samba - Aug 2003 - PDC + LDAP + W2K-SP4 Domain logon

Dear all,


___Setup: 
- several wINDOWS 2000 workstations on SP4 (reg-patches applied, they 
worked on 2.x-stable)
- Samba PDC (CVS 3.0.0rc2) (machine accounts added aswell as users in 
unix & samba)
- OpenLDAP (2.1.12) <-- (Not really relevant since I tried without ldap 
too, so no info about that from this point)
- Linux <HOSTNAME> 2.4.19 #1 Fri Jun 13 15:22:09 UTC 2003 i686 unknown 
(debian)

(- also tried Samba PDC (2.x.stable))
_________

___My Problem:
Since attempting to upgrade to Samba 3.0 clients are unable to logon to 
my samba-domain.
______________


___Scenario:
at server side(linux samba PDC):

- 'testparm' command succeeds.
- Samba PDC started with all systems up and running (smbd/nmbd/winbindd)
- Tests through 'net join' command succeeds.
- Test through 'smbclient -L <my samba PDC>' succeeds aswell.
*- Test through 'smbclient -L <a windows 200 machine>'
FAILS<partial>!
Result:
<snip>
        Sharename      Type      Comment
        ---------      ----      -------
        E$             Disk      Default share
        IPC$           IPC       Remote IPC
        ADMIN$         Disk      Remote Admin
        C$             Disk      Default share
	session request to <w2kmachine> failed (Called name not present)
	session request to *SMBSERVER failed (Called name not present)
	NetBIOS over TCP disabled -- no workgroup available
</snip>
	*quite strange error since it returns the shares?!

---> going on anyway --->

at client side(w2k):

- login on client with local administrator-account.
- browsing network IFS results in seeing only 
  the windows-2000 machines in the network and NOT the samba PDC.
- if I attempt to connect to '\\<my samba pdc>' I do get a request
  for my login and password. Login works and I can browse shares.
- I use 'net use * /d /yes' to be able to join the domain with a 
clean-sheet.
- if I attempt to join the domain IFS I get the following error:
<snip>
	The following error ocurred validating the name "IFS".
	This condition may be caused by a DNS lookup problem. 
	For information about troubleshooting common DNS lookup problems,
	please see the following Microsoft web site:
	http://go.microsoft.com/fwlink/?LinkId=5171
	
	The specified domain either does not exist or could not be 
contacted.
						[ OK ]
</snip>
  went to the link and followed instruction in how far possible with 
Samba 
  and saw something about the _ldap._tcp.dc_msdcs record.
  added that (_tcp._ldap.dc._msdcs.ifs. SRV 0 0 0 .) to my config, but 
still no succes 
  (thought that wouldn't do much anyway, since the link says it's only 
to reduce unneccessary traffic). 
  Samba show's _only changes in nmbd-logfile_:
<snip>
	[2003/08/25 14:30:00, 4] 
nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(156)
	  find_workgroup_on_subnet: workgroup search for IFS on subnet 
10.21.32.1: found.
	[2003/08/25 14:30:00, 4] 
nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(156)
	  find_workgroup_on_subnet: workgroup search for IFS on subnet 
UNICAST_SUBNET: found.
	[2003/08/25 14:30:00, 4] 
nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(156)
	  find_workgroup_on_subnet: workgroup search for IFS on subnet 
UNICAST_SUBNET: found.
	[2003/08/25 14:30:05, 4] 
nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(156)
	  find_workgroup_on_subnet: workgroup search for IFS on subnet 
10.21.32.1: found.
	[2003/08/25 14:30:05, 4] 
nmbd/nmbd_workgroupdb.c:dump_workgroups(284)
	  dump_workgroups()
	   dump workgroup on subnet      10.21.32.1: netmask=  
255.255.255.0:
	        IFS(1) current master browser = <sambaserver>
	                <sambaserver> 400c992b (Samba CVS 3.0.0rc2)
	[2003/08/25 14:30:05, 4] 
nmbd/nmbd_workgroupdb.c:dump_workgroups(284)
	  dump_workgroups()
	   dump workgroup on subnet  UNICAST_SUBNET: netmask=     
10.21.32.1:
	        IFS(1) current master browser = UNKNOWN
	                <sambaserver> 4009992b (Samba CVS 3.0.0rc2)
	[2003/08/25 14:30:05, 4] 
nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(156)
	  find_workgroup_on_subnet: workgroup search for IFS on subnet 
UNICAST_SUBNET: found.
	[2003/08/25 14:30:05, 4] 
nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(156)
	  find_workgroup_on_subnet: workgroup search for IFS on subnet 
UNICAST_SUBNET: found.
	[2003/08/25 14:30:10, 4] 
nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(156)
	  find_workgroup_on_subnet: workgroup search for IFS on subnet 
10.21.32.1: found.
	[2003/08/25 14:30:10, 4] 
nmbd/nmbd_workgroupdb.c:dump_workgroups(284)
	  dump_workgroups()
	   dump workgroup on subnet      10.21.32.1: netmask=  
255.255.255.0:
	        IFS(1) current master browser = <sambaserver>
	                <sambaserver> 400c992b (Samba CVS 3.0.0rc2)
	[2003/08/25 14:30:10, 4] 
nmbd/nmbd_workgroupdb.c:dump_workgroups(284)
	  dump_workgroups()
	   dump workgroup on subnet  UNICAST_SUBNET: netmask=     
10.21.32.1:
	        IFS(1) current master browser = UNKNOWN
	                <sambaserver> 4009992b (Samba CVS 3.0.0rc2)
	[2003/08/25 14:30:10, 4] 
nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(156)
	  find_workgroup_on_subnet: workgroup search for IFS on subnet 
UNICAST_SUBNET: found.
	[2003/08/25 14:30:10, 4] 
nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(156)
	  find_workgroup_on_subnet: workgroup search for IFS on subnet 
UNICAST_SUBNET: found.
</snip>

  and in tcpdump:

<snip>
	14:27:21.179535 <w2kmachine>.ifs.1700 >
<sambaserver>.ifs.domain:
25834+ SRV ? _ldap._tcp.dc._msdcs.ifs. (42)
	14:27:21.179702 <sambaserver>.ifs.domain >
<w2kmachine>.ifs.1700:
25834 NXDomain* 0/1/0 (105) (DF)
	14:27:21.180559 <w2kmachine>.ifs.netbios-dgm > 
<sambaserver>.ifs.netbios-dgm:
	>>> NBT UDP PACKET(138) Res=0x110E ID=0x81A9 IP=10 (0xa).21 
(0x15).32 (0x20).238 (0xee) Port=138 (0x8a) Length=229 (0xe5) 	Res2= 
0x0
	SourceName=<w2kmachine>           NameType=0x00 (Workstation)
	DestName=IFS             NameType=0x1C (Unknown)

	SMB PACKET: SMBtrans (REQUEST)

	
	14:27:26.180442 <w2kmachine>.ifs.netbios-dgm > 
<sambaserver>.ifs.netbios-dgm:
	>>> NBT UDP PACKET(138) Res=0x110E ID=0x81AA IP=10 (0xa).21 
(0x15).32 (0x20).238 (0xee) Port=138 (0x8a) Length=229 (0xe5) Res2=0x0
	SourceName=<w2kmachine>           NameType=0x00 (Workstation)
	DestName=IFS             NameType=0x1C (Unknown)

	SMB PACKET: SMBtrans (REQUEST)


	14:27:26.181114 <sambaserver>.ifs.netbios-dgm > 
10.21.32.255.netbios-dgm:
	>>> NBT UDP PACKET(138) Res=0x110A ID=0x7EE4 IP=10 (0xa).21 
(0x15).32 (0x20).1 (0x1) Port=138 (0x8a) Length=205 (0xcd) Res2=0x0
	SourceName=<sambaserver>      NameType=0x00 (Workstation)
	DestName=IFS             NameType=0x1D (Master Browser)

	SMB PACKET: SMBtrans (REQUEST)

	 (DF)
	14:27:27.459152 205.188.12.20.5190 > <w2kmachine>.ifs.1104: P 
1912445612:1912445720(108) ack 2118659303 win 16384 (DF)
	14:27:27.599945 <w2kmachine>.ifs.1104 > 205.188.12.20.5190: . ack 
108 win 64767 (DF)
	14:27:31.180328 <w2kmachine>.ifs.netbios-dgm > 
<sambaserver>.ifs.netbios-dgm:
	>>> NBT UDP PACKET(138) Res=0x110E ID=0x81AB IP=10 (0xa).21 
(0x15).32 (0x20).238 (0xee) Port=138 (0x8a) Length=229 (0xe5) Res2=0x0
	SourceName=<w2kmachine>           NameType=0x00 (Workstation)
	DestName=IFS             NameType=0x1C (Unknown)
	
	SMB PACKET: SMBtrans (REQUEST)
</snip>


- Now for the suprise...
  - I was at home and still wanting to try to get this up and running 
    last weekend, so I logged on into our VPN from a Windows 2000 
(Service Pack 2!!) machine
    and attempted to logon to our domain. And suprise... it worked. 
    So i try it again now (monday), at my work, and I get the 
   "The specified domain either does not exist or could not be 
contacted."-error again.
____________

___Conclusion:
- somewhere from Service Pack 3 (I believe but not sure since I upgraded 
directly from 2 to 4) 
  and on, Windows starts looking for an Active Directory when login on 
to a domain.
  I don't know what it does afterwards, but it won't talk to my Samba 
PDC.
  I've been looking around for the past few days and I could not find 
ANYTHING with a solution.
______________

__My configuration file:

- smb.conf
<snip>
# Global parameters
[global]
        dos charset = ISO8859-15
        unix charset = CP850
        display charset = CP850
        workgroup = IFS
        netbios name = FILESERVER
        interfaces = lo, 127.0.0.0/255.0.0.0, eth0, 
10.21.32.0/255.255.255.0
        bind interfaces only = Yes
        auth methods = sam
        server schannel = Yes
        password server = 10.21.32.1
        passdb backend = ldapsam:ldap://10.21.32.1
        unix password sync = No
        client lanman auth = No
        client plaintext auth = No
        log level = 4
        syslog = 10
        log file = /var/log/samba/%m
        name resolve order = bcast wins hosts
        time server = Yes
        keepalive = 255
        socket options = TCP_NODELAY SO_KEEPALIVE SO_SNDBUF=8192 
SO_RCVBUF=8192
        load printers = No
        printcap name = cups
        logon drive = z:
        logon home = \\%L\%U
        domain logons = Yes
        os level = 64
        preferred master = Yes
        domain master = Yes
        wins support = Yes
        ldap suffix = o=ifs,c=nl
        ldap machine suffix = sambaDomainName=IFS,ou=Server 
Services,o=ifs,c=nl
        ldap user suffix = ou=People,o=ifs,c=nl			
        ldap group suffix = ou=People Groups,o=ifs,c=nl
        ldap idmap suffix = o=ifs,c=nl
        ldap admin dn = cn=root,o=ifs,c=nl
        remote announce = 10.21.32.255/IFS
        idmap uid = 10000-20000
        idmap gid = 10000-20000
        admin users = adminisrtator

[homes]
        comment = Home Directory
        read only = No
        browseable = No

[netlogon]
        comment = Network Logon Service
        path = /home/services/samba/netlogon
        guest ok = Yes
        share modes = No

[Profiles]
        path = /home/services/samba/profiles
        guest ok = Yes
        browseable = No

[data]
        comment = IFS's shared files
        path = /home/ifs/data
        read only = No
        force create mode = 0771
        force directory mode = 0775
</snip>
_________________________


I also tried to install the older version again 
(samba 2.x.stable (standard debian-package) without LDAP and with 
smbpasswd file), 
but no luck...

I am completely out of ideas and believe I tried everything possible....
Hope someone can explain me this mystical behaviour all of a sudden...

Kind Regards,
Bjorn Padding
IFS Audio Visuals

This may be a long shot, but does your work environment use a WINS server?

I found out recently that mine does, and by changing WINS support = yes
to WINS server = 'ip address', i got the domain thing to work. I kept
getting the same error you did.

Cheers
S

On Mon, 25 Aug 2003 15:09:05 +0200 bjorn.padding@ifsaudiovisueel.nl wrote:
> Dear all,
> 
> 
> ___Setup: 
> - several wINDOWS 2000 workstations on SP4 (reg-patches applied, they 
> worked on 2.x-stable)
> - Samba PDC (CVS 3.0.0rc2) (machine accounts added aswell as users in 
> unix & samba)
> - OpenLDAP (2.1.12) <-- (Not really relevant since I tried without ldap 
> too, so no info about that from this point)
> - Linux <HOSTNAME> 2.4.19 #1 Fri Jun 13 15:22:09 UTC 2003 i686
unknown
> (debian)
> 
> (- also tried Samba PDC (2.x.stable))
> _________
> 
> ___My Problem:
> Since attempting to upgrade to Samba 3.0 clients are unable to logon to 
> my samba-domain.
> ______________
> 
> 
> ___Scenario:
> at server side(linux samba PDC):
> 
> - 'testparm' command succeeds.
> - Samba PDC started with all systems up and running (smbd/nmbd/winbindd)
> - Tests through 'net join' command succeeds.
> - Test through 'smbclient -L <my samba PDC>' succeeds aswell.
> *- Test through 'smbclient -L <a windows 200 machine>'
FAILS<partial>!
> Result:
> <snip>
>         Sharename      Type      Comment
>         ---------      ----      -------
>         E$             Disk      Default share
>         IPC$           IPC       Remote IPC
>         ADMIN$         Disk      Remote Admin
>         C$             Disk      Default share
> 	session request to <w2kmachine> failed (Called name not present)
> 	session request to *SMBSERVER failed (Called name not present)
> 	NetBIOS over TCP disabled -- no workgroup available
> </snip>
> 	*quite strange error since it returns the shares?!
> 
> ---> going on anyway --->
> 
> at client side(w2k):
> 
> - login on client with local administrator-account.
> - browsing network IFS results in seeing only 
>   the windows-2000 machines in the network and NOT the samba PDC.
> - if I attempt to connect to '\\<my samba pdc>' I do get a
request
>   for my login and password. Login works and I can browse shares.
> - I use 'net use * /d /yes' to be able to join the domain with a 
> clean-sheet.
> - if I attempt to join the domain IFS I get the following error:
> <snip>
> 	The following error ocurred validating the name "IFS".
> 	This condition may be caused by a DNS lookup problem. 
> 	For information about troubleshooting common DNS lookup problems,
> 	please see the following Microsoft web site:
> 	http://go.microsoft.com/fwlink/?LinkId=5171
> 	
> 	The specified domain either does not exist or could not be 
> contacted.
> 						[ OK ]
> </snip>
>   went to the link and followed instruction in how far possible with 
> Samba 
>   and saw something about the _ldap._tcp.dc_msdcs record.
>   added that (_tcp._ldap.dc._msdcs.ifs. SRV 0 0 0 .) to my config, but 
> still no succes 
>   (thought that wouldn't do much anyway, since the link says it's
only
> to reduce unneccessary traffic). 
>   Samba show's _only changes in nmbd-logfile_:
> <snip>
> 	[2003/08/25 14:30:00, 4] 
> nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(156)
> 	  find_workgroup_on_subnet: workgroup search for IFS on subnet 
> 10.21.32.1: found.
> 	[2003/08/25 14:30:00, 4] 
> nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(156)
> 	  find_workgroup_on_subnet: workgroup search for IFS on subnet 
> UNICAST_SUBNET: found.
> 	[2003/08/25 14:30:00, 4] 
> nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(156)
> 	  find_workgroup_on_subnet: workgroup search for IFS on subnet 
> UNICAST_SUBNET: found.
> 	[2003/08/25 14:30:05, 4] 
> nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(156)
> 	  find_workgroup_on_subnet: workgroup search for IFS on subnet 
> 10.21.32.1: found.
> 	[2003/08/25 14:30:05, 4] 
> nmbd/nmbd_workgroupdb.c:dump_workgroups(284)
> 	  dump_workgroups()
> 	   dump workgroup on subnet      10.21.32.1: netmask=  
> 255.255.255.0:
> 	        IFS(1) current master browser = <sambaserver>
> 	                <sambaserver> 400c992b (Samba CVS 3.0.0rc2)
> 	[2003/08/25 14:30:05, 4] 
> nmbd/nmbd_workgroupdb.c:dump_workgroups(284)
> 	  dump_workgroups()
> 	   dump workgroup on subnet  UNICAST_SUBNET: netmask=     
> 10.21.32.1:
> 	        IFS(1) current master browser = UNKNOWN
> 	                <sambaserver> 4009992b (Samba CVS 3.0.0rc2)
> 	[2003/08/25 14:30:05, 4] 
> nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(156)
> 	  find_workgroup_on_subnet: workgroup search for IFS on subnet 
> UNICAST_SUBNET: found.
> 	[2003/08/25 14:30:05, 4] 
> nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(156)
> 	  find_workgroup_on_subnet: workgroup search for IFS on subnet 
> UNICAST_SUBNET: found.
> 	[2003/08/25 14:30:10, 4] 
> nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(156)
> 	  find_workgroup_on_subnet: workgroup search for IFS on subnet 
> 10.21.32.1: found.
> 	[2003/08/25 14:30:10, 4] 
> nmbd/nmbd_workgroupdb.c:dump_workgroups(284)
> 	  dump_workgroups()
> 	   dump workgroup on subnet      10.21.32.1: netmask=  
> 255.255.255.0:
> 	        IFS(1) current master browser = <sambaserver>
> 	                <sambaserver> 400c992b (Samba CVS 3.0.0rc2)
> 	[2003/08/25 14:30:10, 4] 
> nmbd/nmbd_workgroupdb.c:dump_workgroups(284)
> 	  dump_workgroups()
> 	   dump workgroup on subnet  UNICAST_SUBNET: netmask=     
> 10.21.32.1:
> 	        IFS(1) current master browser = UNKNOWN
> 	                <sambaserver> 4009992b (Samba CVS 3.0.0rc2)
> 	[2003/08/25 14:30:10, 4] 
> nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(156)
> 	  find_workgroup_on_subnet: workgroup search for IFS on subnet 
> UNICAST_SUBNET: found.
> 	[2003/08/25 14:30:10, 4] 
> nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(156)
> 	  find_workgroup_on_subnet: workgroup search for IFS on subnet 
> UNICAST_SUBNET: found.
> </snip>
> 
>   and in tcpdump:
> 
> <snip>
> 	14:27:21.179535 <w2kmachine>.ifs.1700 >
<sambaserver>.ifs.domain:
> 25834+ SRV ? _ldap._tcp.dc._msdcs.ifs. (42)
> 	14:27:21.179702 <sambaserver>.ifs.domain >
<w2kmachine>.ifs.1700:
> 25834 NXDomain* 0/1/0 (105) (DF)
> 	14:27:21.180559 <w2kmachine>.ifs.netbios-dgm > 
> <sambaserver>.ifs.netbios-dgm:
> 	>>> NBT UDP PACKET(138) Res=0x110E ID=0x81A9 IP=10 (0xa).21 
> (0x15).32 (0x20).238 (0xee) Port=138 (0x8a) Length=229 (0xe5) 	Res2= 
> 0x0
> 	SourceName=<w2kmachine>           NameType=0x00 (Workstation)
> 	DestName=IFS             NameType=0x1C (Unknown)
> 
> 	SMB PACKET: SMBtrans (REQUEST)
> 
> 	
> 	14:27:26.180442 <w2kmachine>.ifs.netbios-dgm > 
> <sambaserver>.ifs.netbios-dgm:
> 	>>> NBT UDP PACKET(138) Res=0x110E ID=0x81AA IP=10 (0xa).21 
> (0x15).32 (0x20).238 (0xee) Port=138 (0x8a) Length=229 (0xe5) Res2=0x0
> 	SourceName=<w2kmachine>           NameType=0x00 (Workstation)
> 	DestName=IFS             NameType=0x1C (Unknown)
> 
> 	SMB PACKET: SMBtrans (REQUEST)
> 
> 
> 	14:27:26.181114 <sambaserver>.ifs.netbios-dgm > 
> 10.21.32.255.netbios-dgm:
> 	>>> NBT UDP PACKET(138) Res=0x110A ID=0x7EE4 IP=10 (0xa).21 
> (0x15).32 (0x20).1 (0x1) Port=138 (0x8a) Length=205 (0xcd) Res2=0x0
> 	SourceName=<sambaserver>      NameType=0x00 (Workstation)
> 	DestName=IFS             NameType=0x1D (Master Browser)
> 
> 	SMB PACKET: SMBtrans (REQUEST)
> 
> 	 (DF)
> 	14:27:27.459152 205.188.12.20.5190 > <w2kmachine>.ifs.1104: P 
> 1912445612:1912445720(108) ack 2118659303 win 16384 (DF)
> 	14:27:27.599945 <w2kmachine>.ifs.1104 > 205.188.12.20.5190: . ack
> 108 win 64767 (DF)
> 	14:27:31.180328 <w2kmachine>.ifs.netbios-dgm > 
> <sambaserver>.ifs.netbios-dgm:
> 	>>> NBT UDP PACKET(138) Res=0x110E ID=0x81AB IP=10 (0xa).21 
> (0x15).32 (0x20).238 (0xee) Port=138 (0x8a) Length=229 (0xe5) Res2=0x0
> 	SourceName=<w2kmachine>           NameType=0x00 (Workstation)
> 	DestName=IFS             NameType=0x1C (Unknown)
> 	
> 	SMB PACKET: SMBtrans (REQUEST)
> </snip>
> 
> 
> - Now for the suprise...
>   - I was at home and still wanting to try to get this up and running 
>     last weekend, so I logged on into our VPN from a Windows 2000 
> (Service Pack 2!!) machine
>     and attempted to logon to our domain. And suprise... it worked. 
>     So i try it again now (monday), at my work, and I get the 
>    "The specified domain either does not exist or could not be 
> contacted."-error again.
> ____________
> 
> ___Conclusion:
> - somewhere from Service Pack 3 (I believe but not sure since I upgraded 
> directly from 2 to 4) 
>   and on, Windows starts looking for an Active Directory when login on 
> to a domain.
>   I don't know what it does afterwards, but it won't talk to my
Samba
> PDC.
>   I've been looking around for the past few days and I could not find 
> ANYTHING with a solution.
> ______________
> 
> __My configuration file:
> 
> - smb.conf
> <snip>
> # Global parameters
> [global]
>         dos charset = ISO8859-15
>         unix charset = CP850
>         display charset = CP850
>         workgroup = IFS
>         netbios name = FILESERVER
>         interfaces = lo, 127.0.0.0/255.0.0.0, eth0, 
> 10.21.32.0/255.255.255.0
>         bind interfaces only = Yes
>         auth methods = sam
>         server schannel = Yes
>         password server = 10.21.32.1
>         passdb backend = ldapsam:ldap://10.21.32.1
>         unix password sync = No
>         client lanman auth = No
>         client plaintext auth = No
>         log level = 4
>         syslog = 10
>         log file = /var/log/samba/%m
>         name resolve order = bcast wins hosts
>         time server = Yes
>         keepalive = 255
>         socket options = TCP_NODELAY SO_KEEPALIVE SO_SNDBUF=8192 
> SO_RCVBUF=8192
>         load printers = No
>         printcap name = cups
>         logon drive = z:
>         logon home = \\%L\%U
>         domain logons = Yes
>         os level = 64
>         preferred master = Yes
>         domain master = Yes
>         wins support = Yes
>         ldap suffix = o=ifs,c=nl
>         ldap machine suffix = sambaDomainName=IFS,ou=Server 
> Services,o=ifs,c=nl
>         ldap user suffix = ou=People,o=ifs,c=nl			
>         ldap group suffix = ou=People Groups,o=ifs,c=nl
>         ldap idmap suffix = o=ifs,c=nl
>         ldap admin dn = cn=root,o=ifs,c=nl
>         remote announce = 10.21.32.255/IFS
>         idmap uid = 10000-20000
>         idmap gid = 10000-20000
>         admin users = adminisrtator
> 
> [homes]
>         comment = Home Directory
>         read only = No
>         browseable = No
> 
> [netlogon]
>         comment = Network Logon Service
>         path = /home/services/samba/netlogon
>         guest ok = Yes
>         share modes = No
> 
> [Profiles]
>         path = /home/services/samba/profiles
>         guest ok = Yes
>         browseable = No
> 
> [data]
>         comment = IFS's shared files
>         path = /home/ifs/data
>         read only = No
>         force create mode = 0771
>         force directory mode = 0775
> </snip>
> _________________________
> 
> 
> I also tried to install the older version again 
> (samba 2.x.stable (standard debian-package) without LDAP and with 
> smbpasswd file), 
> but no luck...
> 
> I am completely out of ideas and believe I tried everything possible....
> Hope someone can explain me this mystical behaviour all of a sudden...
> 
> Kind Regards,
> Bjorn Padding
> IFS Audio Visuals
> 
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>

This is strange that it worked for you, because testparm tells me that
if you use "wins support = yes" && "wins server =
<wins server IP>" at
the same time, then smbd would not start. Anyway, I tried and it doesn't 
work...


Anybody else??

> This may be a long shot, but does your work environment use a WINS 
server?
>
> I found out recently that mine does, and by changing WINS support = 
yes
> to WINS server = 'ip address', i got the domain thing to work. I
kept
> getting the same error you did.
> 
> Cheers
> S
> 
> On Mon, 25 Aug 2003 15:09:05 +0200 bjorn.padding at ifsaudiovisueel.nl 
wrote:
> 
> >  Dear all,
> > 
> > 
> >  ___Setup:
> >  - several wINDOWS 2000 workstations on SP4 (reg-patches applied, 
they
> >  worked on 2.x-stable)
> >  - Samba PDC (CVS 3.0.0rc2) (machine accounts added aswell as users 
in
> >  unix & samba)
> >  - OpenLDAP (2.1.12) <-- (Not really relevant since I tried without
ldap
> >  too, so no info about that from this point)
> >  - Linux <HOSTNAME> 2.4.19 #1 Fri Jun 13 15:22:09 UTC 2003 i686 
unknown
> >  (debian)
> > 
> >  (- also tried Samba PDC (2.x.stable))
> >  _________
> > 
> >  ___My Problem:
> >  Since attempting to upgrade to Samba 3.0 clients are unable to 
logon to
> >  my samba-domain.
> >  ______________
> > 
> > 
> >  ___Scenario:
> >  at server side(linux samba PDC):
> > 
> >  - 'testparm' command succeeds.
> >  - Samba PDC started with all systems up and running 
(smbd/nmbd/winbindd)
> >  - Tests through 'net join' command succeeds.
> >  - Test through 'smbclient -L <my samba PDC>' succeeds
aswell.
> >  *- Test through 'smbclient -L <a windows 200 machine>' 
FAILS<partial>! 
> >  Result:
> >  <snip>
> >          Sharename      Type      Comment
> >          ---------      ----      -------
> >          E$             Disk      Default share
> >          IPC$           IPC       Remote IPC
> >          ADMIN$         Disk      Remote Admin
> >          C$             Disk      Default share
> >        session request to <w2kmachine> failed (Called name not 
present)
> >        session request to *SMBSERVER failed (Called name not 
present)
> >        NetBIOS over TCP disabled -- no workgroup available
> >  </snip>
> >        *quite strange error since it returns the shares?!
> > 
> >  ---> going on anyway --->
> > 
> >  at client side(w2k):
> > 
> >  - login on client with local administrator-account.
> >  - browsing network IFS results in seeing only
> >    the windows-2000 machines in the network and NOT the samba PDC.
> >  - if I attempt to connect to '\\<my samba pdc>' I do
get a request
> >    for my login and password. Login works and I can browse shares.
> >  - I use 'net use * /d /yes' to be able to join the domain
with a
> >  clean-sheet.
> >  - if I attempt to join the domain IFS I get the following error:
> >  <snip>
> >        The following error ocurred validating the name
"IFS".
> >        This condition may be caused by a DNS lookup problem.
> >        For information about troubleshooting common DNS lookup 
problems,
> >        please see the following Microsoft web site:
> >        http://go.microsoft.com/fwlink/?LinkId=5171
> >       
> >        The specified domain either does not exist or could not be
> >  contacted.
> >                                                [ OK ]
> >  </snip>
> >    went to the link and followed instruction in how far possible 
with
> >  Samba
> >    and saw something about the _ldap._tcp.dc_msdcs record.
> >    added that (_tcp._ldap.dc._msdcs.ifs. SRV 0 0 0 .) to my config, 
but
> >  still no succes
> >    (thought that wouldn't do much anyway, since the link says
it's
only
> >  to reduce unneccessary traffic).
> >    Samba show's _only changes in nmbd-logfile_:
> >  <snip>
> >        [2003/08/25 14:30:00, 4]
> >  nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(156)
> >          find_workgroup_on_subnet: workgroup search for IFS on 
subnet
> >  10.21.32.1: found.
> >        [2003/08/25 14:30:00, 4]
> >  nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(156)
> >          find_workgroup_on_subnet: workgroup search for IFS on 
subnet
> >  UNICAST_SUBNET: found.
> >        [2003/08/25 14:30:00, 4]
> >  nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(156)
> >          find_workgroup_on_subnet: workgroup search for IFS on 
subnet
> >  UNICAST_SUBNET: found.
> >        [2003/08/25 14:30:05, 4]
> >  nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(156)
> >          find_workgroup_on_subnet: workgroup search for IFS on 
subnet
> >  10.21.32.1: found.
> >        [2003/08/25 14:30:05, 4]
> >  nmbd/nmbd_workgroupdb.c:dump_workgroups(284)
> >          dump_workgroups()
> >           dump workgroup on subnet      10.21.32.1: netmask= 
> >  255.255.255.0:
> >                IFS(1) current master browser = <sambaserver>
> >                        <sambaserver> 400c992b (Samba CVS
3.0.0rc2)
> >        [2003/08/25 14:30:05, 4]
> >  nmbd/nmbd_workgroupdb.c:dump_workgroups(284)
> >          dump_workgroups()
> >           dump workgroup on subnet  UNICAST_SUBNET: netmask=    
> >  10.21.32.1:
> >                IFS(1) current master browser = UNKNOWN
> >                        <sambaserver> 4009992b (Samba CVS
3.0.0rc2)
> >        [2003/08/25 14:30:05, 4]
> >  nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(156)
> >          find_workgroup_on_subnet: workgroup search for IFS on 
subnet
> >  UNICAST_SUBNET: found.
> >        [2003/08/25 14:30:05, 4]
> >  nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(156)
> >          find_workgroup_on_subnet: workgroup search for IFS on 
subnet
> >  UNICAST_SUBNET: found.
> >        [2003/08/25 14:30:10, 4]
> >  nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(156)
> >          find_workgroup_on_subnet: workgroup search for IFS on 
subnet
> >  10.21.32.1: found.
> >        [2003/08/25 14:30:10, 4]
> >  nmbd/nmbd_workgroupdb.c:dump_workgroups(284)
> >          dump_workgroups()
> >           dump workgroup on subnet      10.21.32.1: netmask= 
> >  255.255.255.0:
> >                IFS(1) current master browser = <sambaserver>
> >                        <sambaserver> 400c992b (Samba CVS
3.0.0rc2)
> >        [2003/08/25 14:30:10, 4]
> >  nmbd/nmbd_workgroupdb.c:dump_workgroups(284)
> >          dump_workgroups()
> >           dump workgroup on subnet  UNICAST_SUBNET: netmask=    
> >  10.21.32.1:
> >                IFS(1) current master browser = UNKNOWN
> >                        <sambaserver> 4009992b (Samba CVS
3.0.0rc2)
> >        [2003/08/25 14:30:10, 4]
> >  nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(156)
> >          find_workgroup_on_subnet: workgroup search for IFS on 
subnet
> >  UNICAST_SUBNET: found.
> >        [2003/08/25 14:30:10, 4]
> >  nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(156)
> >          find_workgroup_on_subnet: workgroup search for IFS on 
subnet
> >  UNICAST_SUBNET: found.
> >  </snip>
> > 
> >    and in tcpdump:
> > 
> >  <snip>
> >        14:27:21.179535 <w2kmachine>.ifs.1700 > 
<sambaserver>.ifs.domain: 
> >  25834+ SRV ? _ldap._tcp.dc._msdcs.ifs. (42)
> >        14:27:21.179702 <sambaserver>.ifs.domain > 
<w2kmachine>.ifs.1700: 
> >  25834 NXDomain* 0/1/0 (105) (DF)
> >        14:27:21.180559 <w2kmachine>.ifs.netbios-dgm >
> >  <sambaserver>.ifs.netbios-dgm:
> >        >>> NBT UDP PACKET(138) Res=0x110E ID=0x81A9 IP=10
(0xa).21
> >  (0x15).32 (0x20).238 (0xee) Port=138 (0x8a) Length=229 (0xe5)       
  Res2> >  0x0
> >        SourceName=<w2kmachine>           NameType=0x00
(Workstation)
> >        DestName=IFS             NameType=0x1C (Unknown)
> > 
> >        SMB PACKET: SMBtrans (REQUEST)
> > 
> >       
> >        14:27:26.180442 <w2kmachine>.ifs.netbios-dgm >
> >  <sambaserver>.ifs.netbios-dgm:
> >        >>> NBT UDP PACKET(138) Res=0x110E ID=0x81AA IP=10
(0xa).21
> >  (0x15).32 (0x20).238 (0xee) Port=138 (0x8a) Length=229 (0xe5) 
Res2=0x0
> >        SourceName=<w2kmachine>           NameType=0x00
(Workstation)
> >        DestName=IFS             NameType=0x1C (Unknown)
> > 
> >        SMB PACKET: SMBtrans (REQUEST)
> > 
> > 
> >        14:27:26.181114 <sambaserver>.ifs.netbios-dgm >
> >  10.21.32.255.netbios-dgm:
> >        >>> NBT UDP PACKET(138) Res=0x110A ID=0x7EE4 IP=10
(0xa).21
> >  (0x15).32 (0x20).1 (0x1) Port=138 (0x8a) Length=205 (0xcd) Res2=0x0
> >        SourceName=<sambaserver>      NameType=0x00 (Workstation)
> >        DestName=IFS             NameType=0x1D (Master Browser)
> > 
> >        SMB PACKET: SMBtrans (REQUEST)
> > 
> >         (DF)
> >        14:27:27.459152 205.188.12.20.5190 >
<w2kmachine>.ifs.1104: P
> >  1912445612:1912445720(108) ack 2118659303 win 16384 (DF)
> >        14:27:27.599945 <w2kmachine>.ifs.1104 >
205.188.12.20.5190: .
ack
> >  108 win 64767 (DF)
> >        14:27:31.180328 <w2kmachine>.ifs.netbios-dgm >
> >  <sambaserver>.ifs.netbios-dgm:
> >        >>> NBT UDP PACKET(138) Res=0x110E ID=0x81AB IP=10
(0xa).21
> >  (0x15).32 (0x20).238 (0xee) Port=138 (0x8a) Length=229 (0xe5) 
Res2=0x0
> >        SourceName=<w2kmachine>           NameType=0x00
(Workstation)
> >        DestName=IFS             NameType=0x1C (Unknown)
> >       
> >        SMB PACKET: SMBtrans (REQUEST)
> >  </snip>
> > 
> > 
> >  - Now for the suprise...
> >    - I was at home and still wanting to try to get this up and 
running
> >      last weekend, so I logged on into our VPN from a Windows 2000
> >  (Service Pack 2!!) machine
> >      and attempted to logon to our domain. And suprise... it worked.
> >      So i try it again now (monday), at my work, and I get the
> >     "The specified domain either does not exist or could not be
> >  contacted."-error again.
> >  ____________
> > 
> >  ___Conclusion:
> >  - somewhere from Service Pack 3 (I believe but not sure since I 
upgraded
> >  directly from 2 to 4)
> >    and on, Windows starts looking for an Active Directory when login 
on
> >  to a domain.
> >    I don't know what it does afterwards, but it won't talk to
my
Samba
> >  PDC.
> >    I've been looking around for the past few days and I could not 
find
> >  ANYTHING with a solution.
> >  ______________
> > 
> >  __My configuration file:
> > 
> >  - smb.conf
> >  <snip>
> >  # Global parameters
> >  [global]
> >          dos charset = ISO8859-15
> >          unix charset = CP850
> >          display charset = CP850
> >          workgroup = IFS
> >          netbios name = FILESERVER
> >          interfaces = lo, 127.0.0.0/255.0.0.0, eth0,
> >  10.21.32.0/255.255.255.0
> >          bind interfaces only = Yes
> >          auth methods = sam
> >          server schannel = Yes
> >          password server = 10.21.32.1
> >          passdb backend = ldapsam:ldap://10.21.32.1
> >          unix password sync = No
> >          client lanman auth = No
> >          client plaintext auth = No
> >          log level = 4
> >          syslog = 10
> >          log file = /var/log/samba/%m
> >          name resolve order = bcast wins hosts
> >          time server = Yes
> >          keepalive = 255
> >          socket options = TCP_NODELAY SO_KEEPALIVE SO_SNDBUF=8192
> >  SO_RCVBUF=8192
> >          load printers = No
> >          printcap name = cups
> >          logon drive = z:
> >          logon home = \\%L\%U
> >          domain logons = Yes
> >          os level = 64
> >          preferred master = Yes
> >          domain master = Yes
> >          wins support = Yes
> >          ldap suffix = o=ifs,c=nl
> >          ldap machine suffix = sambaDomainName=IFS,ou=Server
> >  Services,o=ifs,c=nl
> >          ldap user suffix = ou=People,o=ifs,c=nl                     
 
> >          ldap group suffix = ou=People Groups,o=ifs,c=nl
> >          ldap idmap suffix = o=ifs,c=nl
> >          ldap admin dn = cn=root,o=ifs,c=nl
> >          remote announce = 10.21.32.255/IFS
> >          idmap uid = 10000-20000
> >          idmap gid = 10000-20000
> >          admin users = adminisrtator
> > 
> >  [homes]
> >          comment = Home Directory
> >          read only = No
> >          browseable = No
> > 
> >  [netlogon]
> >          comment = Network Logon Service
> >          path = /home/services/samba/netlogon
> >          guest ok = Yes
> >          share modes = No
> > 
> >  [Profiles]
> >          path = /home/services/samba/profiles
> >          guest ok = Yes
> >          browseable = No
> > 
> >  [data]
> >          comment = IFS's shared files
> >          path = /home/ifs/data
> >          read only = No
> >          force create mode = 0771
> >          force directory mode = 0775
> >  </snip>
> >  _________________________
> > 
> > 
> >  I also tried to install the older version again
> >  (samba 2.x.stable (standard debian-package) without LDAP and with
> >  smbpasswd file),
> >  but no luck...
> > 
> >  I am completely out of ideas and believe I tried everything 
possible....
> >  Hope someone can explain me this mystical behaviour all of a 
sudden...
> > 
> >  Kind Regards,
> >  Bjorn Padding
> >  IFS Audio Visuals
> > 
> > 
> > 
> >  --
> >  To unsubscribe from this list go to the following URL and read the
> >  instructions:  http://lists.samba.org/mailman/listinfo/samba
> >

> bjorn.padding at ifsaudiovisueel.nl wrote:
> 
> >This is strange that it worked for you, because testparm tells me 
that
> >if you use "wins support = yes" && "wins server
= <wins server IP>"
at 
> >the same time, then smbd would not start. Anyway, I tried and it 
doesn't 
> >work...
> >  
> >
> nono you need to read what i said:
> 
> >> changing WINS support = yes
> >>    
> >>
> >>to WINS server = 'ip address', i got the domain thing to
work. I
kept
> >>getting the same error you did.
> >>    
> >>
> 
> > i said 'changing', you cant have both WINS support (this makes
Samba
THE 
> WINS server) and WINS server (this delegates the WINS support 
elsewhere).

Yeah, but that is not the situation, because my Samba PDC _is my 
WINS-server.

Thanks for your reply, but I am _SURE_ that it's nothing to do with my 
configuration, but with the Windows-2000 SP3.

Since this Services Pack, Windows 2000 looks for an active directory.
Again, I tried from 2 machines now with Windows 2000 SP2 and everything 
works just fine. As soon as I apply Service Pack 3, the error:

<snip>
	The following error ocurred validating the name "IFS".
	This condition may be caused by a DNS lookup problem. 
	For information about troubleshooting common DNS lookup problems,
	please see the following Microsoft web site:
	http://go.microsoft.com/fwlink/?LinkId=5171
	
	The specified domain either does not exist or could not be 
contacted.
						[ OK ]
</snip>

And I get the queries for _tcp._ldap.dc._msdcs.IFS. on bind log.

So clearly Microsoft is pushing their "Active Directory" on the 
market...
(Good marketing skills those guys, really Microsoft style)

The only way I know how to solve it now is to reinstall all my 
workstations with a clean win2k install and stop upgrading till service 
pack 2, but ofcourse I do not really prefer this...

> Thanks for your reply, but I am _SURE_ that it's 
> nothing to do with my configuration, but with the 
> Windows-2000 SP3.
I'm not so sure. Don't blame M$ too soon. Your use of
LDAP or how you use it may be the problem.
> Since this Services Pack, Windows 2000 looks for an 
> active directory. Again, I tried from 2 machines now 
> with Windows 2000 SP2 and everything works just 
> fine. As soon as I apply Service Pack 3, the error:
I'm not sure it does, probably not. Do other posters
complain about PDC+LDAP+W2K-SP3-4? You can't be the 
1st one with the problem. I don't use LDAP. SPs never 
affected my clients, 2, 3, 4.
> The only way I know how to solve it now is to 
> reinstall all my workstations with a clean win2k 
> install and stop upgrading till service pack 2, but 
> ofcourse I do not really prefer this...
Better analyze the login transactions for both SPs 
in a higher level log to be a bit more sure what is
going on.


____________________________________________________________
Get advanced SPAM filtering on Webmail or POP Mail ... Get Lycos Mail!
http://login.mail.lycos.com/r/referral?aid=27005

Thanks for you reply dkrnic...

Anyway... I found the problem. (but NO SOLUTION!!)

Just to summarize...
I had a win2k sp2 machine at home and win2k sp4 machines
on my work. I was unable to login my samba-pdc (v3 rc2) with
the workstations @ work, but I was able to connect from my win2k sp2 
machine at home through a VPN connection.

I now took that machine (w2k sp2 -machine from home) to my office to
test if it would also work on the network instead of a vpn connection.
and... it didn't, it gave the same error as the other machines.

In tcpdump I saw the DNS query from _ldap._tcp.dc._msdcs.<MYDOMAIN>.
This annoyed me, because my workstation from home on VPN didn't do this.

Then I came up with the plan to disable my DNS-server in my 
network-settings on my w2k-machines. Then I tried to log on to the 
domain and.... voila... it worked. When I enable the DNS-server again in 
my configuration I can't login to the domain anymore. 

I read some things about Native and Mixed -mode w2k's. I believe this is 
the whole problem. W2k's are in Native mode looking for Active Directory 
and Samba obviously... not... since it can't.

Anybody knows how I can change this behaviour of w2k towards my PDC?

Thanks!

Bjorn

-----Original Message-----
From: dkrnic [mailto:dkrnic@lycos.com]
Sent: dinsdag 26 augustus 2003 16:57
To: Bjorn H. Padding
Cc: samba
Subject: PDC + LDAP + W2K-SP4 Domain logon

> Thanks for your reply, but I am _SURE_ that it's 
> nothing to do with my configuration, but with the 
> Windows-2000 SP3.
I'm not so sure. Don't blame M$ too soon. Your use of
LDAP or how you use it may be the problem.
> Since this Services Pack, Windows 2000 looks for an 
> active directory. Again, I tried from 2 machines now 
> with Windows 2000 SP2 and everything works just 
> fine. As soon as I apply Service Pack 3, the error:
I'm not sure it does, probably not. Do other posters
complain about PDC+LDAP+W2K-SP3-4? You can't be the 
1st one with the problem. I don't use LDAP. SPs never 
affected my clients, 2, 3, 4.
> The only way I know how to solve it now is to 
> reinstall all my workstations with a clean win2k 
> install and stop upgrading till service pack 2, but 
> ofcourse I do not really prefer this...
Better analyze the login transactions for both SPs 
in a higher level log to be a bit more sure what is
going on.


____________________________________________________________
Get advanced SPAM filtering on Webmail or POP Mail ... Get Lycos Mail!
http://login.mail.lycos.com/r/referral?aid=27005

> Anyway... I found the problem. (but NO SOLUTION!!)
>
> Just to summarize...
> I had a win2k sp2 machine at home and win2k sp4 
> machines on my work. I was unable to login my 
> samba-pdc (v3 rc2) with the workstations @ work, 
> but I was able to connect from my win2k sp2 
> machine at home through a VPN connection.
>
> I now took that machine (w2k sp2 -machine from 
> home) to my office to test if it would also work 
> on the network instead of a vpn connection. and... 
> it didn't, it gave the same error as the other 
> machines.
>
> In tcpdump I saw the DNS query from 
> _ldap._tcp.dc._msdcs.<MYDOMAIN>. This annoyed me, 
> because my workstation from home on VPN didn't do 
> this.
>
> Then I came up with the plan to disable my DNS-
> server in my network-settings on my w2k-machines. 
> Then I tried to log on to the domain and.... 
> voila... it worked. When I enable the DNS-server 
> again in my configuration I can't login to the 
> domain anymore. 
>
> I read some things about Native and Mixed -mode 
> w2k's. I believe this is the whole problem. W2k's 
> are in Native mode looking for Active Directory 
> and Samba obviously... not... since it can't.
You are getting closer. Let's verify your server's
and clients' TCP/IP configuration. My server is also 
primary DNS and WINS server for my clients. That 
means "wins support=Yes" and there is a named running
on the server and its IP address is topmost under both 
DNS and WINS tabs of the Advanced TCP/IP properties 
box. In addition to that "Enable NetBIOS via TCP/IP"
radio button is set under WINS tab, and under DNS tab
both the radio button "Append primary and connection-
specific DNS suffixes" and the box "Append parent
suffixes of the primary DNS suffix" are set/checked.
The primary DNS suffix is what you enter in System's
tab Network identity->Properties->Advanced in the
field "Primary DNS-Suffix...". The checkbox "Change
DNS-Suffix when changing Domain" is left unchecked.
Works like a charm for all SPs of 2k and XP.


____________________________________________________________
Get advanced SPAM filtering on Webmail or POP Mail ... Get Lycos Mail!
http://login.mail.lycos.com/r/referral?aid=27005