AW: [Samba] AGAIN netlogon problems
Radio Gong 2000 GmbH & Co. KG [Technik]
sascha.bieler at radiogong.de
Wed Mar 24 18:46:01 GMT 2004
IT WORKS!!! NOW FOR SURE!!!
Do u wana know the solution?
YES, of course:
I turned off my firewalls on the servers. Stupid but simple.
Now my qustion? What's worng withmy firewallscript?
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -p tcp -m tcp --dport 22 --syn -j ACCEPT
-A INPUT -p tcp -m tcp -s 192.168.10.0/24 --dport 53 --syn -j ACCEPT
-A INPUT -p udp -m udp -s 192.168.10.0/24 --dport 53 -j ACCEPT
-A INPUT -p tcp -m tcp -s 192.168.11.0/24 --dport 53 --syn -j ACCEPT
-A INPUT -p udp -m udp -s 192.168.11.0/24 --dport 53 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 --syn -j ACCEPT
-A INPUT -p udp -m udp --dport 80 -j ACCEPT
-A INPUT -p udp -m udp --dport 123 -j ACCEPT
-A INPUT -p udp -m udp --dport 137 -j ACCEPT
-A INPUT -p udp -m udp --dport 138 -j ACCEPT
-A INPUT -p udp -m udp --dport 139 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 139 --syn -j ACCEPT
-A INPUT -p tcp -m tcp --dport 445 --syn -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 --syn -j ACCEPT
-A INPUT -p tcp -m tcp --dport 901 --syn -j ACCEPT
-A INPUT -p udp -m udp --dport 443 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 666 --syn -j ACCEPT
-A INPUT -p tcp -m tcp --dport 667 --syn -j ACCEPT
-A INPUT -p udp -m udp --dport 777 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 800 --syn -j ACCEPT
-A INPUT -p tcp -m tcp --dport 3306 --syn -j ACCEPT
-A INPUT -p udp -m udp --dport 3306 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 10000 --syn -j ACCEPT
-A INPUT -p udp -m udp --dport 10000 -j ACCEPT
-A INPUT -p udp -m udp -s 192.168.10.2 --sport 53 -d 0/0 -j ACCEPT
-A INPUT -p udp -m udp -s 192.168.10.253 --sport 53 -d 0/0 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m tcp --syn -j REJECT
-A INPUT -p udp -m udp -j REJECT
COMMIT
Do I have to add: wins 1512/tcp and udp
Regards
Sascha
> -----Ursprüngliche Nachricht-----
> Von: samba-bounces+sascha.bieler=radiogong.de at lists.samba.org
> [mailto:samba-bounces+sascha.bieler=radiogong.de at lists.samba.org]Im
> Auftrag von Radio Gong 2000 GmbH & Co. KG [Technik]
> Gesendet: Mittwoch, 24. März 2004 19:05
> An: samba at lists.samba.org
> Betreff: Re: [Samba] AGAIN netlogon problems
>
>
> OK, seems that it has been just one lucky time and we start again.
>
> I have configured a PDC and two BDCs with the same smb.conf except the
> interface-options of course.
>
> BUT here's the nmblookup -SL output
>
> querying ASSASSIN on 192.168.10.255
> 192.168.10.2 ASSASSIN<00>
> Looking up status of 192.168.10.2
> ASSASSIN <00> - B <ACTIVE>
> ASSASSIN <03> - B <ACTIVE>
> ASSASSIN <20> - B <ACTIVE>
> SNEAKER <00> - <GROUP> B <ACTIVE>
> SNEAKER <1c> - B <ACTIVE>
> SNEAKER <1e> - <GROUP> B <ACTIVE>
>
> querying LEO on 192.168.10.255
> 192.168.10.3 LEO<00>
> Looking up status of 192.168.10.3
> LEO <00> - H <ACTIVE>
> LEO <03> - H <ACTIVE>
> LEO <20> - H <ACTIVE>
> SNEAKER <00> - <GROUP> H <ACTIVE>
> SNEAKER <1c> - <GROUP> H <ACTIVE>
> SNEAKER <1e> - <GROUP> H <ACTIVE>
>
>
> Why do they differ?
> Why is <1c> - <GROUP> H <ACTIVE> at Server Leo and on Assassin not? Same
> config! Same samba-version! Same RedHat!
>
> Why is there an 'H' and not a 'B'?
>
> Why do all the Windows clients believe that Leo ist the PDC and
> logon to him??
>
> I do not want to use lmhosts!
>
> Do you have a solution?
>
> Do not understand anymore, please help!
>
>
> Here my smb.conf's:
>
> PDC
>
> # Global parameters
> [global]
> dos charset = ISO8859-15
> unix charset = ISO8859-15
> display charset = ISO8859-15
> workgroup = SNEAKER
> server string = SoundServer %v
> interfaces = 192.168.10.1/24, 192.168.11.1/24
> bind interfaces only = Yes
> update encrypted = Yes
> server schannel = Yes
> map to guest = Bad User
> obey pam restrictions = Yes
> passdb backend = smbpasswd:/etc/samba/smbpasswd, guest
> pam password change = Yes
> passwd program = /usr/bin/passwd %u
> username map = /etc/samba/smbusers
> password level = 8
> username level = 8
> unix password sync = Yes
> log level = 2
> syslog = 0
> log file = /var/log/samba/log.%m
> max log size = 50
> name resolve order = wins lmhosts bcast host
> time server = Yes
> keepalive = 255
> socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192
> SO_RCVBUF=8192
> printcap name = cups
> add user script = /usr/sbin/useradd -m %u
> delete user script = /usr/sbin/userdel -r %u
> add group script = /usr/sbin/groupadd -r %g
> delete group script = /usr/sbin/groupdel %g
> add user to group script = /usr/bin/gpasswd -a %u %g
> delete user from group script = /usr/bin/gpasswd -d %u %g
> set primary group script = /usr/sbin/usermod -g '%g' '%u'
> add machine script = /usr/sbin/useradd -g machines -c Machine
> -d /dev/null -s /bin/false %u
> shutdown script = /sbin/shutdown
> abort shutdown script = /sbin/shutdown -c
> logon script = logon.bat
> logon path =
> logon home =
> domain logons = Yes
> os level = 255
> preferred master = Yes
> domain master = Yes
> wins support = Yes
> wins partners = 192.168.10.2 192.168.10.3
> ldap ssl = no
> add share command = /usr/local/bin/modify_samba_config.pl
> change share command = /usr/local/bin/modify_samba_config.pl
> delete share command = /usr/local/bin/modify_samba_config.pl
> utmp = Yes
> host msdfs = Yes
> template homedir =
> admin users = root, administrator, sascha
> hosts allow = 192.168.
> printing = cups
> veto files = /*.nws/riched20.dll/*.{*}/*.eml/
>
>
> BDC1
>
> # Global parameters
> [global]
> dos charset = ISO8859-15
> unix charset = ISO8859-15
> display charset = ISO8859-15
> workgroup = SNEAKER
> server string = FileServer %v
> interfaces = 192.168.10.2/24
> bind interfaces only = Yes
> update encrypted = Yes
> server schannel = Yes
> map to guest = Bad User
> obey pam restrictions = Yes
> passdb backend = smbpasswd:/etc/samba/smbpasswd, guest
> pam password change = Yes
> passwd program = /usr/bin/passwd %u
> username map = /etc/samba/smbusers
> password level = 8
> username level = 8
> unix password sync = Yes
> log level = 2
> syslog = 0
> log file = /var/log/samba/log.%m
> max log size = 50
> name resolve order = wins lmhosts bcast host
> time server = Yes
> keepalive = 255
> socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192
> SO_RCVBUF=8192
> printcap name = cups
> add user script = /usr/sbin/useradd -m %u
> delete user script = /usr/sbin/userdel -r %u
> add group script = /usr/sbin/groupadd -r %g
> delete group script = /usr/sbin/groupdel %g
> add user to group script = /usr/bin/gpasswd -a %u %g
> delete user from group script = /usr/bin/gpasswd -d %u %g
> set primary group script = /usr/sbin/usermod -g '%g' '%u'
> add machine script = /usr/sbin/useradd -g machines -c Machine
> -d /dev/null -s /bin/false %u
> shutdown script = /sbin/shutdown
> abort shutdown script = /sbin/shutdown -c
> logon path =
> logon home =
> domain logons = Yes
> os level = 32
> preferred master = Yes
> domain master = No
> wins server = 192.168.10.1
> ldap ssl = no
> add share command = /usr/local/bin/modify_samba_config.pl
> change share command = /usr/local/bin/modify_samba_config.pl
> delete share command = /usr/local/bin/modify_samba_config.pl
> utmp = Yes
> host msdfs = Yes
> template homedir =
> admin users = root, administrator, sascha
> hosts allow = 192.168.
> printing = cups
> veto files = /*.nws/riched20.dll/*.{*}/*.eml/
>
>
>
> BDC2
>
> # Global parameters
> [global]
> dos charset = ISO8859-15
> unix charset = ISO8859-15
> display charset = ISO8859-15
> workgroup = SNEAKER
> server string = FileServer %v
> interfaces = 192.168.10.3/24
> bind interfaces only = Yes
> update encrypted = Yes
> server schannel = Yes
> map to guest = Bad User
> obey pam restrictions = Yes
> passdb backend = smbpasswd:/etc/samba/smbpasswd, guest
> pam password change = Yes
> passwd program = /usr/bin/passwd %u
> username map = /etc/samba/smbusers
> password level = 8
> username level = 8
> unix password sync = Yes
> log level = 2
> syslog = 0
> log file = /var/log/samba/log.%m
> max log size = 50
> name resolve order = wins lmhosts bcast host
> time server = Yes
> keepalive = 255
> socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192
> SO_RCVBUF=8192
> printcap name = cups
> add user script = /usr/sbin/useradd -m %u
> delete user script = /usr/sbin/userdel -r %u
> add group script = /usr/sbin/groupadd -r %g
> delete group script = /usr/sbin/groupdel %g
> add user to group script = /usr/bin/gpasswd -a %u %g
> delete user from group script = /usr/bin/gpasswd -d %u %g
> set primary group script = /usr/sbin/usermod -g '%g' '%u'
> add machine script = /usr/sbin/useradd -g machines -c Machine
> -d /dev/null -s /bin/false %u
> shutdown script = /sbin/shutdown
> abort shutdown script = /sbin/shutdown -c
> logon path =
> logon home =
> domain logons = Yes
> os level = 32
> preferred master = Yes
> domain master = No
> wins server = 192.168.10.1
> ldap ssl = no
> add share command = /usr/local/bin/modify_samba_config.pl
> change share command = /usr/local/bin/modify_samba_config.pl
> delete share command = /usr/local/bin/modify_samba_config.pl
> utmp = Yes
> host msdfs = Yes
> template homedir =
> admin users = root, administrator, sascha
> hosts allow = 192.168.
> printing = cups
> veto files = /*.nws/riched20.dll/*.{*}/*.eml/
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
>
More information about the samba
mailing list