Samba 3 searching for DMB instead of PDC?
Pedot Wolfgang
clystron at gmx.net
Thu Mar 31 16:03:30 GMT 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
I have two samba-machines (RedHat based, Samba 3.0.11 and 3.0.13
compiled from source) which are members of a big W2k domain (not mine so
i am no admin). The boxes are simple clients joined "NT-Style" (DOMAIN
security, not ADS) simply because it was easier to do.
So far everything works fine but I noticed messages about failed
attempts to change the trust-account password in the logs of both
machines (change_trust_account_password: Failed to change password for
domain <mydomain>) and right before that it says (Can't get IP for PDC
for domain <mydomain>) which is kinda strange because both boxes are
able to check user-accounts with the PDC so I started looking into this
(all following information is for samba 3.0.13 source)...
After some investigation I found that the get_pdc_ip function
(libsmb/namequery.c) which is used by change_trust_account_password
(smbd/change_trust_pw.c) to find the PDC is actually looking for a
<mydomain>#1b which is a Domain Master Browser and not a PDC
(<mydomain>#1c) and here my problem starts: For some reason this domain
does not have a DMB (at least according to the WINS-Server) and so my
samba3 boxes do not know where to go for changing the passwords. A
<mydomain>#1b entry in lmhosts did not lead to success because after
get_pdc_ip there is a name_status_find call which is not successful
because the pdc does not answer on #1b name queries and so the whole
thing failes because of timeout.
Just for a test I changed the type from 0x1b to 0x1c in the get_pdc_ip
function (libsmb/namequery.c line 1237) and (smbd/change_trust_pw.c line
49) and the machine was able to change its password.
Now my question is: Why is samba3 looking for a DMB in a function called
~ "get_pdc_ip"? Is there a deeper sense in this or is it just so that
usually the PDC is also the DMB in a domain?
greetings
Wolfgang
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCTB9RbaCTNG1jy2YRAtqHAJ9tMDCmFcsoSU6O2RmBClHk7a9ruQCfZI8x
+bows9+ewirzUataZWRfleU=
=19UO
-----END PGP SIGNATURE-----
More information about the samba-technical
mailing list