Samba 3 searching for DMB instead of PDC?
Christopher R. Hertel
crh at ubiqx.mn.org
Fri Apr 1 05:42:29 GMT 2005
On Thu, Mar 31, 2005 at 06:04:29PM +0200, Pedot Wolfgang wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> After some investigation I found that the get_pdc_ip function
> (libsmb/namequery.c) which is used by change_trust_account_password
> (smbd/change_trust_pw.c) to find the PDC is actually looking for a
> <mydomain>#1b which is a Domain Master Browser and not a PDC
> (<mydomain>#1c) and here my problem starts:
In your follow-up message you noted that <mydomain>#1c names are group
names for all DCs in the NT Domain, which is correct. You are also
correct that the <mydomain>#1B name is the DMB name, not (necessarily) the
...but... For various reasons (none of them particularly good) the PDC
*must* also be the DMB. So, if you're looking for the PDC (assuming there
is one) and you find the DMB then you've found the PDC.
If a PDC exists then there must be a DMB and it must be the same node. On
the other hand, you can have a workgroup with a DMB and *no* domain
controllers at all. (Samba can do this, but Windows can't.)
> For some reason this domain
> does not have a DMB (at least according to the WINS-Server)
That's a problem, and is probably the problem you'll need to solve.
Something is happening on your network to cause the DMB service to fail.
Most likely, some other node on the same LAN as the PDC is winning the LMB
election (which shouldn't happen).
> and so my
> samba3 boxes do not know where to go for changing the passwords. A
> <mydomain>#1b entry in lmhosts did not lead to success because after
> get_pdc_ip there is a name_status_find call which is not successful
> because the pdc does not answer on #1b name queries and so the whole
> thing failes because of timeout.
It's probably failing to answer on the #1b query because the name is
being de-registered. Again, probably because there's an election failure.
The DMB is supposed to win the LMB election on its own subnet. Something
else (most likely a misconfigured Samba server) is winning the election
which is (probably) causing the DMB to demote itself.
That's all a guess, but it's where I would look first.
> Just for a test I changed the type from 0x1b to 0x1c in the get_pdc_ip
> function (libsmb/namequery.c line 1237) and (smbd/change_trust_pw.c line
> 49) and the machine was able to change its password.
The whold system is a bit fragile, IMNSHO.
> Now my question is: Why is samba3 looking for a DMB in a function called
> ~ "get_pdc_ip"? Is there a deeper sense in this or is it just so that
> usually the PDC is also the DMB in a domain?
By definition, the PDC must run the DMB service. The lack of a DMB
strongly suggests that something else is wrong on this network.
Hope that's helpful.
"Implementing CIFS - the Common Internet FileSystem" ISBN: 013047116X
Samba Team -- http://www.samba.org/ -)----- Christopher R. Hertel
jCIFS Team -- http://jcifs.samba.org/ -)----- ubiqx development, uninq.
ubiqx Team -- http://www.ubiqx.org/ -)----- crh at ubiqx.mn.org
OnLineBook -- http://ubiqx.org/cifs/ -)----- crh at ubiqx.org
More information about the samba-technical