[Samba] RE: PDC + LDAP + W2K-SP4 Domain logon
bjorn.padding at ifsaudiovisueel.nl
bjorn.padding at ifsaudiovisueel.nl
Mon Aug 25 16:31:39 GMT 2003
This is strange that it worked for you, because testparm tells me that
if you use "wins support = yes" && "wins server = <wins server IP>" at
the same time, then smbd would not start. Anyway, I tried and it doesn't
work...
Anybody else??
> This may be a long shot, but does your work environment use a WINS
server?
>
> I found out recently that mine does, and by changing WINS support =
yes
> to WINS server = 'ip address', i got the domain thing to work. I kept
> getting the same error you did.
>
> Cheers
> S
>
> On Mon, 25 Aug 2003 15:09:05 +0200 bjorn.padding at ifsaudiovisueel.nl
wrote:
>
> > Dear all,
> >
> >
> > ___Setup:
> > - several wINDOWS 2000 workstations on SP4 (reg-patches applied,
they
> > worked on 2.x-stable)
> > - Samba PDC (CVS 3.0.0rc2) (machine accounts added aswell as users
in
> > unix & samba)
> > - OpenLDAP (2.1.12) <-- (Not really relevant since I tried without
ldap
> > too, so no info about that from this point)
> > - Linux <HOSTNAME> 2.4.19 #1 Fri Jun 13 15:22:09 UTC 2003 i686
unknown
> > (debian)
> >
> > (- also tried Samba PDC (2.x.stable))
> > _________
> >
> > ___My Problem:
> > Since attempting to upgrade to Samba 3.0 clients are unable to
logon to
> > my samba-domain.
> > ______________
> >
> >
> > ___Scenario:
> > at server side(linux samba PDC):
> >
> > - 'testparm' command succeeds.
> > - Samba PDC started with all systems up and running
(smbd/nmbd/winbindd)
> > - Tests through 'net join' command succeeds.
> > - Test through 'smbclient -L <my samba PDC>' succeeds aswell.
> > *- Test through 'smbclient -L <a windows 200 machine>'
FAILS<partial>!
> > Result:
> > <snip>
> > Sharename Type Comment
> > --------- ---- -------
> > E$ Disk Default share
> > IPC$ IPC Remote IPC
> > ADMIN$ Disk Remote Admin
> > C$ Disk Default share
> > session request to <w2kmachine> failed (Called name not
present)
> > session request to *SMBSERVER failed (Called name not
present)
> > NetBIOS over TCP disabled -- no workgroup available
> > </snip>
> > *quite strange error since it returns the shares?!
> >
> > ---> going on anyway --->
> >
> > at client side(w2k):
> >
> > - login on client with local administrator-account.
> > - browsing network IFS results in seeing only
> > the windows-2000 machines in the network and NOT the samba PDC.
> > - if I attempt to connect to '\\<my samba pdc>' I do get a request
> > for my login and password. Login works and I can browse shares.
> > - I use 'net use * /d /yes' to be able to join the domain with a
> > clean-sheet.
> > - if I attempt to join the domain IFS I get the following error:
> > <snip>
> > The following error ocurred validating the name "IFS".
> > This condition may be caused by a DNS lookup problem.
> > For information about troubleshooting common DNS lookup
problems,
> > please see the following Microsoft web site:
> > http://go.microsoft.com/fwlink/?LinkId=5171
> >
> > The specified domain either does not exist or could not be
> > contacted.
> > [ OK ]
> > </snip>
> > went to the link and followed instruction in how far possible
with
> > Samba
> > and saw something about the _ldap._tcp.dc_msdcs record.
> > added that (_tcp._ldap.dc._msdcs.ifs. SRV 0 0 0 .) to my config,
but
> > still no succes
> > (thought that wouldn't do much anyway, since the link says it's
only
> > to reduce unneccessary traffic).
> > Samba show's _only changes in nmbd-logfile_:
> > <snip>
> > [2003/08/25 14:30:00, 4]
> > nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(156)
> > find_workgroup_on_subnet: workgroup search for IFS on
subnet
> > 10.21.32.1: found.
> > [2003/08/25 14:30:00, 4]
> > nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(156)
> > find_workgroup_on_subnet: workgroup search for IFS on
subnet
> > UNICAST_SUBNET: found.
> > [2003/08/25 14:30:00, 4]
> > nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(156)
> > find_workgroup_on_subnet: workgroup search for IFS on
subnet
> > UNICAST_SUBNET: found.
> > [2003/08/25 14:30:05, 4]
> > nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(156)
> > find_workgroup_on_subnet: workgroup search for IFS on
subnet
> > 10.21.32.1: found.
> > [2003/08/25 14:30:05, 4]
> > nmbd/nmbd_workgroupdb.c:dump_workgroups(284)
> > dump_workgroups()
> > dump workgroup on subnet 10.21.32.1: netmask=
> > 255.255.255.0:
> > IFS(1) current master browser = <sambaserver>
> > <sambaserver> 400c992b (Samba CVS 3.0.0rc2)
> > [2003/08/25 14:30:05, 4]
> > nmbd/nmbd_workgroupdb.c:dump_workgroups(284)
> > dump_workgroups()
> > dump workgroup on subnet UNICAST_SUBNET: netmask=
> > 10.21.32.1:
> > IFS(1) current master browser = UNKNOWN
> > <sambaserver> 4009992b (Samba CVS 3.0.0rc2)
> > [2003/08/25 14:30:05, 4]
> > nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(156)
> > find_workgroup_on_subnet: workgroup search for IFS on
subnet
> > UNICAST_SUBNET: found.
> > [2003/08/25 14:30:05, 4]
> > nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(156)
> > find_workgroup_on_subnet: workgroup search for IFS on
subnet
> > UNICAST_SUBNET: found.
> > [2003/08/25 14:30:10, 4]
> > nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(156)
> > find_workgroup_on_subnet: workgroup search for IFS on
subnet
> > 10.21.32.1: found.
> > [2003/08/25 14:30:10, 4]
> > nmbd/nmbd_workgroupdb.c:dump_workgroups(284)
> > dump_workgroups()
> > dump workgroup on subnet 10.21.32.1: netmask=
> > 255.255.255.0:
> > IFS(1) current master browser = <sambaserver>
> > <sambaserver> 400c992b (Samba CVS 3.0.0rc2)
> > [2003/08/25 14:30:10, 4]
> > nmbd/nmbd_workgroupdb.c:dump_workgroups(284)
> > dump_workgroups()
> > dump workgroup on subnet UNICAST_SUBNET: netmask=
> > 10.21.32.1:
> > IFS(1) current master browser = UNKNOWN
> > <sambaserver> 4009992b (Samba CVS 3.0.0rc2)
> > [2003/08/25 14:30:10, 4]
> > nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(156)
> > find_workgroup_on_subnet: workgroup search for IFS on
subnet
> > UNICAST_SUBNET: found.
> > [2003/08/25 14:30:10, 4]
> > nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(156)
> > find_workgroup_on_subnet: workgroup search for IFS on
subnet
> > UNICAST_SUBNET: found.
> > </snip>
> >
> > and in tcpdump:
> >
> > <snip>
> > 14:27:21.179535 <w2kmachine>.ifs.1700 >
<sambaserver>.ifs.domain:
> > 25834+ SRV ? _ldap._tcp.dc._msdcs.ifs. (42)
> > 14:27:21.179702 <sambaserver>.ifs.domain >
<w2kmachine>.ifs.1700:
> > 25834 NXDomain* 0/1/0 (105) (DF)
> > 14:27:21.180559 <w2kmachine>.ifs.netbios-dgm >
> > <sambaserver>.ifs.netbios-dgm:
> > >>> NBT UDP PACKET(138) Res=0x110E ID=0x81A9 IP=10 (0xa).21
> > (0x15).32 (0x20).238 (0xee) Port=138 (0x8a) Length=229 (0xe5)
Res2=
> > 0x0
> > SourceName=<w2kmachine> NameType=0x00 (Workstation)
> > DestName=IFS NameType=0x1C (Unknown)
> >
> > SMB PACKET: SMBtrans (REQUEST)
> >
> >
> > 14:27:26.180442 <w2kmachine>.ifs.netbios-dgm >
> > <sambaserver>.ifs.netbios-dgm:
> > >>> NBT UDP PACKET(138) Res=0x110E ID=0x81AA IP=10 (0xa).21
> > (0x15).32 (0x20).238 (0xee) Port=138 (0x8a) Length=229 (0xe5)
Res2=0x0
> > SourceName=<w2kmachine> NameType=0x00 (Workstation)
> > DestName=IFS NameType=0x1C (Unknown)
> >
> > SMB PACKET: SMBtrans (REQUEST)
> >
> >
> > 14:27:26.181114 <sambaserver>.ifs.netbios-dgm >
> > 10.21.32.255.netbios-dgm:
> > >>> NBT UDP PACKET(138) Res=0x110A ID=0x7EE4 IP=10 (0xa).21
> > (0x15).32 (0x20).1 (0x1) Port=138 (0x8a) Length=205 (0xcd) Res2=0x0
> > SourceName=<sambaserver> NameType=0x00 (Workstation)
> > DestName=IFS NameType=0x1D (Master Browser)
> >
> > SMB PACKET: SMBtrans (REQUEST)
> >
> > (DF)
> > 14:27:27.459152 205.188.12.20.5190 > <w2kmachine>.ifs.1104: P
> > 1912445612:1912445720(108) ack 2118659303 win 16384 (DF)
> > 14:27:27.599945 <w2kmachine>.ifs.1104 > 205.188.12.20.5190: .
ack
> > 108 win 64767 (DF)
> > 14:27:31.180328 <w2kmachine>.ifs.netbios-dgm >
> > <sambaserver>.ifs.netbios-dgm:
> > >>> NBT UDP PACKET(138) Res=0x110E ID=0x81AB IP=10 (0xa).21
> > (0x15).32 (0x20).238 (0xee) Port=138 (0x8a) Length=229 (0xe5)
Res2=0x0
> > SourceName=<w2kmachine> NameType=0x00 (Workstation)
> > DestName=IFS NameType=0x1C (Unknown)
> >
> > SMB PACKET: SMBtrans (REQUEST)
> > </snip>
> >
> >
> > - Now for the suprise...
> > - I was at home and still wanting to try to get this up and
running
> > last weekend, so I logged on into our VPN from a Windows 2000
> > (Service Pack 2!!) machine
> > and attempted to logon to our domain. And suprise... it worked.
> > So i try it again now (monday), at my work, and I get the
> > "The specified domain either does not exist or could not be
> > contacted."-error again.
> > ____________
> >
> > ___Conclusion:
> > - somewhere from Service Pack 3 (I believe but not sure since I
upgraded
> > directly from 2 to 4)
> > and on, Windows starts looking for an Active Directory when login
on
> > to a domain.
> > I don't know what it does afterwards, but it won't talk to my
Samba
> > PDC.
> > I've been looking around for the past few days and I could not
find
> > ANYTHING with a solution.
> > ______________
> >
> > __My configuration file:
> >
> > - smb.conf
> > <snip>
> > # Global parameters
> > [global]
> > dos charset = ISO8859-15
> > unix charset = CP850
> > display charset = CP850
> > workgroup = IFS
> > netbios name = FILESERVER
> > interfaces = lo, 127.0.0.0/255.0.0.0, eth0,
> > 10.21.32.0/255.255.255.0
> > bind interfaces only = Yes
> > auth methods = sam
> > server schannel = Yes
> > password server = 10.21.32.1
> > passdb backend = ldapsam:ldap://10.21.32.1
> > unix password sync = No
> > client lanman auth = No
> > client plaintext auth = No
> > log level = 4
> > syslog = 10
> > log file = /var/log/samba/%m
> > name resolve order = bcast wins hosts
> > time server = Yes
> > keepalive = 255
> > socket options = TCP_NODELAY SO_KEEPALIVE SO_SNDBUF=8192
> > SO_RCVBUF=8192
> > load printers = No
> > printcap name = cups
> > logon drive = z:
> > logon home = \\%L\%U
> > domain logons = Yes
> > os level = 64
> > preferred master = Yes
> > domain master = Yes
> > wins support = Yes
> > ldap suffix = o=ifs,c=nl
> > ldap machine suffix = sambaDomainName=IFS,ou=Server
> > Services,o=ifs,c=nl
> > ldap user suffix = ou=People,o=ifs,c=nl
> > ldap group suffix = ou=People Groups,o=ifs,c=nl
> > ldap idmap suffix = o=ifs,c=nl
> > ldap admin dn = cn=root,o=ifs,c=nl
> > remote announce = 10.21.32.255/IFS
> > idmap uid = 10000-20000
> > idmap gid = 10000-20000
> > admin users = adminisrtator
> >
> > [homes]
> > comment = Home Directory
> > read only = No
> > browseable = No
> >
> > [netlogon]
> > comment = Network Logon Service
> > path = /home/services/samba/netlogon
> > guest ok = Yes
> > share modes = No
> >
> > [Profiles]
> > path = /home/services/samba/profiles
> > guest ok = Yes
> > browseable = No
> >
> > [data]
> > comment = IFS's shared files
> > path = /home/ifs/data
> > read only = No
> > force create mode = 0771
> > force directory mode = 0775
> > </snip>
> > _________________________
> >
> >
> > I also tried to install the older version again
> > (samba 2.x.stable (standard debian-package) without LDAP and with
> > smbpasswd file),
> > but no luck...
> >
> > I am completely out of ideas and believe I tried everything
possible....
> > Hope someone can explain me this mystical behaviour all of a
sudden...
> >
> > Kind Regards,
> > Bjorn Padding
> > IFS Audio Visuals
> >
> >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: http://lists.samba.org/mailman/listinfo/samba
> >
More information about the samba
mailing list