First off, I'd like to give all the people involved
with the development of Samba a big thanks. I'd have
to say that Samba is probably the single most important
piece of software that we run in our research lab.
I'd also like to say that I have had so few problems that
I probably haven't written about one in 3 years.
With that being said, I'm having problems with my
Samba PDC. I'm running Samba 2.2.8a on a Solaris 8
box. We have recently moved our lab from one
facilty to another, which forced us to change all
of our system names and IP's. Luckily, only the
domain part of the name changed, as well as the IP's.
I updated the smb.conf to reflect the new subnet and IP's. However,
I have recently noticed that people are getting alot of
"Domain LABDOM is unavailable" messages when trying to
logon from Win2k. This may last anywhere from 2 minutes to 30
minutes. Then, for no apparent reason, they will be able to logon.
I'm thinking that it has to do with my hosts allow and
hosts deny settings. Before the move, we were on a subnet
with a netmask setting of 255.255.255.0. So my hosts allow
setting were this (IP's have been changed to protect the innocent):
hosts allow = 10.0.33. 127.0.0.1
host deny = ALL EXCEPT 10.0.33. 127.0.0.1
We are now on a much more restricted subnet, and
can't have the full range to ourselves. Consequently,
our subnet mask is now 255.255.255.224, and the IP
address space is from 10.0.236.38 - 10.0.236.61
(this takes into account the network devices).
I'm wondering if my problem is related to this.
I'm thinking that that I should restrict my hosts
allow with the network/netmask combo:
hosts allow = 10.0.236.32/255.255.255.224
Is this what I'm looking for? I've included the
global part of my conf below.
Thanks,
-Jim
*************************************************
Jim Kreuziger
jkreuzig@uci.edu
*************************************************
[global]
workgroup = LABDOM
preexec = csh -c `echo /usr/local/samba/bin/smbclient \
-M %m -I %I` &
server string = Samba %v on (%L)
security = user
domain logons = yes
domain admin group = @domadm
encrypt passwords = Yes
password level = 3
log level = 2
log file = /samba/current/var/log.smbd.%m
max log size = 2000
wins support = Yes
name resolve order = lmhosts wins hosts bcast
dns proxy = yes
deadtime = 0
keepalive = 3600
client code page = 437
os level = 65
preferred master = Yes
domain master = Yes
guest account = samba
invalid users = daemon bin sys lp smtp uucp nuucp listen dcs consult
dumper nobody
hosts allow = 10.0.236. 10.0.33. 10.0.126. 127.0.0.1
hosts deny = ALL EXCEPT 10.0.236. 10.0.33. 10.0.126. 127.0.0.1
veto oplock files = /*.mdb/*.dbm/*.doc/*.xls
socket options = TCP_NODELAY IPTOS_LOWDELAY
getwd cache = yes
logon script = %U.bat
logon path = \\ralopib\profile\%U
remote announce = 10.0.126.208/IMHH
utmp = True
username map = /samba/current/lib/usermap.txt
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 If you can't find the DOMAIN, I would suspect a WINS server issue. Look both at the log.nmbd file in /var/log/samba, and also check that your windows clients have their wins server set correctly: either ipconfig under Windows NT and sons, or winipcfg under Windows 95 and its, uh, heirs. Both can be run from a command (DOS command.com or cmd.exe) window. If the WINS server is wrong, then network browsing will go all to h*ck! James Kreuziger wrote: | First off, I'd like to give all the people involved | with the development of Samba a big thanks. I'd have | to say that Samba is probably the single most important | piece of software that we run in our research lab. | I'd also like to say that I have had so few problems that | I probably haven't written about one in 3 years. | | With that being said, I'm having problems with my | Samba PDC. I'm running Samba 2.2.8a on a Solaris 8 | box. We have recently moved our lab from one | facilty to another, which forced us to change all | of our system names and IP's. Luckily, only the | domain part of the name changed, as well as the IP's. | | I updated the smb.conf to reflect the new subnet and IP's. However, | I have recently noticed that people are getting alot of | "Domain LABDOM is unavailable" messages when trying to | logon from Win2k. This may last anywhere from 2 minutes to 30 | minutes. Then, for no apparent reason, they will be able to logon. | | I'm thinking that it has to do with my hosts allow and | hosts deny settings. Before the move, we were on a subnet | with a netmask setting of 255.255.255.0. So my hosts allow | setting were this (IP's have been changed to protect the innocent): | | hosts allow = 10.0.33. 127.0.0.1 | host deny = ALL EXCEPT 10.0.33. 127.0.0.1 | | We are now on a much more restricted subnet, and | can't have the full range to ourselves. Consequently, | our subnet mask is now 255.255.255.224, and the IP | address space is from 10.0.236.38 - 10.0.236.61 | (this takes into account the network devices). | | I'm wondering if my problem is related to this. | I'm thinking that that I should restrict my hosts | allow with the network/netmask combo: | | hosts allow = 10.0.236.32/255.255.255.224 | | Is this what I'm looking for? I've included the | global part of my conf below. | | Thanks, | | -Jim | | ************************************************* | Jim Kreuziger | jkreuzig@uci.edu | ************************************************* | | [global] | workgroup = LABDOM | preexec = csh -c `echo /usr/local/samba/bin/smbclient \ | -M %m -I %I` & | server string = Samba %v on (%L) | security = user | domain logons = yes | domain admin group = @domadm | encrypt passwords = Yes | password level = 3 | log level = 2 | log file = /samba/current/var/log.smbd.%m | max log size = 2000 | wins support = Yes | name resolve order = lmhosts wins hosts bcast | dns proxy = yes | deadtime = 0 | keepalive = 3600 | client code page = 437 | os level = 65 | preferred master = Yes | domain master = Yes | guest account = samba | invalid users = daemon bin sys lp smtp uucp nuucp listen dcs consult dumper nobody | hosts allow = 10.0.236. 10.0.33. 10.0.126. 127.0.0.1 | hosts deny = ALL EXCEPT 10.0.236. 10.0.33. 10.0.126. 127.0.0.1 | veto oplock files = /*.mdb/*.dbm/*.doc/*.xls | socket options = TCP_NODELAY IPTOS_LOWDELAY | getwd cache = yes | logon script = %U.bat | logon path = \\ralopib\profile\%U | remote announce = 10.0.126.208/IMHH | utmp = True | username map = /samba/current/lib/usermap.txt -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/XnnVRliD/69byygRAo/CAJ9y5rLSgSSxcMDS9+xeEDZqAYYFrACfTV+S hHGUn+KMrUfcB6HniziLTjg=HWTX -----END PGP SIGNATURE-----
On Tue, 9 Sep 2003, James Kreuziger wrote:> With that being said, I'm having problems with my > Samba PDC. I'm running Samba 2.2.8a on a Solaris 8 > box. We have recently moved our lab from one > facilty to another, which forced us to change all > of our system names and IP's. Luckily, only the > domain part of the name changed, as well as the IP's. > > I updated the smb.conf to reflect the new subnet and IP's. However, > I have recently noticed that people are getting alot of > "Domain LABDOM is unavailable" messages when trying to > logon from Win2k. This may last anywhere from 2 minutes to 30 > minutes. Then, for no apparent reason, they will be able to logon.What about a broken cable, a defect switch port, a loose NIC ? These things may work for some time and suddenly stop or the other way round. You could take a laptop and try to track down the weak point in your lan . Regards, Uli.> > I'm thinking that it has to do with my hosts allow and > hosts deny settings. Before the move, we were on a subnet > with a netmask setting of 255.255.255.0. So my hosts allow > setting were this (IP's have been changed to protect the innocent): > > hosts allow = 10.0.33. 127.0.0.1 > host deny = ALL EXCEPT 10.0.33. 127.0.0.1 > > We are now on a much more restricted subnet, and > can't have the full range to ourselves. Consequently, > our subnet mask is now 255.255.255.224, and the IP > address space is from 10.0.236.38 - 10.0.236.61 > (this takes into account the network devices). > > I'm wondering if my problem is related to this. > I'm thinking that that I should restrict my hosts > allow with the network/netmask combo: > > hosts allow = 10.0.236.32/255.255.255.224 > > Is this what I'm looking for? I've included the > global part of my conf below. > > Thanks, > > -Jim > > ************************************************* > Jim Kreuziger > jkreuzig@uci.edu > ************************************************* > > [global] > workgroup = LABDOM > preexec = csh -c `echo /usr/local/samba/bin/smbclient \ > -M %m -I %I` & > server string = Samba %v on (%L) > security = user > domain logons = yes > domain admin group = @domadm > encrypt passwords = Yes > password level = 3 > log level = 2 > log file = /samba/current/var/log.smbd.%m > max log size = 2000 > wins support = Yes > name resolve order = lmhosts wins hosts bcast > dns proxy = yes > deadtime = 0 > keepalive = 3600 > client code page = 437 > os level = 65 > preferred master = Yes > domain master = Yes > guest account = samba > invalid users = daemon bin sys lp smtp uucp nuucp listen dcs consult dumper nobody > hosts allow = 10.0.236. 10.0.33. 10.0.126. 127.0.0.1 > hosts deny = ALL EXCEPT 10.0.236. 10.0.33. 10.0.126. 127.0.0.1 > veto oplock files = /*.mdb/*.dbm/*.doc/*.xls > socket options = TCP_NODELAY IPTOS_LOWDELAY > getwd cache = yes > logon script = %U.bat > logon path = \\ralopib\profile\%U > remote announce = 10.0.126.208/IMHH > utmp = True > username map = /samba/current/lib/usermap.txt > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba >