samba - Apr 2003 - Samba 2.2.7 as a PDC on FreeBSD 4.8 and a Windows 2K Pro client

I found what looks like a pretty good HOWTO type document at IBM on setting 
up Samba as a PDC.  Samba is up and running using this config.

The client Win2K Pro machine was in an office environment - but not sure if 
it was a NT 4.0 domain env or AD env.  So I'm trying to put it into the 
Samba PDC domain which I've got called NONROUTABLE.  I've followed the 
directions for setting up the machine trust accounts in FreeBSD, adding a 
"root" login into Samba for the first time login "secret"
stuff, etc.

My problem is before the client even talks to Samba.  On the client, I do this:

- Login as LOCAL administrator
- Right click "My Computer" -> Properties
- Goto "Network Identification" tab -> Properties button
- I leave the "Computer name" field as is (which is "gamer")
- Click the Domain radio button and input NONROUTABLE as the domain name
- Then I click OK

(I've also tried using the "Network ID" button and added login
info but I
get the same error below in the end.)

I immediately get an error popup saying:

The following error occurred validating the name "NONROUTABLE".
This condition may be caused by a DNS lookup problem ....<SNIP>
http://go.microsoft.com/fwlink/?LinkId=5171
The specified domain either does not exist or could not be contracted.

Well, this is apparently true.  Ethereal is showing me that client is 
asking my Solaris DNS server for a SRV record for 
"_ldap._tcp.dc._msdcs.NONROUTABLE" which it obviously doesn't have
any idea
what that is.  This is the ONLY traffic I seeing coming from the client 
onto the network.  This is why I say Samba isn't, currently, my problem.

A buddy of mine found this:

http://support.microsoft.com/default.aspx?scid=kb;EN-US;314108

I tried this but I'm still getting the same error.  This email is long 
enough already - I can show where my client's output to "nbtstat
-c" is
/slightly/ different then what Microsoft shows in this InfoDoc.  So I won't 
go down this path unless someone says this is the right direction to go 
down - but I seems VERY much related.

Any thoughts on how to get this client to get around the DNS SRV to talk 
"nice" to the Samba server would be greatly appreciated.  The above
InfoDoc
feels/smells/looks like it might be related.


--
Sean O'Neill
972-661-2232

K - my original post was a little long so I'll try this - short.

I have a Windows 2K Pro client who domain membership I trying to change 
over to a Samba 2.2.7 server which I've setup as a PDC.

When I try to change the membership of the client, I always get the 
following error:

The following error occurred validating the name "NONROUTABLE".
This condition may be caused by a DNS lookup problem ....<SNIP>
http://go.microsoft.com/fwlink/?LinkId=5171
The specified domain either does not exist or could not be contracted.

The only traffic I see coming out of the client during this attempt domain 
membership change is a DNS SRV query to my Solaris DNS server for 
"_ldap._tcp.dc._msdcs.NONROUTABLE".  My Solaris DNS server doesn't
current
support SRV records.  I think I heard a rumor that BIND 9 supposedly 
supports this.

Does anyone know how I can setup my client so that it doesn't look for this 
DNS SRV entry and start talking to my Samba PDC ?


--
Sean O'Neill

At 09:32 AM 4/24/2003 -0500, Sean O'Neill wrote:
>K - my original post was a little long so I'll try this - short.
>
>I have a Windows 2K Pro client who domain membership I trying to change 
>over to a Samba 2.2.7 server which I've setup as a PDC.
>
>When I try to change the membership of the client, I always get the 
>following error:
>
>The following error occurred validating the name "NONROUTABLE".
>This condition may be caused by a DNS lookup problem ....<SNIP>
>http://go.microsoft.com/fwlink/?LinkId=5171
>The specified domain either does not exist or could not be contracted.
>
>The only traffic I see coming out of the client during this attempt domain 
>membership change is a DNS SRV query to my Solaris DNS server for 
>"_ldap._tcp.dc._msdcs.NONROUTABLE".  My Solaris DNS server
doesn't current
>support SRV records.  I think I heard a rumor that BIND 9 supposedly 
>supports this.
>
>Does anyone know how I can setup my client so that it doesn't look for 
>this DNS SRV entry and start talking to my Samba PDC ?
Well, it was a couple of things - just not sure which one or combo of which 
ones.  This is what I did:

- I adjusted the clients network settings check:
   Client for Microsoft Windows
   File and Printer Sharing for Microsoft Windows

These were unchecked.

- I setup Samba to be a WINS server, restarted Samba, updated my client 
network config to use the Samba server as a WINS server, and rebooted the 
client.

- After reviewing my Samba log (after updating the log level to 3), I 
noticed that the log.nmbd file was saying domain logons were not 
enabled.  The IBM article I was using to setup Samba as a PDC had one very 
important option missing in their "Final Cut" page of the smb.conf
file:

domain logons = yes

I fixed that and restart Samba.  I sent IBM an email letting them know 
their tutorial needs fixing on that page.

- Then I went through the usual procedure of changing the machine domain, 
used the "root" login that got setup in Samba, and it worked great.

Now I just have to figure out why a roaming profile directory for a user in 
the Samba doesn't get created correctly in /home/samba/profiles when I 
logged in.  I got an error message saying:

Windows cannot create profile directory 
\\compaq\profiles\soneill.pds.  blah blah blah

BUT I was able to login and the Samba log showed all the activity for the 
WINS registration stuff and everything.  Sweet :)


--
Sean O'Neill