[Samba] Domain unavaliable

James Kreuziger jkreuzig at uci.edu
Tue Sep 9 23:26:10 GMT 2003 

First off, I'd like to give all the people involved
with the development of Samba a big thanks.  I'd have
to say that Samba is probably the single most important
piece of software that we run in our research lab.
I'd also like to say that I have had so few problems that
I probably haven't written about one in 3 years.

With that being said, I'm having problems with my
Samba PDC.  I'm running Samba 2.2.8a on a Solaris 8
box.  We have recently moved our lab from one
facilty to another, which forced us to change all
of our system names and IP's.  Luckily, only the
domain part of the name changed, as well as the IP's.

I updated the smb.conf to reflect the new subnet and IP's.  However,
I have recently noticed that people are getting alot of
"Domain LABDOM is unavailable" messages when trying to
logon from Win2k.  This may last anywhere from 2 minutes to 30
minutes.  Then, for no apparent reason, they will be able to logon.

I'm thinking that it has to do with my hosts allow and
hosts deny settings.  Before the move, we were on a subnet
with a netmask setting of 255.255.255.0.  So my hosts allow
setting were this (IP's have been changed to protect the innocent):

hosts allow = 10.0.33. 127.0.0.1
host deny = ALL EXCEPT 10.0.33. 127.0.0.1

We are now on a much more restricted subnet, and
can't have the full range to ourselves.  Consequently,
our subnet mask is now 255.255.255.224, and the IP
address space is from 10.0.236.38 - 10.0.236.61
(this takes into account the network devices).

I'm wondering if my problem is related to this.
I'm thinking that that I should restrict my hosts
allow with the network/netmask combo:

hosts allow = 10.0.236.32/255.255.255.224

Is this what I'm looking for?  I've included the
global part of my conf below.

Thanks,

-Jim

*************************************************
Jim Kreuziger
jkreuzig at uci.edu
*************************************************

[global]
        workgroup = LABDOM
        preexec = csh -c `echo /usr/local/samba/bin/smbclient \
                                -M %m -I %I` &
        server string = Samba %v on (%L)
        security = user
        domain logons = yes
        domain admin group = @domadm
        encrypt passwords = Yes
        password level = 3
        log level = 2
        log file = /samba/current/var/log.smbd.%m
        max log size = 2000
        wins support = Yes
        name resolve order = lmhosts wins hosts bcast
        dns proxy = yes
        deadtime = 0
        keepalive = 3600
        client code page = 437
        os level = 65
        preferred master = Yes
        domain master = Yes
        guest account = samba
        invalid users = daemon bin sys lp smtp uucp nuucp listen dcs consult dumper nobody
        hosts allow = 10.0.236. 10.0.33. 10.0.126. 127.0.0.1
        hosts deny = ALL EXCEPT 10.0.236. 10.0.33. 10.0.126. 127.0.0.1
        veto oplock files = /*.mdb/*.dbm/*.doc/*.xls
        socket options = TCP_NODELAY IPTOS_LOWDELAY
        getwd cache = yes
        logon script = %U.bat
        logon path = \\ralopib\profile\%U
        remote announce = 10.0.126.208/IMHH
        utmp = True
        username map = /samba/current/lib/usermap.txt

More information about the samba mailing list