On Fri, Feb 19, 2010 at 09:50:49AM -0800, Edward Quinn
wrote:> I searched but was unable to locate a close match for this case. I doubt
> that Samba was the culprit here, but unus vir nullus vir. Your feedback
> would be appreciated.
>
> Situation:
> Windows clients, mostly WinXP desktops, got "no logon servers are
> available" when trying to access shared directories on fileservers.
The
> Windows domain controllers run Win2k3. Member servers range from NT4 to
> Win2k8, plus three Alpha-VMS platforms running Samba 2.2.8. WINS Manager
> Active Registrations showed the expected IP address for Domain Master
> Browser and Domain Controller. But there was another record matching that
> domain name. It was Type [1Eh]Normal Group Name and had the IP address of
a
> Samba server's secondary network interface.
>
> Immediate Response:
> The lead Windows sysadmin concluded that the Samba server caused
> corruption of the WINS database by improperly assuming the role of domain
> controller or master browser. The SMBD service was then disabled on the
> Samba server, and after that the WINS database was rebuilt and all the
> Windows servers were rebooted. Users were back to normal the next day.
>
> Corrective Action Proposed:
> The Samba server in question has primary and secondary NICs in the same
> subnet. The "interfaces" configuration option is blank. Other
global
> settings include:
> security = DOMAIN
> domain logons = No
> os level = 20
> preferred master = No
> local master = No
> domain master = No
> wins server = 192.168.1.20
> wins support = No
> After reviewing the configuration, the Windows lead recommended setting
> "os level" to 1 before re-enabling Samba in order to prevent
future WINS
> corruption problems. Samba V2.2.8 had been running on several VMS hosts
for
> more than 8 months using the settings shown. All participated as members of
> the Windows domain and shared directories on the network without incident.
Given those settings nmbd shouldn't be announcing itself as a DC.
But Samba 2.2.x is *very* old, and it's hard to say if that
could have been a bug from that time.
Jeremy.