wbinfo -t and Win2K DCs ...

Esh, Andrew AEsh at tricord.com
Fri May 3 07:11:13 GMT 2002 

This doesn't match my results. I get good wbinfo replies when I have Samba
2.2.3a joined into a Win2K domain. In fact, we did a bunch of domain
controller failure testing in such a domain, to make sure we had our
solution right. We didn't see any difference between Win2K and our WinNT
results, as far as authentication goes. (We noticed Microsoft removed the
"NET ACCOUNTS /SYNC" command in Win2K, which made testing harder, but that's
another story.)

I am also certain that Win2K domain controllers advertise the #1c service.

Here's a PDC I use for testing which runs Win2K (os version 5.0):

[root at pluto source]# rpcclient //PDCNATIVE -W ENDURONATIVE -U Administrator
-c srvinfo
...
Domain=[ENDURONATIVE] OS=[Windows 5.0] Server=[Windows 2000 LAN Manager]
cmd = srvinfo
srvinfo
	PDCNATIVE      Wk Sv PDC Tim NT LMB 
	platform_id     :	500
	os version      :	5.0
	server type     :	0x204102b

And this shows that it registers the #1c service:

[root at pluto source]# nmblookup -A 10.10.16.21
Looking up status of 10.10.16.21
	PDCNATIVE       <00> -         M <ACTIVE> 
	ENDURONATIVE    <00> - <GROUP> M <ACTIVE> 
	ENDURONATIVE    <1c> - <GROUP> M <ACTIVE> 
	PDCNATIVE       <20> -         M <ACTIVE> 
	ENDURONATIVE    <1b> -         M <ACTIVE> 
	ENDURONATIVE    <1e> - <GROUP> M <ACTIVE> 
	PDCNATIVE       <03> -         M <ACTIVE> 
	ENDURONATIVE    <1d> -         M <ACTIVE> 
	..__MSBROWSE__. <01> - <GROUP> M <ACTIVE> 
	INet~Services   <1c> - <GROUP> M <ACTIVE> 
	IS~PDCNATIVE    <00> -         M <ACTIVE> 

Here's my advice:

Do an nmblookup (as above) on your PDC. You can also use nbtstat on Windows
the same way. Look for a listing of the #1c service, and make sure it's not
marked with a "Conflict" or "Deregistered" flag. I have had two different
domain controllers in different domains wind up with their "Conflict" flag
set, which caused Samba authentication not to happen. If you have a
conflict, try rebooting the PDC. If the #1c service is not listed, try
rebooting.

Also, log level 10 during a wbinfo -t may help you to understand why it's
failing.

-----Original Message-----
From: Richard Sharpe [mailto:rsharpe at ns.aus.com]
Sent: Thursday, May 02, 2002 7:09 PM
To: samba-technical at samba.org
Subject: wbinfo -t and Win2K DCs ...


Hi,

I have run into a spot of bother with wbinfo and Win2K.

We run Samba as a member server from a Win2K DC.

We join the DC correctly, but wbinfo -t does not work.

This seems to be because the WINS server running on the Win2K DC will not 
answer queries looking for DOMAIN#1c.

However, I know we have joined because wbinfo -u works.

Has anyone seen this? Is there a solution on the DC, or do I have to hack 
winbindd to be able to look up the DC correctly?
 
Regards
-----
Richard Sharpe, rsharpe at ns.aus.com, rsharpe at samba.org, 
sharpe at ethereal.com

-------------- next part --------------
HTML attachment scrubbed and removed

More information about the samba-technical mailing list