[Samba] PDC + LDAP + W2K-SP4 Domain logon
bjorn.padding at ifsaudiovisueel.nl
bjorn.padding at ifsaudiovisueel.nl
Mon Aug 25 13:09:05 GMT 2003
Dear all,
___Setup:
- several wINDOWS 2000 workstations on SP4 (reg-patches applied, they
worked on 2.x-stable)
- Samba PDC (CVS 3.0.0rc2) (machine accounts added aswell as users in
unix & samba)
- OpenLDAP (2.1.12) <-- (Not really relevant since I tried without ldap
too, so no info about that from this point)
- Linux <HOSTNAME> 2.4.19 #1 Fri Jun 13 15:22:09 UTC 2003 i686 unknown
(debian)
(- also tried Samba PDC (2.x.stable))
_________
___My Problem:
Since attempting to upgrade to Samba 3.0 clients are unable to logon to
my samba-domain.
______________
___Scenario:
at server side(linux samba PDC):
- 'testparm' command succeeds.
- Samba PDC started with all systems up and running (smbd/nmbd/winbindd)
- Tests through 'net join' command succeeds.
- Test through 'smbclient -L <my samba PDC>' succeeds aswell.
*- Test through 'smbclient -L <a windows 200 machine>' FAILS<partial>!
Result:
<snip>
Sharename Type Comment
--------- ---- -------
E$ Disk Default share
IPC$ IPC Remote IPC
ADMIN$ Disk Remote Admin
C$ Disk Default share
session request to <w2kmachine> failed (Called name not present)
session request to *SMBSERVER failed (Called name not present)
NetBIOS over TCP disabled -- no workgroup available
</snip>
*quite strange error since it returns the shares?!
---> going on anyway --->
at client side(w2k):
- login on client with local administrator-account.
- browsing network IFS results in seeing only
the windows-2000 machines in the network and NOT the samba PDC.
- if I attempt to connect to '\\<my samba pdc>' I do get a request
for my login and password. Login works and I can browse shares.
- I use 'net use * /d /yes' to be able to join the domain with a
clean-sheet.
- if I attempt to join the domain IFS I get the following error:
<snip>
The following error ocurred validating the name "IFS".
This condition may be caused by a DNS lookup problem.
For information about troubleshooting common DNS lookup problems,
please see the following Microsoft web site:
http://go.microsoft.com/fwlink/?LinkId=5171
The specified domain either does not exist or could not be
contacted.
[ OK ]
</snip>
went to the link and followed instruction in how far possible with
Samba
and saw something about the _ldap._tcp.dc_msdcs record.
added that (_tcp._ldap.dc._msdcs.ifs. SRV 0 0 0 .) to my config, but
still no succes
(thought that wouldn't do much anyway, since the link says it's only
to reduce unneccessary traffic).
Samba show's _only changes in nmbd-logfile_:
<snip>
[2003/08/25 14:30:00, 4]
nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(156)
find_workgroup_on_subnet: workgroup search for IFS on subnet
10.21.32.1: found.
[2003/08/25 14:30:00, 4]
nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(156)
find_workgroup_on_subnet: workgroup search for IFS on subnet
UNICAST_SUBNET: found.
[2003/08/25 14:30:00, 4]
nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(156)
find_workgroup_on_subnet: workgroup search for IFS on subnet
UNICAST_SUBNET: found.
[2003/08/25 14:30:05, 4]
nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(156)
find_workgroup_on_subnet: workgroup search for IFS on subnet
10.21.32.1: found.
[2003/08/25 14:30:05, 4]
nmbd/nmbd_workgroupdb.c:dump_workgroups(284)
dump_workgroups()
dump workgroup on subnet 10.21.32.1: netmask=
255.255.255.0:
IFS(1) current master browser = <sambaserver>
<sambaserver> 400c992b (Samba CVS 3.0.0rc2)
[2003/08/25 14:30:05, 4]
nmbd/nmbd_workgroupdb.c:dump_workgroups(284)
dump_workgroups()
dump workgroup on subnet UNICAST_SUBNET: netmask=
10.21.32.1:
IFS(1) current master browser = UNKNOWN
<sambaserver> 4009992b (Samba CVS 3.0.0rc2)
[2003/08/25 14:30:05, 4]
nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(156)
find_workgroup_on_subnet: workgroup search for IFS on subnet
UNICAST_SUBNET: found.
[2003/08/25 14:30:05, 4]
nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(156)
find_workgroup_on_subnet: workgroup search for IFS on subnet
UNICAST_SUBNET: found.
[2003/08/25 14:30:10, 4]
nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(156)
find_workgroup_on_subnet: workgroup search for IFS on subnet
10.21.32.1: found.
[2003/08/25 14:30:10, 4]
nmbd/nmbd_workgroupdb.c:dump_workgroups(284)
dump_workgroups()
dump workgroup on subnet 10.21.32.1: netmask=
255.255.255.0:
IFS(1) current master browser = <sambaserver>
<sambaserver> 400c992b (Samba CVS 3.0.0rc2)
[2003/08/25 14:30:10, 4]
nmbd/nmbd_workgroupdb.c:dump_workgroups(284)
dump_workgroups()
dump workgroup on subnet UNICAST_SUBNET: netmask=
10.21.32.1:
IFS(1) current master browser = UNKNOWN
<sambaserver> 4009992b (Samba CVS 3.0.0rc2)
[2003/08/25 14:30:10, 4]
nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(156)
find_workgroup_on_subnet: workgroup search for IFS on subnet
UNICAST_SUBNET: found.
[2003/08/25 14:30:10, 4]
nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(156)
find_workgroup_on_subnet: workgroup search for IFS on subnet
UNICAST_SUBNET: found.
</snip>
and in tcpdump:
<snip>
14:27:21.179535 <w2kmachine>.ifs.1700 > <sambaserver>.ifs.domain:
25834+ SRV ? _ldap._tcp.dc._msdcs.ifs. (42)
14:27:21.179702 <sambaserver>.ifs.domain > <w2kmachine>.ifs.1700:
25834 NXDomain* 0/1/0 (105) (DF)
14:27:21.180559 <w2kmachine>.ifs.netbios-dgm >
<sambaserver>.ifs.netbios-dgm:
>>> NBT UDP PACKET(138) Res=0x110E ID=0x81A9 IP=10 (0xa).21
(0x15).32 (0x20).238 (0xee) Port=138 (0x8a) Length=229 (0xe5) Res2=
0x0
SourceName=<w2kmachine> NameType=0x00 (Workstation)
DestName=IFS NameType=0x1C (Unknown)
SMB PACKET: SMBtrans (REQUEST)
14:27:26.180442 <w2kmachine>.ifs.netbios-dgm >
<sambaserver>.ifs.netbios-dgm:
>>> NBT UDP PACKET(138) Res=0x110E ID=0x81AA IP=10 (0xa).21
(0x15).32 (0x20).238 (0xee) Port=138 (0x8a) Length=229 (0xe5) Res2=0x0
SourceName=<w2kmachine> NameType=0x00 (Workstation)
DestName=IFS NameType=0x1C (Unknown)
SMB PACKET: SMBtrans (REQUEST)
14:27:26.181114 <sambaserver>.ifs.netbios-dgm >
10.21.32.255.netbios-dgm:
>>> NBT UDP PACKET(138) Res=0x110A ID=0x7EE4 IP=10 (0xa).21
(0x15).32 (0x20).1 (0x1) Port=138 (0x8a) Length=205 (0xcd) Res2=0x0
SourceName=<sambaserver> NameType=0x00 (Workstation)
DestName=IFS NameType=0x1D (Master Browser)
SMB PACKET: SMBtrans (REQUEST)
(DF)
14:27:27.459152 205.188.12.20.5190 > <w2kmachine>.ifs.1104: P
1912445612:1912445720(108) ack 2118659303 win 16384 (DF)
14:27:27.599945 <w2kmachine>.ifs.1104 > 205.188.12.20.5190: . ack
108 win 64767 (DF)
14:27:31.180328 <w2kmachine>.ifs.netbios-dgm >
<sambaserver>.ifs.netbios-dgm:
>>> NBT UDP PACKET(138) Res=0x110E ID=0x81AB IP=10 (0xa).21
(0x15).32 (0x20).238 (0xee) Port=138 (0x8a) Length=229 (0xe5) Res2=0x0
SourceName=<w2kmachine> NameType=0x00 (Workstation)
DestName=IFS NameType=0x1C (Unknown)
SMB PACKET: SMBtrans (REQUEST)
</snip>
- Now for the suprise...
- I was at home and still wanting to try to get this up and running
last weekend, so I logged on into our VPN from a Windows 2000
(Service Pack 2!!) machine
and attempted to logon to our domain. And suprise... it worked.
So i try it again now (monday), at my work, and I get the
"The specified domain either does not exist or could not be
contacted."-error again.
____________
___Conclusion:
- somewhere from Service Pack 3 (I believe but not sure since I upgraded
directly from 2 to 4)
and on, Windows starts looking for an Active Directory when login on
to a domain.
I don't know what it does afterwards, but it won't talk to my Samba
PDC.
I've been looking around for the past few days and I could not find
ANYTHING with a solution.
______________
__My configuration file:
- smb.conf
<snip>
# Global parameters
[global]
dos charset = ISO8859-15
unix charset = CP850
display charset = CP850
workgroup = IFS
netbios name = FILESERVER
interfaces = lo, 127.0.0.0/255.0.0.0, eth0,
10.21.32.0/255.255.255.0
bind interfaces only = Yes
auth methods = sam
server schannel = Yes
password server = 10.21.32.1
passdb backend = ldapsam:ldap://10.21.32.1
unix password sync = No
client lanman auth = No
client plaintext auth = No
log level = 4
syslog = 10
log file = /var/log/samba/%m
name resolve order = bcast wins hosts
time server = Yes
keepalive = 255
socket options = TCP_NODELAY SO_KEEPALIVE SO_SNDBUF=8192
SO_RCVBUF=8192
load printers = No
printcap name = cups
logon drive = z:
logon home = \\%L\%U
domain logons = Yes
os level = 64
preferred master = Yes
domain master = Yes
wins support = Yes
ldap suffix = o=ifs,c=nl
ldap machine suffix = sambaDomainName=IFS,ou=Server
Services,o=ifs,c=nl
ldap user suffix = ou=People,o=ifs,c=nl
ldap group suffix = ou=People Groups,o=ifs,c=nl
ldap idmap suffix = o=ifs,c=nl
ldap admin dn = cn=root,o=ifs,c=nl
remote announce = 10.21.32.255/IFS
idmap uid = 10000-20000
idmap gid = 10000-20000
admin users = adminisrtator
[homes]
comment = Home Directory
read only = No
browseable = No
[netlogon]
comment = Network Logon Service
path = /home/services/samba/netlogon
guest ok = Yes
share modes = No
[Profiles]
path = /home/services/samba/profiles
guest ok = Yes
browseable = No
[data]
comment = IFS's shared files
path = /home/ifs/data
read only = No
force create mode = 0771
force directory mode = 0775
</snip>
_________________________
I also tried to install the older version again
(samba 2.x.stable (standard debian-package) without LDAP and with
smbpasswd file),
but no luck...
I am completely out of ideas and believe I tried everything possible....
Hope someone can explain me this mystical behaviour all of a sudden...
Kind Regards,
Bjorn Padding
IFS Audio Visuals
More information about the samba
mailing list