[Samba] Machines getting disjoint from Domain

mallapadi niranjan niranjan.ashok at gmail.com
Mon Dec 25 10:26:45 GMT 2006 

Hi all

I have a samba 3.0.21c with OpenLDAP 2.3.19 , as PDC where almost 200
Workstations in the domain, most of my workstations are windows xp, &
2000 professional.

but sometimes some of the system get disjoint from the domain,
if we do ipconfig/flushdns and ipconfig/registerdns and wait for 5
min, and reboot and login, it logs on, ie it doesn't complain that
computer is not in the domain.

All the system get ip through dhcp and dns is configure with dynamic dsn,
both dhcp and named are running on PDC only.


This problem is getting repeatedly.

please guide me

my smb.conf file is
########################smb.conf ############################
[global]

  workgroup = msdpl.com
  netbios name = medhapdc
  passdb backend = ldapsam:ldap://msdpl.com
  server string = Domain Controller
  hosts allow = 192.168.128. 192.168.129. 192.168.130. 127.
  security = user
  encrypt passwords = yes
  socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
  interfaces = eth0,lo
  printing = cups
  disable spoolss = Yes
  printcap name = cups
  max print jobs = 100
  enable privileges = yes
  log level = 2
  password level = 8
  username level = 8
  bind interfaces only = yes
  local master = Yes
  os level = 65
  domain master = yes
  preferred master = yes
  remote browse sync = 192.168.130.3
  null passwords = no
  hide unreadable = yes
  hide dot files = yes
  domain logons = yes
  logon script = %u.bat
  logon path =
  logon drive = X:
  logon home =
  wins support = yes
  name resolve order = wins lmhosts host bcast
  dns proxy = no
  time server = yes
  log file = /var/log/samba/%m.log
  max log size = 50
  nt acl support = yes
  ldap passwd sync = yes
  add user script = /usr/local/sbin/smbldap-useradd -m "%u"
delete user script = /usr/local/sbin/smbldap-userdel "%u"
  add machine script = /usr/local/sbin/smbldap-useradd -w "%m"
  add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
  add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g"
  delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u" "%g"
  set primary group script = /usr/local/sbin/smbldap-usermod -g '%g' '%u'
  ldap delete dn = Yes
  ldap ssl = no
  ldap suffix = dc=msdpl,dc=com
  ldap admin dn = cn=manager,dc=msdpl,dc=com
  ldap group suffix = ou=Groups
  ldap user suffix = ou=People
  ldap machine suffix = ou=Computers
  ldap idmap suffix = ou=Idmap
  ldap timeout = 60
  idmap backend = ldap:ldap://msdpl.com
  idmap uid = 10000-20000
  idmap gid = 10000-20000
  check password script = /usr/local/bin/crackcheck -s
  map acl inherit = yes
  winbind use default domain = yes
  template shell = /bin/false
######################################################[Share
Definations]###########################################
[homes]
   comment = Home Directories
   valid users = %S, root
   browseable = no
   read only = no
   nt acl support = Yes

# Un-comment the following and create the netlogon directory for Domain Logons
 [netlogon]
   comment = Network Logon Service
   path = /netlogon/scripts
   guest ok = yes
   browseable = yes
   write list = root, kr1233

#Profiles Share
 [profiles]
    comment = Profiles Share
    path = /profiles/%U
    read only = No
    browseable = yes
    writeable = yes
    veto files = /lost+found/.Trash-root/*.sh/*.scr/.recycle/desktop.ini
#############################################################
my dhcpd.conf file
##########################################dhcpd.conf###############
#########################################dhpcpd.conf############################
default-lease-time 259200;
max-lease-time 259201;
option domain-name "msdpl.com";
option domain-name-servers 192.168.129.20;
option netbios-name-servers 192.168.129.20;
option netbios-node-type 8; ### Node type = Hybrid ###
ddns-updates on; ### Dynamic DNS enabled ###
ddns-update-style interim;
authoritative;
one-lease-per-client true;

subnet 192.168.129.0 netmask 255.255.255.0 {
        range dynamic-bootp 192.168.129.30 192.168.129.254;
        option subnet-mask 255.255.255.0;
        option routers 192.168.129.1;
#       ddns-domainname "msdpl.com";
#       ddns-rev-domainname "129.168.192.in-addr.arpa";
        allow unknown-clients;


# host ns {
#                next-server marvin.redhat.com;
#                hardware ethernet 12:34:56:78:AB:CD;
#                fixed-address 207.175.42.254;
#        }

}
#####################################################################

my /etc/named.conf file is
########################/etc/named.conf############################
//
// named.conf for Red Hat caching-nameserver
//

options {
        directory "/var/named";
        dump-file "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        forwarders { 192.168.129.18; 192.168.130.3; 192.168.128.3; };
        /*
         * If there is a firewall between you and nameservers you want
         * to talk to, you might need to uncomment the query-source
         * directive below.  Previous versions of BIND always asked
         * questions using port 53, but BIND 8.1 uses an unprivileged
         * port by default.
         */
         // query-source address * port 53;
};

//
// a caching only nameserver config
//
controls {
        inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};
acl msdpl {
                192.168.129.0/24;
                192.168.128.0/24;
                192.168.130.0/24;
        };
zone "msdpl.com" IN {
        type master;
        file "msdpl.com.zone";
        notify yes;
        allow-query { msdpl; };
        allow-transfer { msdpl; };
        allow-update { msdpl; };
};

zone "129.168.192.in-addr.arpa" IN {
        type master;
        file "192.168.129.20.rev";
        notify yes;
        allow-query { msdpl; };
        allow-transfer { msdpl; };
        allow-update { msdpl; };
};

zone "130.168.192.in-addr.arpa" IN {
        type master;
        file "192.168.130.0.rev";
        notify yes;
        allow-query { msdpl; };
        allow-transfer { msdpl; };
        allow-update { msdpl; };
};

zone "128.168.192.in-addr.arpa" IN {
        type master;
        file "192.168.128.0.rev";
        notify yes;
        allow-query { msdpl; };
        allow-transfer { msdpl; };
        allow-update { msdpl; };
};
zone "." IN {
        type hint;
        file "named.ca";
};

zone "localdomain" IN {
        type master;
        file "localdomain.zone";
        allow-update { none; };
};

zone "localhost" IN {
        type master;
        file "localhost.zone";
        allow-update { none; };
};



zone "medhaindia.com" IN {
        type master;
        file "medhaindia.com.zone";
        allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
        type master;
        file "named.local";
        allow-update { none; };
};

zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa"
IN {
        type master;
        file "named.ip6.local";
        allow-update { none; };
};

zone "255.in-addr.arpa" IN {
        type master;
        file "named.broadcast";
        allow-update { none; };
};

zone "0.in-addr.arpa" IN {
        type master;
        file "named.zero";
        allow-update { none; };
};
include "/etc/rndc.key";
######################################################################################################


Regards
Niranjan

More information about the samba mailing list