[Samba] PDC + LDAP + W2K-SP4 Domain logon
samseaver at northwestern.edu
samseaver at northwestern.edu
Mon Aug 25 13:36:54 GMT 2003
This may be a long shot, but does your work environment use a WINS server?
I found out recently that mine does, and by changing WINS support = yes
to WINS server = 'ip address', i got the domain thing to work. I kept
getting the same error you did.
Cheers
S
On Mon, 25 Aug 2003 15:09:05 +0200 bjorn.padding at ifsaudiovisueel.nl wrote:
> Dear all,
>
>
> ___Setup:
> - several wINDOWS 2000 workstations on SP4 (reg-patches applied, they
> worked on 2.x-stable)
> - Samba PDC (CVS 3.0.0rc2) (machine accounts added aswell as users in
> unix & samba)
> - OpenLDAP (2.1.12) <-- (Not really relevant since I tried without ldap
> too, so no info about that from this point)
> - Linux <HOSTNAME> 2.4.19 #1 Fri Jun 13 15:22:09 UTC 2003 i686 unknown
> (debian)
>
> (- also tried Samba PDC (2.x.stable))
> _________
>
> ___My Problem:
> Since attempting to upgrade to Samba 3.0 clients are unable to logon to
> my samba-domain.
> ______________
>
>
> ___Scenario:
> at server side(linux samba PDC):
>
> - 'testparm' command succeeds.
> - Samba PDC started with all systems up and running (smbd/nmbd/winbindd)
> - Tests through 'net join' command succeeds.
> - Test through 'smbclient -L <my samba PDC>' succeeds aswell.
> *- Test through 'smbclient -L <a windows 200 machine>' FAILS<partial>!
> Result:
> <snip>
> Sharename Type Comment
> --------- ---- -------
> E$ Disk Default share
> IPC$ IPC Remote IPC
> ADMIN$ Disk Remote Admin
> C$ Disk Default share
> session request to <w2kmachine> failed (Called name not present)
> session request to *SMBSERVER failed (Called name not present)
> NetBIOS over TCP disabled -- no workgroup available
> </snip>
> *quite strange error since it returns the shares?!
>
> ---> going on anyway --->
>
> at client side(w2k):
>
> - login on client with local administrator-account.
> - browsing network IFS results in seeing only
> the windows-2000 machines in the network and NOT the samba PDC.
> - if I attempt to connect to '\\<my samba pdc>' I do get a request
> for my login and password. Login works and I can browse shares.
> - I use 'net use * /d /yes' to be able to join the domain with a
> clean-sheet.
> - if I attempt to join the domain IFS I get the following error:
> <snip>
> The following error ocurred validating the name "IFS".
> This condition may be caused by a DNS lookup problem.
> For information about troubleshooting common DNS lookup problems,
> please see the following Microsoft web site:
> http://go.microsoft.com/fwlink/?LinkId=5171
>
> The specified domain either does not exist or could not be
> contacted.
> [ OK ]
> </snip>
> went to the link and followed instruction in how far possible with
> Samba
> and saw something about the _ldap._tcp.dc_msdcs record.
> added that (_tcp._ldap.dc._msdcs.ifs. SRV 0 0 0 .) to my config, but
> still no succes
> (thought that wouldn't do much anyway, since the link says it's only
> to reduce unneccessary traffic).
> Samba show's _only changes in nmbd-logfile_:
> <snip>
> [2003/08/25 14:30:00, 4]
> nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(156)
> find_workgroup_on_subnet: workgroup search for IFS on subnet
> 10.21.32.1: found.
> [2003/08/25 14:30:00, 4]
> nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(156)
> find_workgroup_on_subnet: workgroup search for IFS on subnet
> UNICAST_SUBNET: found.
> [2003/08/25 14:30:00, 4]
> nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(156)
> find_workgroup_on_subnet: workgroup search for IFS on subnet
> UNICAST_SUBNET: found.
> [2003/08/25 14:30:05, 4]
> nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(156)
> find_workgroup_on_subnet: workgroup search for IFS on subnet
> 10.21.32.1: found.
> [2003/08/25 14:30:05, 4]
> nmbd/nmbd_workgroupdb.c:dump_workgroups(284)
> dump_workgroups()
> dump workgroup on subnet 10.21.32.1: netmask=
> 255.255.255.0:
> IFS(1) current master browser = <sambaserver>
> <sambaserver> 400c992b (Samba CVS 3.0.0rc2)
> [2003/08/25 14:30:05, 4]
> nmbd/nmbd_workgroupdb.c:dump_workgroups(284)
> dump_workgroups()
> dump workgroup on subnet UNICAST_SUBNET: netmask=
> 10.21.32.1:
> IFS(1) current master browser = UNKNOWN
> <sambaserver> 4009992b (Samba CVS 3.0.0rc2)
> [2003/08/25 14:30:05, 4]
> nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(156)
> find_workgroup_on_subnet: workgroup search for IFS on subnet
> UNICAST_SUBNET: found.
> [2003/08/25 14:30:05, 4]
> nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(156)
> find_workgroup_on_subnet: workgroup search for IFS on subnet
> UNICAST_SUBNET: found.
> [2003/08/25 14:30:10, 4]
> nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(156)
> find_workgroup_on_subnet: workgroup search for IFS on subnet
> 10.21.32.1: found.
> [2003/08/25 14:30:10, 4]
> nmbd/nmbd_workgroupdb.c:dump_workgroups(284)
> dump_workgroups()
> dump workgroup on subnet 10.21.32.1: netmask=
> 255.255.255.0:
> IFS(1) current master browser = <sambaserver>
> <sambaserver> 400c992b (Samba CVS 3.0.0rc2)
> [2003/08/25 14:30:10, 4]
> nmbd/nmbd_workgroupdb.c:dump_workgroups(284)
> dump_workgroups()
> dump workgroup on subnet UNICAST_SUBNET: netmask=
> 10.21.32.1:
> IFS(1) current master browser = UNKNOWN
> <sambaserver> 4009992b (Samba CVS 3.0.0rc2)
> [2003/08/25 14:30:10, 4]
> nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(156)
> find_workgroup_on_subnet: workgroup search for IFS on subnet
> UNICAST_SUBNET: found.
> [2003/08/25 14:30:10, 4]
> nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(156)
> find_workgroup_on_subnet: workgroup search for IFS on subnet
> UNICAST_SUBNET: found.
> </snip>
>
> and in tcpdump:
>
> <snip>
> 14:27:21.179535 <w2kmachine>.ifs.1700 > <sambaserver>.ifs.domain:
> 25834+ SRV ? _ldap._tcp.dc._msdcs.ifs. (42)
> 14:27:21.179702 <sambaserver>.ifs.domain > <w2kmachine>.ifs.1700:
> 25834 NXDomain* 0/1/0 (105) (DF)
> 14:27:21.180559 <w2kmachine>.ifs.netbios-dgm >
> <sambaserver>.ifs.netbios-dgm:
> >>> NBT UDP PACKET(138) Res=0x110E ID=0x81A9 IP=10 (0xa).21
> (0x15).32 (0x20).238 (0xee) Port=138 (0x8a) Length=229 (0xe5) Res2=
> 0x0
> SourceName=<w2kmachine> NameType=0x00 (Workstation)
> DestName=IFS NameType=0x1C (Unknown)
>
> SMB PACKET: SMBtrans (REQUEST)
>
>
> 14:27:26.180442 <w2kmachine>.ifs.netbios-dgm >
> <sambaserver>.ifs.netbios-dgm:
> >>> NBT UDP PACKET(138) Res=0x110E ID=0x81AA IP=10 (0xa).21
> (0x15).32 (0x20).238 (0xee) Port=138 (0x8a) Length=229 (0xe5) Res2=0x0
> SourceName=<w2kmachine> NameType=0x00 (Workstation)
> DestName=IFS NameType=0x1C (Unknown)
>
> SMB PACKET: SMBtrans (REQUEST)
>
>
> 14:27:26.181114 <sambaserver>.ifs.netbios-dgm >
> 10.21.32.255.netbios-dgm:
> >>> NBT UDP PACKET(138) Res=0x110A ID=0x7EE4 IP=10 (0xa).21
> (0x15).32 (0x20).1 (0x1) Port=138 (0x8a) Length=205 (0xcd) Res2=0x0
> SourceName=<sambaserver> NameType=0x00 (Workstation)
> DestName=IFS NameType=0x1D (Master Browser)
>
> SMB PACKET: SMBtrans (REQUEST)
>
> (DF)
> 14:27:27.459152 205.188.12.20.5190 > <w2kmachine>.ifs.1104: P
> 1912445612:1912445720(108) ack 2118659303 win 16384 (DF)
> 14:27:27.599945 <w2kmachine>.ifs.1104 > 205.188.12.20.5190: . ack
> 108 win 64767 (DF)
> 14:27:31.180328 <w2kmachine>.ifs.netbios-dgm >
> <sambaserver>.ifs.netbios-dgm:
> >>> NBT UDP PACKET(138) Res=0x110E ID=0x81AB IP=10 (0xa).21
> (0x15).32 (0x20).238 (0xee) Port=138 (0x8a) Length=229 (0xe5) Res2=0x0
> SourceName=<w2kmachine> NameType=0x00 (Workstation)
> DestName=IFS NameType=0x1C (Unknown)
>
> SMB PACKET: SMBtrans (REQUEST)
> </snip>
>
>
> - Now for the suprise...
> - I was at home and still wanting to try to get this up and running
> last weekend, so I logged on into our VPN from a Windows 2000
> (Service Pack 2!!) machine
> and attempted to logon to our domain. And suprise... it worked.
> So i try it again now (monday), at my work, and I get the
> "The specified domain either does not exist or could not be
> contacted."-error again.
> ____________
>
> ___Conclusion:
> - somewhere from Service Pack 3 (I believe but not sure since I upgraded
> directly from 2 to 4)
> and on, Windows starts looking for an Active Directory when login on
> to a domain.
> I don't know what it does afterwards, but it won't talk to my Samba
> PDC.
> I've been looking around for the past few days and I could not find
> ANYTHING with a solution.
> ______________
>
> __My configuration file:
>
> - smb.conf
> <snip>
> # Global parameters
> [global]
> dos charset = ISO8859-15
> unix charset = CP850
> display charset = CP850
> workgroup = IFS
> netbios name = FILESERVER
> interfaces = lo, 127.0.0.0/255.0.0.0, eth0,
> 10.21.32.0/255.255.255.0
> bind interfaces only = Yes
> auth methods = sam
> server schannel = Yes
> password server = 10.21.32.1
> passdb backend = ldapsam:ldap://10.21.32.1
> unix password sync = No
> client lanman auth = No
> client plaintext auth = No
> log level = 4
> syslog = 10
> log file = /var/log/samba/%m
> name resolve order = bcast wins hosts
> time server = Yes
> keepalive = 255
> socket options = TCP_NODELAY SO_KEEPALIVE SO_SNDBUF=8192
> SO_RCVBUF=8192
> load printers = No
> printcap name = cups
> logon drive = z:
> logon home = \\%L\%U
> domain logons = Yes
> os level = 64
> preferred master = Yes
> domain master = Yes
> wins support = Yes
> ldap suffix = o=ifs,c=nl
> ldap machine suffix = sambaDomainName=IFS,ou=Server
> Services,o=ifs,c=nl
> ldap user suffix = ou=People,o=ifs,c=nl
> ldap group suffix = ou=People Groups,o=ifs,c=nl
> ldap idmap suffix = o=ifs,c=nl
> ldap admin dn = cn=root,o=ifs,c=nl
> remote announce = 10.21.32.255/IFS
> idmap uid = 10000-20000
> idmap gid = 10000-20000
> admin users = adminisrtator
>
> [homes]
> comment = Home Directory
> read only = No
> browseable = No
>
> [netlogon]
> comment = Network Logon Service
> path = /home/services/samba/netlogon
> guest ok = Yes
> share modes = No
>
> [Profiles]
> path = /home/services/samba/profiles
> guest ok = Yes
> browseable = No
>
> [data]
> comment = IFS's shared files
> path = /home/ifs/data
> read only = No
> force create mode = 0771
> force directory mode = 0775
> </snip>
> _________________________
>
>
> I also tried to install the older version again
> (samba 2.x.stable (standard debian-package) without LDAP and with
> smbpasswd file),
> but no luck...
>
> I am completely out of ideas and believe I tried everything possible....
> Hope someone can explain me this mystical behaviour all of a sudden...
>
> Kind Regards,
> Bjorn Padding
> IFS Audio Visuals
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
>
More information about the samba
mailing list