[Samba] Domain logons and client IP broadcasts

Sebastian Held sebastian.held at gmx.de
Wed Feb 7 07:51:47 GMT 2007 

I'm sorry, but I don't know the cause.
You should make sure, that Lab-119 actually uses DHCP.
Have a look at the blocked packets of the firewall and compare with Lab-101.
I had the same error "domain not available", but a different scenario... I 
think it was solved, by joining the PDC to itself - but seems not be related 
to your problem.

If Lab-119 is a windows machine, I would recommend a reinstall - most times 
this work quite well ;)

kind regards,
Sebastian

Am Dienstag, 6. Februar 2007 schrieb Postmaster:
> Sebastian Held wrote:
> > Am Donnerstag, 1. Februar 2007 schrieb Sherwood Botsford:
> >> dhcp server options
> >>         netbios-node-type =2
> >>         netbios-name-sever = PDC IP
> >>    samba
> >>         wins support = yes
> >>         # wins server
> >> -> Domain logins don't work
> >
> > Did you try to set:
> > name resolve order = wins lmhosts
> > on your Samba PDC?
> > Is Samba a local and domain master browser?
> > Have a look at the browse data:
> > nmblookup -R -U <winsServer> -S <nameToLookUp>
> >
> > kind regards,
> > Sebastian
>
> Firstly, thanks for your help in this , Sebastion.  You have been amazingly
> patient.
>
> OK:  More data:
> Lab-101 is set with a firewall that permits broadcasts, and allows
> domain logins.
>
> Lab-119 is set with a firewall that blocks broadcasts.  From it i get a
> 'domain not available'
> message, but if I log in with a cached roaming profile, network shares
> work.
>
> Conan is the PDC of my domain, SJSA and is the master browser.  I have a
> single
> network, so it is also the local master.
>
> conan# nmblookup -R -U sjsa -S lab-118
> querying lab-101 on 192.168.1.241
> 192.168.1.101 lab-101<00>
> Looking up status of 192.168.1.118
>         LAB-101        <00> -         M <ACTIVE>
>         SJSA            <00> - <GROUP> M <ACTIVE>
>         SJSA            <1e> - <GROUP> M <ACTIVE>
>
> conan# nmblookup -R -U sjsa -S lab-119
> querying lab-119 on 192.168.1.241
> 192.168.1.119 lab-119<00>
> Looking up status of 192.168.1.119
>         LAB-119         <00> -         M <ACTIVE>
>         SJSA            <00> - <GROUP> M <ACTIVE>
>         SJSA            <1e> - <GROUP> M <ACTIVE>
>
> *** No effective difference between the two types.
>
> Relevent chunks of smb.conf
>    workgroup = SJSA
>    netbios name = CONAN
>    server string = Conan the Librarian
>    security = DOMAIN
> **********************************************
>
> Excerpt from nmbd -d2
> Samba server CONAN is now a domain master browser for workgroup SJSA on
> subnet 192.168.1.241
> *****
> announce_local_master_browser_to_domain_master_browser:
> We are both a domain and a local master browser for workgroup SJSA.  Do
> not announce to ourselves
>
> *********************************
> Runing findsmb from a workstation not running nmbd shows that
> Conan is a master and local browse master, and postie is a local browse
> master.
>
>
> If I log in from lab-101 the following shows up in the nmbd log file.
> process_logon_packet: Logon from 192.168.1.101: code = 0x12
> process_logon_packet: Logon from 192.168.1.101: code = 0x12
> process_logon_packet: Logon from 192.168.1.101: code = 0x12
> process_logon_packet: Logon from 192.168.1.101: code = 0x12
>
> and the logon is succesful.
>
> If I log on from lab-119 no lines show up, and the attempt fails.
>
> If  I run tcpdump -vvv host 192.168.1.119 during a login there are no
> packets at all.  However there is sporadic traffic between lab-119 and
> Conan.
> e.g: arp packets and the following:
>
> 11:08:29.891131 lab-119.sjsa.internal.net.netbios-ns >
> conan.sjsa.internal.net.n
>
> etbios-ns:
>  >>> NBT UDP PACKET(137): REFRESH(8); REQUEST; UNICAST
>
> TrnID=0x9965
> OpCode=8
> NmFlags=0x0
> Rcode=0
> QueryCount=1
> AnswerCount=0
> AuthorityCount=0
> AddressRecCount=1
> QuestionRecords:
> Name=LAB-119         NameType=0x00 (Workstation)
> QuestionType=0x20
> QuestionClass=0x1
>
> ResourceRecords:
> Name=LAB-119         NameType=0x00 (Workstation)
> ResType=0x20
> ResClass=0x6C70
> TTL=499435589 (0x1dc4c845)
> ResourceLength=33945
> ResourceData=
> [000] 0D 00 60 00 00 00                                 ..`...
>
>  (ttl 128, id 54446, len 96)


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba/attachments/20070207/bb6937c0/attachment.bin

More information about the samba mailing list