ksun@ABINITIO.COM
2004-Sep-15 15:58 UTC
[Samba] No Domain Controller, Please help to interpret tcpdump
Greetings! I am still struggling with the issue that after vampiring from NT4 domain to Samba 3.0.7 with ldap backend, Windows XP cannot find the domain controller. In particular, WXP is an XP Prof which signed in AB_INITIO_DOM domain. After the migration I put the Samba Server (Priscilla) and WXP in an isolated network, and started up Priscilla as PDC for the network. But WXP complains that "the domain controller" is not available. But WXP can re-join the domain with no problem; so apparently the domain controller is there. I verified that the WXP's SID is consistent with that in the ldap database and all the user passwords are migrated OK. So I try to use tcpdump to figure out the interaction between WXP and Samba Server, all I can see are some requests to ldap server at port 138 (ldap server is the same as the samba server). Could someone please help me to interpret the following tcpdump and tell me where/how/when WXP is searching for the domain controller and why it failed? Or if someone can suggest a better way to debug this issue? Thank you a bunch!!! --- Kang Sun 11:33:40.776223 00:0c:29:0a:fa:0b > 00:50:2c:04:14:e8, ethertype IPv4 (0x0800), length 97: IP (tos 0x0, ttl 128, id 374, offset 0, flags [none], proto 17, length: 83) 10.50.21.62.1026 > 10.50.30.32.domain: 33+[|domain] 11:33:40.776792 00:50:2c:04:14:e8 > 00:0c:29:0a:fa:0b, ethertype IPv4 (0x0800), length 97: IP (tos 0x0, ttl 64, id 147, offset 0, flags [DF], proto 17, length: 83) 10.50.30.32.domain > 10.50.21.62.1026: 33 ServFail q:[|domain] 11:33:40.778876 00:0c:29:0a:fa:0b > 00:50:2c:04:14:e8, ethertype IPv4 (0x0800), length 269: IP (tos 0x0, ttl 128, id 376, offset 0, flags [none], proto 17, length: 255) 10.50.21.62.netbios-dgm > 10.50.30.32.netbios-dgm:>>> NBT UDP PACKET(138) Res=0x110E ID=0x8147 IP=10 (0xa).50 (0x32).21(0x15).62 (0x3e) Port=138 (0x8a) Length=213 (0xd5) Res2=0x0 SourceName=WXP NameType=0x00 (Workstation) DestNameWARNING: Short packet. Try increasing the snap length 11:33:40.780490 00:50:2c:04:14:e8 > 00:0c:29:0a:fa:0b, ethertype IPv4 (0x0800), length 280: IP (tos 0x0, ttl 64, id 462, offset 0, flags [DF], proto 17, length: 266) 10.50.30.32.netbios-dgm > 10.50.21.62.netbios-dgm:>>> NBT UDP PACKET(138) Res=0x100A ID=0x49FD IP=10 (0xa).50 (0x32).30(0x1e).32 (0x20) Port=138 (0x8a) Length=224 (0xe0) Res2=0x0 SourceName=PRISCILLA NameType=0x00 (Workstation) DestNameWARNING: Short packet. Try increasing the snap length 11:33:40.780936 00:50:2c:04:14:e8 > 00:0c:29:0a:fa:0b, ethertype IPv4 (0x0800), length 280: IP (tos 0x0, ttl 64, id 463, offset 0, flags [DF], proto 17, length: 266) 10.50.30.32.netbios-dgm > 10.50.21.62.netbios-dgm:>>> NBT UDP PACKET(138) Res=0x100A ID=0x49FE IP=10 (0xa).50 (0x32).30(0x1e).32 (0x20) Port=138 (0x8a) Length=224 (0xe0) Res2=0x0 SourceName=PRISCILLA NameType=0x00 (Workstation) DestNameWARNING: Short packet. Try increasing the snap length 11:33:41.390717 00:0c:29:0a:fa:0b > 00:50:2c:04:14:e8, ethertype IPv4 (0x0800), length 93: IP (tos 0x0, ttl 128, id 377, offset 0, flags [none], proto 17, length: 79) 10.50.21.62.1095 > 10.50.30.32.domain: [udp sum ok] 20+ SRV? _ldap._tcp.dc._msdcs.ABINITIO.COM. (51) 11:33:41.391125 00:50:2c:04:14:e8 > 00:0c:29:0a:fa:0b, ethertype IPv4 (0x0800), length 93: IP (tos 0x0, ttl 64, id 148, offset 0, flags [DF], proto 17, length: 79) 10.50.30.32.domain > 10.50.21.62.1095: [udp sum ok] 20 ServFail q: SRV? _ldap._tcp.dc._msdcs.ABINITIO.COM. 0/0/0 (51) 11:33:41.392415 00:0c:29:0a:fa:0b > 00:50:2c:04:14:e8, ethertype IPv4 (0x0800), length 92: IP (tos 0x0, ttl 128, id 378, offset 0, flags [none], proto 17, length: 78) 10.50.21.62.netbios-ns > 10.50.30.32.netbios-ns: [udp sum ok]>>> NBT UDP PACKET(137): QUERY; REQUEST; UNICASTTrnID=0x8149 OpCode=0 NmFlags=0x10 Rcode=0 QueryCount=1 AnswerCount=0 AuthorityCount=0 AddressRecCount=0 QuestionRecords: Name=AB_INITIO_DOM NameType=0x1C (Unknown) QuestionType=0x20 QuestionClass=0x1 11:33:41.393080 00:50:2c:04:14:e8 > 00:0c:29:0a:fa:0b, ethertype IPv4 (0x0800), length 104: IP (tos 0x0, ttl 64, id 649, offset 0, flags [DF], proto 17, length: 90) 10.50.30.32.netbios-ns > 10.50.21.62.netbios-ns:>>> NBT UDP PACKET(137): QUERY; POSITIVE; RESPONSE; UNICASTTrnID=0x8149 OpCode=0 NmFlags=0x58 Rcode=0 QueryCount=0 AnswerCount=1 AuthorityCount=0 AddressRecCount=0 ResourceRecords: Name=AB_INITIO_DOM NameType=0x1C (Unknown) ResType=0x20 ResClass=0x1 TTL=258976 (0x3f3a0) ResourceLength=0 ResourceDataAdditionalData: Data: (6 bytes) [000] 11 00 00 00 70 31 \021\000\000\000p1 11:33:41.394617 00:0c:29:0a:fa:0b > 00:50:2c:04:14:e8, ethertype IPv4 (0x0800), length 296: IP (tos 0x0, ttl 128, id 380, offset 0, flags [none], proto 17, length: 282) 10.50.21.62.netbios-dgm > 10.50.30.32.netbios-dgm:>>> NBT UDP PACKET(138) Res=0x110E ID=0x8148 IP=10 (0xa).50 (0x32).21(0x15).62 (0x3e) Port=138 (0x8a) Length=240 (0xf0) Res2=0x0 SourceName=WXP NameType=0x00 (Workstation) DestNameWARNING: Short packet. Try increasing the snap length 11:33:41.395778 00:50:2c:04:14:e8 > 00:0c:29:0a:fa:0b, ethertype IPv4 (0x0800), length 280: IP (tos 0x0, ttl 64, id 464, offset 0, flags [DF], proto 17, length: 266) 10.50.30.32.netbios-dgm > 10.50.21.62.netbios-dgm:>>> NBT UDP PACKET(138) Res=0x100A ID=0x49FF IP=10 (0xa).50 (0x32).30(0x1e).32 (0x20) Port=138 (0x8a) Length=224 (0xe0) Res2=0x0 SourceName=PRISCILLA NameType=0x00 (Workstation) DestNameWARNING: Short packet. Try increasing the snap length 11:33:41.396359 00:50:2c:04:14:e8 > 00:0c:29:0a:fa:0b, ethertype IPv4 (0x0800), length 280: IP (tos 0x0, ttl 64, id 465, offset 0, flags [DF], proto 17, length: 266) 10.50.30.32.netbios-dgm > 10.50.21.62.netbios-dgm:>>> NBT UDP PACKET(138) Res=0x100A ID=0x4A00 IP=10 (0xa).50 (0x32).30(0x1e).32 (0x20) Port=138 (0x8a) Length=224 (0xe0) Res2=0x0 SourceName=PRISCILLA NameType=0x00 (Workstation) DestNameWARNING: Short packet. Try increasing the snap length 11:33:45.775234 00:50:2c:04:14:e8 > 00:0c:29:0a:fa:0b, ethertype ARP (0x0806), length 42: arp who-has 10.50.21.62 tell 10.50.30.32 11:33:45.775658 00:0c:29:0a:fa:0b > 00:50:2c:04:14:e8, ethertype ARP (0x0806), length 60: arp reply 10.50.21.62 is-at 00:0c:29:0a:fa:0b 11:33:48.897180 00:0c:29:0a:fa:0b > 00:50:2c:04:14:e8, ethertype IPv4 (0x0800), length 94: IP (tos 0x0, ttl 128, id 381, offset 0, flags [none], proto 17, length: 80) 10.50.21.62.1096 > 10.50.30.32.domain: [udp sum ok] 21+ SRV? _ldap._tcp.pdc._msdcs.ABINITIO.COM. (52) 11:33:48.897728 00:50:2c:04:14:e8 > 00:0c:29:0a:fa:0b, ethertype IPv4 (0x0800), length 94: IP (tos 0x0, ttl 64, id 149, offset 0, flags [DF], proto 17, length: 80) 10.50.30.32.domain > 10.50.21.62.1096: [udp sum ok] 21 ServFail q: SRV? _ldap._tcp.pdc._msdcs.ABINITIO.COM. 0/0/0 (52) 11:33:48.899202 00:0c:29:0a:fa:0b > 00:50:2c:04:14:e8, ethertype IPv4 (0x0800), length 92: IP (tos 0x0, ttl 128, id 382, offset 0, flags [none], proto 17, length: 78) 10.50.21.62.netbios-ns > 10.50.30.32.netbios-ns: [udp sum ok]>>> NBT UDP PACKET(137): QUERY; REQUEST; UNICASTTrnID=0x814B OpCode=0 NmFlags=0x10 Rcode=0 QueryCount=1 AnswerCount=0 AuthorityCount=0 AddressRecCount=0 QuestionRecords: Name=AB_INITIO_DOM NameType=0x1B (Domain Controller) QuestionType=0x20 QuestionClass=0x1 11:33:48.900162 00:50:2c:04:14:e8 > 00:0c:29:0a:fa:0b, ethertype IPv4 (0x0800), length 104: IP (tos 0x0, ttl 64, id 650, offset 0, flags [DF], proto 17, length: 90) 10.50.30.32.netbios-ns > 10.50.21.62.netbios-ns:>>> NBT UDP PACKET(137): QUERY; POSITIVE; RESPONSE; UNICASTTrnID=0x814B OpCode=0 NmFlags=0x58 Rcode=0 QueryCount=0 AnswerCount=1 AuthorityCount=0 AddressRecCount=0 ResourceRecords: Name=AB_INITIO_DOM NameType=0x1B (Domain Controller) ResType=0x20 ResClass=0x1 TTL=258969 (0x3f399) ResourceLength=0 ResourceDataAdditionalData: Data: (6 bytes) [000] 11 00 00 00 70 31 \021\000\000\000p1 11:33:48.900502 00:0c:29:0a:fa:0b > 00:50:2c:04:14:e8, ethertype IPv4 (0x0800), length 262: IP (tos 0x0, ttl 128, id 383, offset 0, flags [none], proto 17, length: 248) 10.50.21.62.netbios-dgm > 10.50.30.32.netbios-dgm:>>> NBT UDP PACKET(138) Res=0x100E ID=0x814A IP=10 (0xa).50 (0x32).21(0x15).62 (0x3e) Port=138 (0x8a) Length=206 (0xce) Res2=0x0 SourceName=WXP NameType=0x00 (Workstation) DestNameWARNING: Short packet. Try increasing the snap length 11:33:48.901935 00:50:2c:04:14:e8 > 00:0c:29:0a:fa:0b, ethertype IPv4 (0x0800), length 284: IP (tos 0x0, ttl 64, id 466, offset 0, flags [DF], proto 17, length: 270) 10.50.30.32.netbios-dgm > 10.50.21.62.netbios-dgm:>>> NBT UDP PACKET(138) Res=0x100A ID=0x4A01 IP=10 (0xa).50 (0x32).30(0x1e).32 (0x20) Port=138 (0x8a) Length=228 (0xe4) Res2=0x0 SourceName=PRISCILLA NameType=0x00 (Workstation) DestNameWARNING: Short packet. Try increasing the snap length