[Samba] No Domain Controller, Please help to interpret tcpdump

ksun at ABINITIO.COM ksun at ABINITIO.COM
Wed Sep 15 15:57:52 GMT 2004 

Greetings!

   I am still struggling with the issue that after vampiring from NT4 
domain to Samba 3.0.7 with ldap backend, Windows XP cannot find the domain 
controller.

   In particular, WXP is an XP Prof which signed in AB_INITIO_DOM domain. 
After the migration I put the Samba Server (Priscilla) and WXP in an 
isolated network, and started up Priscilla as PDC for the network. But WXP 
complains that "the domain controller" is not available.
 
   But WXP can re-join the domain with no problem; so apparently the 
domain controller is there.

   I verified that the WXP's SID is consistent with that in the ldap 
database and all the user passwords are migrated OK.

   So I try to use tcpdump to figure out the interaction between WXP and 
Samba Server, all I can see are some requests to ldap server at port 138 
(ldap server is the same as the samba server).

   Could someone please help me to interpret the following tcpdump and 
tell me where/how/when WXP is searching for the domain controller and why 
it failed? Or if someone can suggest a better way to debug this issue?

   Thank you a bunch!!!

--- Kang Sun

 

11:33:40.776223 00:0c:29:0a:fa:0b > 00:50:2c:04:14:e8, ethertype IPv4 
(0x0800), length 97: IP (tos 0x0, ttl 128, id 374, offset 0, flags [none], 
proto 17, length: 83) 10.50.21.62.1026 > 10.50.30.32.domain:  33+[|domain]
11:33:40.776792 00:50:2c:04:14:e8 > 00:0c:29:0a:fa:0b, ethertype IPv4 
(0x0800), length 97: IP (tos 0x0, ttl  64, id 147, offset 0, flags [DF], 
proto 17, length: 83) 10.50.30.32.domain > 10.50.21.62.1026:  33 ServFail 
q:[|domain]
11:33:40.778876 00:0c:29:0a:fa:0b > 00:50:2c:04:14:e8, ethertype IPv4 
(0x0800), length 269: IP (tos 0x0, ttl 128, id 376, offset 0, flags 
[none], proto 17, length: 255) 10.50.21.62.netbios-dgm > 
10.50.30.32.netbios-dgm: 
>>> NBT UDP PACKET(138) Res=0x110E ID=0x8147 IP=10 (0xa).50 (0x32).21 
(0x15).62 (0x3e) Port=138 (0x8a) Length=213 (0xd5) Res2=0x0
SourceName=WXP             NameType=0x00 (Workstation)
DestName=
WARNING: Short packet. Try increasing the snap length


11:33:40.780490 00:50:2c:04:14:e8 > 00:0c:29:0a:fa:0b, ethertype IPv4 
(0x0800), length 280: IP (tos 0x0, ttl  64, id 462, offset 0, flags [DF], 
proto 17, length: 266) 10.50.30.32.netbios-dgm > 10.50.21.62.netbios-dgm: 
>>> NBT UDP PACKET(138) Res=0x100A ID=0x49FD IP=10 (0xa).50 (0x32).30 
(0x1e).32 (0x20) Port=138 (0x8a) Length=224 (0xe0) Res2=0x0
SourceName=PRISCILLA       NameType=0x00 (Workstation)
DestName=
WARNING: Short packet. Try increasing the snap length


11:33:40.780936 00:50:2c:04:14:e8 > 00:0c:29:0a:fa:0b, ethertype IPv4 
(0x0800), length 280: IP (tos 0x0, ttl  64, id 463, offset 0, flags [DF], 
proto 17, length: 266) 10.50.30.32.netbios-dgm > 10.50.21.62.netbios-dgm: 
>>> NBT UDP PACKET(138) Res=0x100A ID=0x49FE IP=10 (0xa).50 (0x32).30 
(0x1e).32 (0x20) Port=138 (0x8a) Length=224 (0xe0) Res2=0x0
SourceName=PRISCILLA       NameType=0x00 (Workstation)
DestName=
WARNING: Short packet. Try increasing the snap length


11:33:41.390717 00:0c:29:0a:fa:0b > 00:50:2c:04:14:e8, ethertype IPv4 
(0x0800), length 93: IP (tos 0x0, ttl 128, id 377, offset 0, flags [none], 
proto 17, length: 79) 10.50.21.62.1095 > 10.50.30.32.domain: [udp sum ok] 
20+ SRV? _ldap._tcp.dc._msdcs.ABINITIO.COM. (51)
11:33:41.391125 00:50:2c:04:14:e8 > 00:0c:29:0a:fa:0b, ethertype IPv4 
(0x0800), length 93: IP (tos 0x0, ttl  64, id 148, offset 0, flags [DF], 
proto 17, length: 79) 10.50.30.32.domain > 10.50.21.62.1095: [udp sum ok] 
20 ServFail q: SRV? _ldap._tcp.dc._msdcs.ABINITIO.COM. 0/0/0 (51)
11:33:41.392415 00:0c:29:0a:fa:0b > 00:50:2c:04:14:e8, ethertype IPv4 
(0x0800), length 92: IP (tos 0x0, ttl 128, id 378, offset 0, flags [none], 
proto 17, length: 78) 10.50.21.62.netbios-ns > 10.50.30.32.netbios-ns: 
[udp sum ok] 
>>> NBT UDP PACKET(137): QUERY; REQUEST; UNICAST
TrnID=0x8149
OpCode=0
NmFlags=0x10
Rcode=0
QueryCount=1
AnswerCount=0
AuthorityCount=0
AddressRecCount=0
QuestionRecords:
Name=AB_INITIO_DOM   NameType=0x1C (Unknown)
QuestionType=0x20
QuestionClass=0x1


11:33:41.393080 00:50:2c:04:14:e8 > 00:0c:29:0a:fa:0b, ethertype IPv4 
(0x0800), length 104: IP (tos 0x0, ttl  64, id 649, offset 0, flags [DF], 
proto 17, length: 90) 10.50.30.32.netbios-ns > 10.50.21.62.netbios-ns: 
>>> NBT UDP PACKET(137): QUERY; POSITIVE; RESPONSE; UNICAST
TrnID=0x8149
OpCode=0
NmFlags=0x58
Rcode=0
QueryCount=0
AnswerCount=1
AuthorityCount=0
AddressRecCount=0

ResourceRecords:
Name=AB_INITIO_DOM   NameType=0x1C (Unknown)
ResType=0x20
ResClass=0x1
TTL=258976 (0x3f3a0)
ResourceLength=0
ResourceData=
AdditionalData:
Data: (6 bytes)
[000] 11 00 00 00 70 31                                 \021\000\000\000p1 



11:33:41.394617 00:0c:29:0a:fa:0b > 00:50:2c:04:14:e8, ethertype IPv4 
(0x0800), length 296: IP (tos 0x0, ttl 128, id 380, offset 0, flags 
[none], proto 17, length: 282) 10.50.21.62.netbios-dgm > 
10.50.30.32.netbios-dgm: 
>>> NBT UDP PACKET(138) Res=0x110E ID=0x8148 IP=10 (0xa).50 (0x32).21 
(0x15).62 (0x3e) Port=138 (0x8a) Length=240 (0xf0) Res2=0x0
SourceName=WXP             NameType=0x00 (Workstation)
DestName=
WARNING: Short packet. Try increasing the snap length


11:33:41.395778 00:50:2c:04:14:e8 > 00:0c:29:0a:fa:0b, ethertype IPv4 
(0x0800), length 280: IP (tos 0x0, ttl  64, id 464, offset 0, flags [DF], 
proto 17, length: 266) 10.50.30.32.netbios-dgm > 10.50.21.62.netbios-dgm: 
>>> NBT UDP PACKET(138) Res=0x100A ID=0x49FF IP=10 (0xa).50 (0x32).30 
(0x1e).32 (0x20) Port=138 (0x8a) Length=224 (0xe0) Res2=0x0
SourceName=PRISCILLA       NameType=0x00 (Workstation)
DestName=
WARNING: Short packet. Try increasing the snap length


11:33:41.396359 00:50:2c:04:14:e8 > 00:0c:29:0a:fa:0b, ethertype IPv4 
(0x0800), length 280: IP (tos 0x0, ttl  64, id 465, offset 0, flags [DF], 
proto 17, length: 266) 10.50.30.32.netbios-dgm > 10.50.21.62.netbios-dgm: 
>>> NBT UDP PACKET(138) Res=0x100A ID=0x4A00 IP=10 (0xa).50 (0x32).30 
(0x1e).32 (0x20) Port=138 (0x8a) Length=224 (0xe0) Res2=0x0
SourceName=PRISCILLA       NameType=0x00 (Workstation)
DestName=
WARNING: Short packet. Try increasing the snap length


11:33:45.775234 00:50:2c:04:14:e8 > 00:0c:29:0a:fa:0b, ethertype ARP 
(0x0806), length 42: arp who-has 10.50.21.62 tell 10.50.30.32
11:33:45.775658 00:0c:29:0a:fa:0b > 00:50:2c:04:14:e8, ethertype ARP 
(0x0806), length 60: arp reply 10.50.21.62 is-at 00:0c:29:0a:fa:0b
11:33:48.897180 00:0c:29:0a:fa:0b > 00:50:2c:04:14:e8, ethertype IPv4 
(0x0800), length 94: IP (tos 0x0, ttl 128, id 381, offset 0, flags [none], 
proto 17, length: 80) 10.50.21.62.1096 > 10.50.30.32.domain: [udp sum ok] 
21+ SRV? _ldap._tcp.pdc._msdcs.ABINITIO.COM. (52)
11:33:48.897728 00:50:2c:04:14:e8 > 00:0c:29:0a:fa:0b, ethertype IPv4 
(0x0800), length 94: IP (tos 0x0, ttl  64, id 149, offset 0, flags [DF], 
proto 17, length: 80) 10.50.30.32.domain > 10.50.21.62.1096: [udp sum ok] 
21 ServFail q: SRV? _ldap._tcp.pdc._msdcs.ABINITIO.COM. 0/0/0 (52)
11:33:48.899202 00:0c:29:0a:fa:0b > 00:50:2c:04:14:e8, ethertype IPv4 
(0x0800), length 92: IP (tos 0x0, ttl 128, id 382, offset 0, flags [none], 
proto 17, length: 78) 10.50.21.62.netbios-ns > 10.50.30.32.netbios-ns: 
[udp sum ok] 
>>> NBT UDP PACKET(137): QUERY; REQUEST; UNICAST
TrnID=0x814B
OpCode=0
NmFlags=0x10
Rcode=0
QueryCount=1
AnswerCount=0
AuthorityCount=0
AddressRecCount=0
QuestionRecords:
Name=AB_INITIO_DOM   NameType=0x1B (Domain Controller)
QuestionType=0x20
QuestionClass=0x1


11:33:48.900162 00:50:2c:04:14:e8 > 00:0c:29:0a:fa:0b, ethertype IPv4 
(0x0800), length 104: IP (tos 0x0, ttl  64, id 650, offset 0, flags [DF], 
proto 17, length: 90) 10.50.30.32.netbios-ns > 10.50.21.62.netbios-ns: 
>>> NBT UDP PACKET(137): QUERY; POSITIVE; RESPONSE; UNICAST
TrnID=0x814B
OpCode=0
NmFlags=0x58
Rcode=0
QueryCount=0
AnswerCount=1
AuthorityCount=0
AddressRecCount=0

ResourceRecords:
Name=AB_INITIO_DOM   NameType=0x1B (Domain Controller)
ResType=0x20
ResClass=0x1
TTL=258969 (0x3f399)
ResourceLength=0
ResourceData=
AdditionalData:
Data: (6 bytes)
[000] 11 00 00 00 70 31                                 \021\000\000\000p1 



11:33:48.900502 00:0c:29:0a:fa:0b > 00:50:2c:04:14:e8, ethertype IPv4 
(0x0800), length 262: IP (tos 0x0, ttl 128, id 383, offset 0, flags 
[none], proto 17, length: 248) 10.50.21.62.netbios-dgm > 
10.50.30.32.netbios-dgm: 
>>> NBT UDP PACKET(138) Res=0x100E ID=0x814A IP=10 (0xa).50 (0x32).21 
(0x15).62 (0x3e) Port=138 (0x8a) Length=206 (0xce) Res2=0x0
SourceName=WXP             NameType=0x00 (Workstation)
DestName=
WARNING: Short packet. Try increasing the snap length


11:33:48.901935 00:50:2c:04:14:e8 > 00:0c:29:0a:fa:0b, ethertype IPv4 
(0x0800), length 284: IP (tos 0x0, ttl  64, id 466, offset 0, flags [DF], 
proto 17, length: 270) 10.50.30.32.netbios-dgm > 10.50.21.62.netbios-dgm: 
>>> NBT UDP PACKET(138) Res=0x100A ID=0x4A01 IP=10 (0xa).50 (0x32).30 
(0x1e).32 (0x20) Port=138 (0x8a) Length=228 (0xe4) Res2=0x0
SourceName=PRISCILLA       NameType=0x00 (Workstation)
DestName=
WARNING: Short packet. Try increasing the snap length

More information about the samba mailing list