wbinfo -t and Win2K DCs ...
AEsh at tricord.com
Fri May 3 07:11:13 GMT 2002
This doesn't match my results. I get good wbinfo replies when I have Samba
2.2.3a joined into a Win2K domain. In fact, we did a bunch of domain
controller failure testing in such a domain, to make sure we had our
solution right. We didn't see any difference between Win2K and our WinNT
results, as far as authentication goes. (We noticed Microsoft removed the
"NET ACCOUNTS /SYNC" command in Win2K, which made testing harder, but that's
I am also certain that Win2K domain controllers advertise the #1c service.
Here's a PDC I use for testing which runs Win2K (os version 5.0):
[root at pluto source]# rpcclient //PDCNATIVE -W ENDURONATIVE -U Administrator
Domain=[ENDURONATIVE] OS=[Windows 5.0] Server=[Windows 2000 LAN Manager]
cmd = srvinfo
PDCNATIVE Wk Sv PDC Tim NT LMB
platform_id : 500
os version : 5.0
server type : 0x204102b
And this shows that it registers the #1c service:
[root at pluto source]# nmblookup -A 10.10.16.21
Looking up status of 10.10.16.21
PDCNATIVE <00> - M <ACTIVE>
ENDURONATIVE <00> - <GROUP> M <ACTIVE>
ENDURONATIVE <1c> - <GROUP> M <ACTIVE>
PDCNATIVE <20> - M <ACTIVE>
ENDURONATIVE <1b> - M <ACTIVE>
ENDURONATIVE <1e> - <GROUP> M <ACTIVE>
PDCNATIVE <03> - M <ACTIVE>
ENDURONATIVE <1d> - M <ACTIVE>
..__MSBROWSE__. <01> - <GROUP> M <ACTIVE>
INet~Services <1c> - <GROUP> M <ACTIVE>
IS~PDCNATIVE <00> - M <ACTIVE>
Here's my advice:
Do an nmblookup (as above) on your PDC. You can also use nbtstat on Windows
the same way. Look for a listing of the #1c service, and make sure it's not
marked with a "Conflict" or "Deregistered" flag. I have had two different
domain controllers in different domains wind up with their "Conflict" flag
set, which caused Samba authentication not to happen. If you have a
conflict, try rebooting the PDC. If the #1c service is not listed, try
Also, log level 10 during a wbinfo -t may help you to understand why it's
From: Richard Sharpe [mailto:rsharpe at ns.aus.com]
Sent: Thursday, May 02, 2002 7:09 PM
To: samba-technical at samba.org
Subject: wbinfo -t and Win2K DCs ...
I have run into a spot of bother with wbinfo and Win2K.
We run Samba as a member server from a Win2K DC.
We join the DC correctly, but wbinfo -t does not work.
This seems to be because the WINS server running on the Win2K DC will not
answer queries looking for DOMAIN#1c.
However, I know we have joined because wbinfo -u works.
Has anyone seen this? Is there a solution on the DC, or do I have to hack
winbindd to be able to look up the DC correctly?
Richard Sharpe, rsharpe at ns.aus.com, rsharpe at samba.org,
sharpe at ethereal.com
-------------- next part --------------
HTML attachment scrubbed and removed
More information about the samba-technical