[Samba] RE: PDC + LDAP + W2K-SP4 Domain logon

Dragan Krnic dkrnic at lycos.com
Wed Aug 27 22:02:53 GMT 2003

> Anyway... I found the problem. (but NO SOLUTION!!)
> Just to summarize...
> I had a win2k sp2 machine at home and win2k sp4 
> machines on my work. I was unable to login my 
> samba-pdc (v3 rc2) with the workstations @ work, 
> but I was able to connect from my win2k sp2 
> machine at home through a VPN connection.
> I now took that machine (w2k sp2 -machine from 
> home) to my office to test if it would also work 
> on the network instead of a vpn connection. and... 
> it didn't, it gave the same error as the other 
> machines.
> In tcpdump I saw the DNS query from 
> _ldap._tcp.dc._msdcs.<MYDOMAIN>. This annoyed me, 
> because my workstation from home on VPN didn't do 
> this.
> Then I came up with the plan to disable my DNS-
> server in my network-settings on my w2k-machines. 
> Then I tried to log on to the domain and.... 
> voila... it worked. When I enable the DNS-server 
> again in my configuration I can't login to the 
> domain anymore. 
> I read some things about Native and Mixed -mode 
> w2k's. I believe this is the whole problem. W2k's 
> are in Native mode looking for Active Directory 
> and Samba obviously... not... since it can't.

You are getting closer. Let's verify your server's
and clients' TCP/IP configuration. My server is also 
primary DNS and WINS server for my clients. That 
means "wins support=Yes" and there is a named running
on the server and its IP address is topmost under both 
DNS and WINS tabs of the Advanced TCP/IP properties 
box. In addition to that "Enable NetBIOS via TCP/IP"
radio button is set under WINS tab, and under DNS tab
both the radio button "Append primary and connection-
specific DNS suffixes" and the box "Append parent
suffixes of the primary DNS suffix" are set/checked.
The primary DNS suffix is what you enter in System's
tab Network identity->Properties->Advanced in the
field "Primary DNS-Suffix...". The checkbox "Change
DNS-Suffix when changing Domain" is left unchecked.
Works like a charm for all SPs of 2k and XP.

Get advanced SPAM filtering on Webmail or POP Mail ... Get Lycos Mail!

More information about the samba mailing list