Blade Sun/ICILSZX
2006-Mar-15 03:08 UTC
[Samba] Can't add PC to Samba domain in different subnet
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD><TITLE></TITLE> <META http-equiv=Content-Type content="text/html; charset=us-ascii"> <META content="MSHTML 6.00.2800.1528" name=GENERATOR></HEAD> <BODY><!-- Converted from text/plain format --> <P><FONT face=Arial size=2>Hi:<BR><BR>I can't add PC to domain when the DC in the different subnet.<BR><BR>I follow the introduction in section 5 of <samba 3 by example>, and created the samba domain and LDAP server, it runs well when the PC is in the same subnet, the smbldap-tool could add the PC account to LDAP server automatically.<BR><BR>But when I want to add the PC in another subnet to this domain, a strange problem occurred, I did as follow:<BR><STRONG>1</STRONG>. Modify the lmhosts in the client PC, restart it. The nbtstat -c command could get the domain and DC information.<BR><STRONG>2</STRONG>. Add the PC to the domain, it asks the root password, which seems could find the DC, but then a error msg jump out saying "The Specified domain either does<BR>not exist or could not be contacted". There is no limit in the router between the 2 subnets.<BR><STRONG>3</STRONG>. Then I checked the log of the samba, the log level=4, and the log shows:<BR> <FONT face="Courier New">send_mailslot: Sending to mailslot \MAILSLOT\BROWSE from ICILSZXLX01<00> IP 192.168.18.225 to ICILSZX<1d> IP 192.168.1.199<BR> Sending a packet of len 215 to (192.168.1.199) on port 138<BR> announce_remote: Doing remote announce for server ICILSZXLX01 to IP 192.168.1.199.<BR> send_mailslot: Sending to mailslot \MAILSLOT\BROWSE from ICILSZXLX01<00> IP 192.168.18.225 to ICILSZX<1d> IP 192.168.1.199<BR> Sending a packet of len 215 to (192.168.1.199) on port 138<BR> announce_remote: Doing remote announce for server ICILSZXLX01 to IP 192.168.1.199.<BR> send_mailslot: Sending to mailslot \MAILSLOT\BROWSE from ICILSZXLX01<00> IP 192.168.18.225 to ICILSZX<1d> IP 192.168.1.199<BR> Sending a packet of len 215 to (192.168.1.199) on port 138<BR> Received a packet of len 243 from (192.168.1.199) port 138<BR> process_dgram: datagram from ICILSZXPC24<00> to ICILSZX<1c> IP 192.168.1.199 for \MAILSLOT\NET\NETLOGON of type 18 len=69<BR> process_logon_packet: Logon from 192.168.1.199: code = 0x12<BR> process_logon_packet: SAMLOGON request from ICILSZXPC24(192.168.1.199) for , returning logon svr \\ICILSZXLX01 domain ICILSZX code 13 token=ffff<BR> send_mailslot: Sending to mailslot \MAILSLOT\NET\GETDC042 from ICILSZXLX01<00> IP 192.168.18.225 to ICILSZXPC24<00> IP 192.168.1.199<BR> Sending a packet of len 230 to (192.168.1.199) on port 138<BR></FONT><STRONG>4</STRONG>. And I checked the ldap log, there is nothing related to the PC.<BR><STRONG>5</STRONG>. I capture all packages, and get the related detail here:<BR> <FONT face="Courier New">7.536756 192.168.1.199 -> 192.168.18.225 SMB_NETLOGON SAM LOGON request from client</FONT></FONT></P> <P><FONT face="Courier New" size=2> 0000 00 11 25 8f 5a 28 00 00 c5 8d 57 56 08 00 45 00 ..%.Z(....WV..E.<BR> 0010 01 0f 77 23 00 00 7f 11 2d c2 c0 a8 01 c7 c0 a8 ..w#....-.......<BR> 0020 12 e1 00 8a 00 8a 00 fb ca 25 11 0e 84 4a c0 a8 .........%...J..<BR> 0030 01 c7 00 8a 00 e5 00 00 20 45 4a 45 44 45 4a 45 ........ EJEDEJE<BR> 0040 4d 46 44 46 4b 46 49 46 41 45 44 44 43 44 45 43 MFDFKFIFAEDDCDEC<BR> 0050 41 43 41 43 41 43 41 41 41 00 20 45 4a 45 44 45 ACACACAAA. EJEDE<BR> 0060 4a 45 4d 46 44 46 4b 46 49 43 41 43 41 43 41 43 JEMFDFKFICACACAC<BR> 0070 41 43 41 43 41 43 41 43 41 42 4d 00 ff 53 4d 42 ACACACACABM..SMB<BR> 0080 25 00 00 00 00 18 04 00 00 00 00 00 00 00 00 00 %...............<BR> 0090 00 00 00 00 00 00 ff fe 00 00 00 00 11 00 00 45 ...............E<BR> 00a0 00 02 00 00 00 00 00 02 00 00 00 00 00 00 00 00 ................<BR> 00b0 00 5c 00 45 00 5c 00 03 00 01 00 00 00 02 00 5c .\.E.\.........\<BR> 00c0 00 5c 4d 41 49 4c 53 4c 4f 54 5c 4e 45 54 5c 4e .\MAILSLOT\NET\N<BR> 00d0 45 54 4c 4f 47 4f 4e 00 12 00 00 00 49 00 43 00 ETLOGON.....I.C.<BR> 00e0 49 00 4c 00 53 00 5a 00 58 00 50 00 43 00 32 00 I.L.S.Z.X.P.C.2.<BR> 00f0 34 00 00 00 00 00 5c 4d 41 49 4c 53 4c 4f 54 5c 4.....\MAILSLOT\<BR> 0100 4e 45 54 5c 47 45 54 44 43 39 36 33 00 00 00 00 NET\GETDC963....<BR> 0110 00 00 00 00 00 0b 00 00 00 ff ff ff ff .............</FONT></P> <P><FONT face="Courier New" size=2> 7.537347 192.168.18.225 -> 192.168.1.199 SMB_NETLOGON SAM Response - user unknown</FONT></P> <P><FONT size=2><FONT face="Courier New"> 0000 00 00 c5 8d 57 56 00 11 25 8f 5a 28 08 00 45 00 ....WV..%.Z(..E.<BR> 0010 01 02 04 aa 40 00 40 11 9f 48 c0 a8 12 e1 c0 a8 </FONT><A href="mailto:....@.@..H"><FONT face="Courier New">....@.@..H</FONT></A><FONT face="Courier New">......<BR> 0020 01 c7 00 8a 00 8a 00 ee a5 a2 10 0a 19 d7 c0 a8 ................<BR> 0030 12 e1 00 8a 00 d8 00 00 20 45 4a 45 44 45 4a 45 ........ EJEDEJE<BR> 0040 4d 46 44 46 4b 46 49 45 4d 46 49 44 41 44 42 43 MFDFKFIEMFIDADBC<BR> 0050 41 43 41 43 41 43 41 41 41 00 20 45 4a 45 44 45 ACACACAAA. EJEDE<BR> 0060 4a 45 4d 46 44 46 4b 46 49 46 41 45 44 44 43 44 JEMFDFKFIFAEDDCD<BR> 0070 45 43 41 43 41 43 41 43 41 41 41 00 ff 53 4d 42 ECACACACAAA..SMB<BR> 0080 25 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 %...............<BR> 0090 00 00 00 00 00 00 00 00 00 00 00 00 11 00 00 38 ...............8<BR> 00a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................<BR> 00b0 00 00 00 38 00 5c 00 03 00 01 00 01 00 02 00 4f ...8.\.........O<BR> 00c0 00 5c 4d 41 49 4c 53 4c 4f 54 5c 4e 45 54 5c 47 .\MAILSLOT\NET\G<BR> 00d0 45 54 44 43 39 36 33 00 15 00 5c 00 5c 00 49 00 ETDC963...\.\.I.<BR> 00e0 43 00 49 00 4c 00 53 00 5a 00 58 00 4c 00 58 00 C.I.L.S.Z.X.L.X.<BR> 00f0 30 00 31 00 00 00 00 00 49 00 43 00 49 00 4c 00 0.1.....I.C.I.L.<BR> 0100 53 00 5a 00 58 00 00 00 01 00 00 00 ff ff ff ff S.Z.X...........</FONT></FONT></P> <P><FONT face="Courier New" size=2> 7.639556 192.168.1.199 -> 192.168.18.225 SMB_NETLOGON SAM LOGON request from client</FONT></P> <P><FONT face="Courier New" size=2> 0000 00 11 25 8f 5a 28 00 00 c5 8d 57 56 08 00 45 00 ..%.Z(....WV..E.<BR> 0010 01 27 77 24 00 00 7f 11 2d a9 c0 a8 01 c7 c0 a8 .'w$....-.......<BR> 0020 12 e1 00 8a 00 8a 01 13 85 14 11 0e 84 4b c0 a8 .............K..<BR> 0030 01 c7 00 8a 00 fd 00 00 20 45 4a 45 44 45 4a 45 ........ EJEDEJE<BR> 0040 4d 46 44 46 4b 46 49 46 41 45 44 44 43 44 45 43 MFDFKFIFAEDDCDEC<BR> 0050 41 43 41 43 41 43 41 41 41 00 20 45 4a 45 44 45 ACACACAAA. EJEDE<BR> 0060 4a 45 4d 46 44 46 4b 46 49 43 41 43 41 43 41 43 JEMFDFKFICACACAC<BR> 0070 41 43 41 43 41 43 41 43 41 42 4d 00 ff 53 4d 42 ACACACACABM..SMB<BR> 0080 25 00 00 00 00 18 04 00 00 00 00 00 00 00 00 00 %...............<BR> 0090 00 00 00 00 00 00 ff fe 00 00 00 00 11 00 00 5d ...............]<BR> 00a0 00 02 00 00 00 00 00 02 00 00 00 00 00 00 00 00 ................<BR> 00b0 00 5c 00 5d 00 5c 00 03 00 01 00 00 00 02 00 74 .\.].\.........t<BR> 00c0 00 5c 4d 41 49 4c 53 4c 4f 54 5c 4e 45 54 5c 4e .\MAILSLOT\NET\N<BR> 00d0 45 54 4c 4f 47 4f 4e 00 12 00 00 00 49 00 43 00 ETLOGON.....I.C.<BR> 00e0 49 00 4c 00 53 00 5a 00 58 00 50 00 43 00 32 00 I.L.S.Z.X.P.C.2.<BR> 00f0 34 00 00 00 49 00 43 00 49 00 4c 00 53 00 5a 00 4...I.C.I.L.S.Z.<BR> 0100 58 00 50 00 43 00 32 00 34 00 24 00 00 00 5c 4d X.P.C.2.4.$...\M<BR> 0110 41 49 4c 53 4c 4f 54 5c 4e 45 54 5c 47 45 54 44 AILSLOT\NET\GETD<BR> 0120 43 34 36 35 00 80 01 00 00 00 00 00 00 0b 00 00 C465............<BR> 0130 00 ff ff ff ff .....</FONT></P> <P><FONT face="Courier New" size=2> 7.640142 192.168.18.225 -> 192.168.1.199 SMB_NETLOGON Response to SAM LOGON request</FONT></P> <P><FONT face=Arial size=2><FONT face="Courier New"> 0000 00 00 c5 8d 57 56 00 11 25 8f 5a 28 08 00 45 00 ....WV..%.Z(..E.<BR> 0010 01 1a 04 ab 40 00 40 11 9f 2f c0 a8 12 e1 c0 a8 </FONT><A href="mailto:....@.@../"><FONT face="Courier New">....@.@../</FONT></A><FONT face="Courier New">......<BR> 0020 01 c7 00 8a 00 8a 01 06 67 0e 10 0a 19 d8 c0 a8 ........g.......<BR> 0030 12 e1 00 8a 00 f0 00 00 20 45 4a 45 44 45 4a 45 ........ EJEDEJE<BR> 0040 4d 46 44 46 4b 46 49 45 4d 46 49 44 41 44 42 43 MFDFKFIEMFIDADBC<BR> 0050 41 43 41 43 41 43 41 41 41 00 20 45 4a 45 44 45 ACACACAAA. EJEDE<BR> 0060 4a 45 4d 46 44 46 4b 46 49 46 41 45 44 44 43 44 JEMFDFKFIFAEDDCD<BR> 0070 45 43 41 43 41 43 41 43 41 41 41 00 ff 53 4d 42 ECACACACAAA..SMB<BR> 0080 25 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 %...............<BR> 0090 00 00 00 00 00 00 00 00 00 00 00 00 11 00 00 50 ...............P<BR> 00a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................<BR> 00b0 00 00 00 50 00 5c 00 03 00 01 00 01 00 02 00 67 ...P.\.........g<BR> 00c0 00 5c 4d 41 49 4c 53 4c 4f 54 5c 4e 45 54 5c 47 .\MAILSLOT\NET\G<BR> 00d0 45 54 44 43 34 36 35 00 13 00 5c 00 5c 00 49 00 ETDC465...\.\.I.<BR> 00e0 43 00 49 00 4c 00 53 00 5a 00 58 00 4c 00 58 00 C.I.L.S.Z.X.L.X.<BR> 00f0 30 00 31 00 00 00 49 00 43 00 49 00 4c 00 53 00 0.1...I.C.I.L.S.<BR> 0100 5a 00 58 00 50 00 43 00 32 00 34 00 24 00 00 00 Z.X.P.C.2.4.$...<BR> 0110 49 00 43 00 49 00 4c 00 53 00 5a 00 58 00 00 00 I.C.I.L.S.Z.X...</FONT></FONT></P> <DIV><FONT size=2><FONT face=Arial><STRONG>6</STRONG>. For the disunderstand of the error "user Unknow", I first add the PC to domain in the same subnet, then quit, the PC account is in the LDAP server. Then connect the PC to different subnet, the error is the same.</FONT></FONT></DIV> <DIV><FONT size=2><FONT face=Arial><STRONG>7</STRONG>. I even add the "remote anouce" option in smb.conf.</FONT></FONT></DIV> <DIV><FONT size=2><FONT face=Arial></FONT></FONT> </DIV> <DIV><FONT size=2><FONT face=Arial>How can I solve the problem? please advise, thanks.</FONT></DIV> <P><BR><BR><BR><FONT face=Arial>Thanks&Regards<BR>Blade Sun/ICILSZX<BR></FONT></P></FONT></BODY></HTML>