[Samba] PDC + LDAP + W2K-SP4 Domain logon

samseaver at northwestern.edu samseaver at northwestern.edu
Mon Aug 25 13:36:54 GMT 2003


This may be a long shot, but does your work environment use a WINS server?

I found out recently that mine does, and by changing WINS support = yes
to WINS server = 'ip address', i got the domain thing to work. I kept
getting the same error you did.

Cheers
S

On Mon, 25 Aug 2003 15:09:05 +0200 bjorn.padding at ifsaudiovisueel.nl wrote:

> Dear all,
> 
> 
> ___Setup: 
> - several wINDOWS 2000 workstations on SP4 (reg-patches applied, they 
> worked on 2.x-stable)
> - Samba PDC (CVS 3.0.0rc2) (machine accounts added aswell as users in 
> unix & samba)
> - OpenLDAP (2.1.12) <-- (Not really relevant since I tried without ldap 
> too, so no info about that from this point)
> - Linux <HOSTNAME> 2.4.19 #1 Fri Jun 13 15:22:09 UTC 2003 i686 unknown 
> (debian)
> 
> (- also tried Samba PDC (2.x.stable))
> _________
> 
> ___My Problem:
> Since attempting to upgrade to Samba 3.0 clients are unable to logon to 
> my samba-domain.
> ______________
> 
> 
> ___Scenario:
> at server side(linux samba PDC):
> 
> - 'testparm' command succeeds.
> - Samba PDC started with all systems up and running (smbd/nmbd/winbindd)
> - Tests through 'net join' command succeeds.
> - Test through 'smbclient -L <my samba PDC>' succeeds aswell.
> *- Test through 'smbclient -L <a windows 200 machine>' FAILS<partial>!  
> Result:
> <snip>
>         Sharename      Type      Comment
>         ---------      ----      -------
>         E$             Disk      Default share
>         IPC$           IPC       Remote IPC
>         ADMIN$         Disk      Remote Admin
>         C$             Disk      Default share
> 	session request to <w2kmachine> failed (Called name not present)
> 	session request to *SMBSERVER failed (Called name not present)
> 	NetBIOS over TCP disabled -- no workgroup available
> </snip>
> 	*quite strange error since it returns the shares?!
> 
> ---> going on anyway --->
> 
> at client side(w2k):
> 
> - login on client with local administrator-account.
> - browsing network IFS results in seeing only 
>   the windows-2000 machines in the network and NOT the samba PDC.
> - if I attempt to connect to '\\<my samba pdc>' I do get a request 
>   for my login and password. Login works and I can browse shares.
> - I use 'net use * /d /yes' to be able to join the domain with a 
> clean-sheet.
> - if I attempt to join the domain IFS I get the following error:
> <snip>
> 	The following error ocurred validating the name "IFS".
> 	This condition may be caused by a DNS lookup problem. 
> 	For information about troubleshooting common DNS lookup problems,
> 	please see the following Microsoft web site:
> 	http://go.microsoft.com/fwlink/?LinkId=5171
> 	
> 	The specified domain either does not exist or could not be 
> contacted.
> 						[ OK ]
> </snip>
>   went to the link and followed instruction in how far possible with 
> Samba 
>   and saw something about the _ldap._tcp.dc_msdcs record.
>   added that (_tcp._ldap.dc._msdcs.ifs. SRV 0 0 0 .) to my config, but 
> still no succes 
>   (thought that wouldn't do much anyway, since the link says it's only 
> to reduce unneccessary traffic). 
>   Samba show's _only changes in nmbd-logfile_:
> <snip>
> 	[2003/08/25 14:30:00, 4] 
> nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(156)
> 	  find_workgroup_on_subnet: workgroup search for IFS on subnet 
> 10.21.32.1: found.
> 	[2003/08/25 14:30:00, 4] 
> nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(156)
> 	  find_workgroup_on_subnet: workgroup search for IFS on subnet 
> UNICAST_SUBNET: found.
> 	[2003/08/25 14:30:00, 4] 
> nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(156)
> 	  find_workgroup_on_subnet: workgroup search for IFS on subnet 
> UNICAST_SUBNET: found.
> 	[2003/08/25 14:30:05, 4] 
> nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(156)
> 	  find_workgroup_on_subnet: workgroup search for IFS on subnet 
> 10.21.32.1: found.
> 	[2003/08/25 14:30:05, 4] 
> nmbd/nmbd_workgroupdb.c:dump_workgroups(284)
> 	  dump_workgroups()
> 	   dump workgroup on subnet      10.21.32.1: netmask=  
> 255.255.255.0:
> 	        IFS(1) current master browser = <sambaserver>
> 	                <sambaserver> 400c992b (Samba CVS 3.0.0rc2)
> 	[2003/08/25 14:30:05, 4] 
> nmbd/nmbd_workgroupdb.c:dump_workgroups(284)
> 	  dump_workgroups()
> 	   dump workgroup on subnet  UNICAST_SUBNET: netmask=     
> 10.21.32.1:
> 	        IFS(1) current master browser = UNKNOWN
> 	                <sambaserver> 4009992b (Samba CVS 3.0.0rc2)
> 	[2003/08/25 14:30:05, 4] 
> nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(156)
> 	  find_workgroup_on_subnet: workgroup search for IFS on subnet 
> UNICAST_SUBNET: found.
> 	[2003/08/25 14:30:05, 4] 
> nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(156)
> 	  find_workgroup_on_subnet: workgroup search for IFS on subnet 
> UNICAST_SUBNET: found.
> 	[2003/08/25 14:30:10, 4] 
> nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(156)
> 	  find_workgroup_on_subnet: workgroup search for IFS on subnet 
> 10.21.32.1: found.
> 	[2003/08/25 14:30:10, 4] 
> nmbd/nmbd_workgroupdb.c:dump_workgroups(284)
> 	  dump_workgroups()
> 	   dump workgroup on subnet      10.21.32.1: netmask=  
> 255.255.255.0:
> 	        IFS(1) current master browser = <sambaserver>
> 	                <sambaserver> 400c992b (Samba CVS 3.0.0rc2)
> 	[2003/08/25 14:30:10, 4] 
> nmbd/nmbd_workgroupdb.c:dump_workgroups(284)
> 	  dump_workgroups()
> 	   dump workgroup on subnet  UNICAST_SUBNET: netmask=     
> 10.21.32.1:
> 	        IFS(1) current master browser = UNKNOWN
> 	                <sambaserver> 4009992b (Samba CVS 3.0.0rc2)
> 	[2003/08/25 14:30:10, 4] 
> nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(156)
> 	  find_workgroup_on_subnet: workgroup search for IFS on subnet 
> UNICAST_SUBNET: found.
> 	[2003/08/25 14:30:10, 4] 
> nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(156)
> 	  find_workgroup_on_subnet: workgroup search for IFS on subnet 
> UNICAST_SUBNET: found.
> </snip>
> 
>   and in tcpdump:
> 
> <snip>
> 	14:27:21.179535 <w2kmachine>.ifs.1700 > <sambaserver>.ifs.domain:  
> 25834+ SRV ? _ldap._tcp.dc._msdcs.ifs. (42)
> 	14:27:21.179702 <sambaserver>.ifs.domain > <w2kmachine>.ifs.1700:  
> 25834 NXDomain* 0/1/0 (105) (DF)
> 	14:27:21.180559 <w2kmachine>.ifs.netbios-dgm > 
> <sambaserver>.ifs.netbios-dgm:
> 	>>> NBT UDP PACKET(138) Res=0x110E ID=0x81A9 IP=10 (0xa).21 
> (0x15).32 (0x20).238 (0xee) Port=138 (0x8a) Length=229 (0xe5) 	Res2= 
> 0x0
> 	SourceName=<w2kmachine>           NameType=0x00 (Workstation)
> 	DestName=IFS             NameType=0x1C (Unknown)
> 
> 	SMB PACKET: SMBtrans (REQUEST)
> 
> 	
> 	14:27:26.180442 <w2kmachine>.ifs.netbios-dgm > 
> <sambaserver>.ifs.netbios-dgm:
> 	>>> NBT UDP PACKET(138) Res=0x110E ID=0x81AA IP=10 (0xa).21 
> (0x15).32 (0x20).238 (0xee) Port=138 (0x8a) Length=229 (0xe5) Res2=0x0
> 	SourceName=<w2kmachine>           NameType=0x00 (Workstation)
> 	DestName=IFS             NameType=0x1C (Unknown)
> 
> 	SMB PACKET: SMBtrans (REQUEST)
> 
> 
> 	14:27:26.181114 <sambaserver>.ifs.netbios-dgm > 
> 10.21.32.255.netbios-dgm:
> 	>>> NBT UDP PACKET(138) Res=0x110A ID=0x7EE4 IP=10 (0xa).21 
> (0x15).32 (0x20).1 (0x1) Port=138 (0x8a) Length=205 (0xcd) Res2=0x0
> 	SourceName=<sambaserver>      NameType=0x00 (Workstation)
> 	DestName=IFS             NameType=0x1D (Master Browser)
> 
> 	SMB PACKET: SMBtrans (REQUEST)
> 
> 	 (DF)
> 	14:27:27.459152 205.188.12.20.5190 > <w2kmachine>.ifs.1104: P 
> 1912445612:1912445720(108) ack 2118659303 win 16384 (DF)
> 	14:27:27.599945 <w2kmachine>.ifs.1104 > 205.188.12.20.5190: . ack 
> 108 win 64767 (DF)
> 	14:27:31.180328 <w2kmachine>.ifs.netbios-dgm > 
> <sambaserver>.ifs.netbios-dgm:
> 	>>> NBT UDP PACKET(138) Res=0x110E ID=0x81AB IP=10 (0xa).21 
> (0x15).32 (0x20).238 (0xee) Port=138 (0x8a) Length=229 (0xe5) Res2=0x0
> 	SourceName=<w2kmachine>           NameType=0x00 (Workstation)
> 	DestName=IFS             NameType=0x1C (Unknown)
> 	
> 	SMB PACKET: SMBtrans (REQUEST)
> </snip>
> 
> 
> - Now for the suprise...
>   - I was at home and still wanting to try to get this up and running 
>     last weekend, so I logged on into our VPN from a Windows 2000 
> (Service Pack 2!!) machine
>     and attempted to logon to our domain. And suprise... it worked. 
>     So i try it again now (monday), at my work, and I get the 
>    "The specified domain either does not exist or could not be 
> contacted."-error again.
> ____________
> 
> ___Conclusion:
> - somewhere from Service Pack 3 (I believe but not sure since I upgraded 
> directly from 2 to 4) 
>   and on, Windows starts looking for an Active Directory when login on 
> to a domain.
>   I don't know what it does afterwards, but it won't talk to my Samba 
> PDC.
>   I've been looking around for the past few days and I could not find 
> ANYTHING with a solution.
> ______________
> 
> __My configuration file:
> 
> - smb.conf
> <snip>
> # Global parameters
> [global]
>         dos charset = ISO8859-15
>         unix charset = CP850
>         display charset = CP850
>         workgroup = IFS
>         netbios name = FILESERVER
>         interfaces = lo, 127.0.0.0/255.0.0.0, eth0, 
> 10.21.32.0/255.255.255.0
>         bind interfaces only = Yes
>         auth methods = sam
>         server schannel = Yes
>         password server = 10.21.32.1
>         passdb backend = ldapsam:ldap://10.21.32.1
>         unix password sync = No
>         client lanman auth = No
>         client plaintext auth = No
>         log level = 4
>         syslog = 10
>         log file = /var/log/samba/%m
>         name resolve order = bcast wins hosts
>         time server = Yes
>         keepalive = 255
>         socket options = TCP_NODELAY SO_KEEPALIVE SO_SNDBUF=8192 
> SO_RCVBUF=8192
>         load printers = No
>         printcap name = cups
>         logon drive = z:
>         logon home = \\%L\%U
>         domain logons = Yes
>         os level = 64
>         preferred master = Yes
>         domain master = Yes
>         wins support = Yes
>         ldap suffix = o=ifs,c=nl
>         ldap machine suffix = sambaDomainName=IFS,ou=Server 
> Services,o=ifs,c=nl
>         ldap user suffix = ou=People,o=ifs,c=nl			
>         ldap group suffix = ou=People Groups,o=ifs,c=nl
>         ldap idmap suffix = o=ifs,c=nl
>         ldap admin dn = cn=root,o=ifs,c=nl
>         remote announce = 10.21.32.255/IFS
>         idmap uid = 10000-20000
>         idmap gid = 10000-20000
>         admin users = adminisrtator
> 
> [homes]
>         comment = Home Directory
>         read only = No
>         browseable = No
> 
> [netlogon]
>         comment = Network Logon Service
>         path = /home/services/samba/netlogon
>         guest ok = Yes
>         share modes = No
> 
> [Profiles]
>         path = /home/services/samba/profiles
>         guest ok = Yes
>         browseable = No
> 
> [data]
>         comment = IFS's shared files
>         path = /home/ifs/data
>         read only = No
>         force create mode = 0771
>         force directory mode = 0775
> </snip>
> _________________________
> 
> 
> I also tried to install the older version again 
> (samba 2.x.stable (standard debian-package) without LDAP and with 
> smbpasswd file), 
> but no luck...
> 
> I am completely out of ideas and believe I tried everything possible....
> Hope someone can explain me this mystical behaviour all of a sudden...
> 
> Kind Regards,
> Bjorn Padding
> IFS Audio Visuals
> 
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
> 





More information about the samba mailing list