[Samba] SAMBA replies SAM LOGON request from different ip alias

Christian Brandes christian.brandes at forschungsgruppe.de
Wed Oct 6 09:27:00 MDT 2010 

Hi all,

we have got 4 Samba Servers. All BDCs for "MYDOMAIN", except by SERVER3 that is a PDC.
All of them have 3 physical Network interfaces, from which 2 are used by samba. Each of them has a several ip aliases, except by SERVER1 which has only primary ip numbers on its interfaces.

When I try to join a new Windows client (XP SP3) to the domain. It asks our wins server for MYDOMAIN<1c> and gets a correct reply with all primary ip numbers of all SERVERs.
The Windows client picks one in its network and does a SAM LOGON request.

Then there are two possibilities:

1) Either it picks a SERVER2-4 with ip aliases on its interfaces. Then the SERVER responds with a different ip number than the client sent its request to. So the client does not recognize the SAM Response "user unknown" and does not pop up the requester for a valid domain admin username and password. After a while it displays an error message instead. And the join procedure cannot go on.

2) Or it picks SERVER1 whithout ip aliases on its interfaces. The SERVER responds with the only ip number on its interface in the client's network. So the client does recognize the SAM Response "user unknown" and pops up the domain admin logon requester and the join procedure can continue.

?????
So, why does SAMBA not reply on the same ip number ist was queried?
How can I get SAMBA to reply on the same ip number ist was queried?


Versions:

Samba:		3.4.7
Samba4wins:	1.0.8-2
Linux:		Ubuntu 10.04.1 LTS
Kernel: 	Linux tux1 2.6.32-24-server #42-Ubuntu SMP Fri Aug 20 15:38:55 UTC 2010 x86_64 GNU/Linux

192.168.16.0 is one single network with netmask 255.255.254.0 !

Related interfaces (and aliases):

XP-CLIENT:	192.168.17.25
WINS-SERVER:	192.168.16.28
DNS-SERVER:	192.168.16.6
SERVER1 (BDC):	192.168.16.31
SERVER2 (BDC):	192.168.16.32	(primary)
		192.168.16.38	(ip alias)
		(and other aliases)
SERVER3 (PDC):	192.168.16.33
		(and other aliases)



SERVER2 picked: (fails)

No.     Time        Source                Destination           Protocol Info
      1 2.076876    192.168.17.25         192.168.16.28         NBNS     Name query NB MYDOMAIN<1c>
      2 2.078163    192.168.16.28         192.168.17.25         NBNS     Name query response NB 192.168.16.32
      3 2.088111    192.168.17.25         192.168.16.32         SMB_NETLOGON SAM LOGON request from client
      4 2.088776    192.168.16.38         192.168.17.25         SMB_NETLOGON SAM Response - user unknown
      5 9.530892    192.168.17.25         192.168.16.32         SMB_NETLOGON SAM LOGON request from client
      6 9.531494    192.168.16.38         192.168.17.25         SMB_NETLOGON SAM Response - user unknown

SERVER1 picked: (success)

No.     Time        Source                Destination           Protocol Info
      1 14.454644   192.168.17.25         192.168.16.28         NBNS     Name query NB MYDOMAIN<1c>
      2 14.456279   192.168.16.28         192.168.17.25         NBNS     Name query response NB 192.168.16.31
      3 14.466001   192.168.17.25         192.168.16.31         SMB_NETLOGON SAM LOGON request from client
      4 14.466893   192.168.16.31         192.168.17.25         SMB_NETLOGON SAM Response - user unknown
      5 22.146011   192.168.17.25         192.168.16.31         SMB_NETLOGON SAM LOGON request from client
      6 22.146843   192.168.16.31         192.168.17.25         SMB_NETLOGON SAM Response - user unknown
      7 22.251916   192.168.17.25         192.168.16.31         SMB_NETLOGON SAM LOGON request from client
      8 22.253337   192.168.16.31         192.168.17.25         SMB_NETLOGON Response to SAM LOGON request
      9 22.360521   192.168.17.25         192.168.16.45         SMB_NETLOGON Query for PDC from XP-CLIENT
     10 22.361161   192.168.16.45         192.168.17.25         SMB_NETLOGON Response from PDC: host SERVER3, domain MYDOMAIN
     11 29.769958   192.168.17.25         192.168.16.33         TCP      1027 > netbios-ssn [SYN] Seq=0 Win=64240 Len=0 MSS=1460
     12 29.770576   192.168.16.33         192.168.17.25         TCP      netbios-ssn > 1027 [SYN, ACK] Seq=0 Ack=1 Win=5840 Len=0 MSS=1460
     13 29.772356   192.168.17.25         192.168.16.33         NBSS     Session request, to SERVER3<20> from XP-CLIENT<00>
     14 29.773223   192.168.16.33         192.168.17.25         TCP      netbios-ssn > 1027 [ACK] Seq=1 Ack=73 Win=5840 Len=0
     15 29.778573   192.168.16.33         192.168.17.25         NBSS     Positive session response
     16 29.793630   192.168.17.25         192.168.16.33         SMB      Negotiate Protocol Request
     17 29.794548   192.168.16.33         192.168.17.25         SMB      Negotiate Protocol Response
     18 29.801768   192.168.17.25         192.168.16.6          DNS      Standard query A SERVER3.mydomain.de
     19 29.802515   192.168.16.6          192.168.17.25         DNS      Standard query response A 192.168.16.33
     20 29.808240   192.168.17.25         192.168.16.33         ICMP     Echo (ping) request
     21 29.809174   192.168.16.33         192.168.17.25         ICMP     Echo (ping) reply
     22 29.820861   192.168.17.25         192.168.16.33         SMB      Session Setup AndX Request, NTLMSSP_NEGOTIATE
     23 29.822494   192.168.16.33         192.168.17.25         SMB      Session Setup AndX Response, NTLMSSP_CHALLENGE, Error: STATUS_MORE_PROCESSING_REQUIRED
     24 29.822896   192.168.17.25         192.168.16.33         SMB      Session Setup AndX Request, NTLMSSP_AUTH, User: MYDOMAIN\root
     25 29.833134   192.168.16.33         192.168.17.25         SMB      Session Setup AndX Response
     26 29.833843   192.168.17.25         192.168.16.33         SMB      Tree Connect AndX Request, Path: \\SERVER3\IPC$
     27 29.835794   192.168.16.33         192.168.17.25         SMB      Tree Connect AndX Response
     28 29.843879   192.168.17.25         192.168.16.33         SMB      NT Create AndX Request, FID: 0x4a4e, Path: \lsarpc
     29 29.845124   192.168.16.33         192.168.17.25         SMB      NT Create AndX Response, FID: 0x4a4e
     30 29.853859   192.168.17.25         192.168.16.33         DCERPC   Bind: call_id: 1 LSA V0.0
     31 29.854438   192.168.16.33         192.168.17.25         SMB      Write AndX Response, FID: 0x4a4e, 72 bytes
     32 29.858426   192.168.16.33         192.168.17.25         DCERPC   Bind_ack: call_id: 1 accept max_xmit: 4280 max_recv: 4280
     33 29.860222   192.168.17.25         192.168.16.33         LSA      LsarOpenPolicy2 request, \\SERVER3

root at server1# lsof -nPi4 | grep mbd | grep -v ESTABLISHED
smbd       5301     root   22u  IPv4    13507      0t0  TCP 192.168.16.31:445 (LISTEN)
smbd       5301     root   23u  IPv4    13508      0t0  TCP 192.168.16.31:139 (LISTEN)
nmbd       5309     root    9u  IPv4    13472      0t0  UDP *:137
nmbd       5309     root   10u  IPv4    13473      0t0  UDP *:138
nmbd       5309     root   11u  IPv4    13477      0t0  UDP 192.168.16.31:137
nmbd       5309     root   12u  IPv4    13478      0t0  UDP 192.168.16.31:138

root at server2# lsof -nPi4 | grep mbd | grep -v ESTABLISHED
smbd      29514          root   42u  IPv4 58325208      0t0  TCP 192.168.16.38:445 (LISTEN)
smbd      29514          root   43u  IPv4 58325209      0t0  TCP 192.168.16.38:139 (LISTEN)
smbd      29514          root   54u  IPv4 58325220      0t0  TCP 192.168.16.32:445 (LISTEN)
smbd      29514          root   55u  IPv4 58325221      0t0  TCP 192.168.16.32:139 (LISTEN)
nmbd      29520          root    9u  IPv4 58325118      0t0  UDP *:137
nmbd      29520          root   10u  IPv4 58325119      0t0  UDP *:138
nmbd      29520          root   31u  IPv4 58325159      0t0  UDP 192.168.16.38:137
nmbd      29520          root   32u  IPv4 58325160      0t0  UDP 192.168.16.38:138
nmbd      29520          root   43u  IPv4 58325171      0t0  UDP 192.168.16.32:137
nmbd      29520          root   44u  IPv4 58325172      0t0  UDP 192.168.16.32:138


Best regards
Christian

More information about the samba mailing list