Tue, Nov 30, 2004 at 12:47:52PM -0500, William R. Knox wrote:
> > Here is the session - I ran the following commands during the session:
> >
> > 12:11:46 net join -U username%password
> > 12:11:51 smbclient -L \\\\corpdev2 -U username (prompted for and typed in
> > password) - success
> > 12:25:54 same smbclient command as above - success
> > 12:27:01 same smbclient command as above, but this time it fails with the
> > session setup failed: NT_STATUS_NO_LOGON_SERVERS error
>
> Your problem is that the NetBIOS name MITRE<1C> (ie. the
> NetBIOS name of the primary domain controller) can't
> be found. You can see these queries in packets 1489
> onwards. The client domain join isn't broken, it's fine,
> you've got a problem with name resolution.
>
> What are you using for name resolution ? Wins ?
>
> Jeremy.
>

More information about the samba mailing list