I'm having trouble with my Samba 3 PDC and several XP Pro workstations stealing the master browser status on the network. These users won't log in to the domain. Logs and purified smb.conf attached. Mar 27 09:09:48 macallan nmbd[3481]: Mar 27 09:09:48 macallan nmbd[3481]: ***** Mar 27 09:10:05 macallan nmbd[3481]: [2007/03/27 09:10:05, 0] nmbd/nmbd_become_lmb.c:become_local_master_stage2(396) Mar 27 09:10:05 macallan nmbd[3481]: ***** Mar 27 09:10:05 macallan nmbd[3481]: Mar 27 09:10:05 macallan nmbd[3481]: Samba name server MACALLAN is now a local master browser for workgroup DVC on subnet 192.168.1.2 Mar 27 09:10:05 macallan nmbd[3481]: Mar 27 09:10:05 macallan nmbd[3481]: ***** Mar 27 09:10:05 macallan nmbd[3481]: [2007/03/27 09:10:05, 0] nmbd/nmbd_incomingdgrams.c:process_local_master_announce(309) Mar 27 09:10:05 macallan nmbd[3481]: process_local_master_announce: Server NITIN at IP 192.168.1.126 is announcing itself as a local master browser for workgroup DVC and we think we are master. Forcing election. Mar 27 09:10:05 macallan nmbd[3481]: [2007/03/27 09:10:05, 0] nmbd/nmbd_become_lmb.c:unbecome_local_master_success(149) Mar 27 09:10:05 macallan nmbd[3481]: ***** Mar 27 09:10:05 macallan nmbd[3481]: Mar 27 09:10:05 macallan nmbd[3481]: Samba name server MACALLAN has stopped being a local master browser for workgroup DVC on subnet 192.168.1.2 Mar 27 09:10:05 macallan nmbd[3481]: Mar 27 09:10:05 macallan nmbd[3481]: ***** Mar 27 09:10:23 macallan nmbd[3481]: [2007/03/27 09:10:23, 0] nmbd/nmbd_nameregister.c:register_name_response(130) Mar 27 09:10:23 macallan nmbd[3481]: register_name_response: server at IP 192.168.1.126 rejected our name registration of DVC<1d> IP 192.168.1.2 with error code 6. Mar 27 09:10:23 macallan nmbd[3481]: [2007/03/27 09:10:23, 0] nmbd/nmbd_become_lmb.c:become_local_master_fail2(417) Mar 27 09:10:23 macallan nmbd[3481]: become_local_master_fail2: failed to register name DVC<1d> on subnet 192.168.1.2. Failed to become a local master browser. Mar 27 09:10:23 macallan nmbd[3481]: [2007/03/27 09:10:23, 0] nmbd/nmbd_namelistdb.c:standard_fail_register(305) Mar 27 09:10:23 macallan nmbd[3481]: standard_fail_register: Failed to register/refresh name DVC<1d> on subnet 192.168.1.2 Mar 27 09:11:52 macallan nmbd[3481]: [2007/03/27 09:11:52, 0] nmbd/nmbd_namequery.c:query_name_response(109) # Defining domain name, hostname #################################################### [global] winbind separator = + winbind cache time = 10 winbind use default domain = yes template shell = /bin/bash template homedir = /home/%D/%U idmap uid = 10000-20000 idmap gid = 10000-20000 server string = macallan wins support = yes workgroup = dvc netbios name = macallan # Specifying ldapsam backend database #################################################### passdb backend = ldapsam:ldap://127.0.0.1 username map = /etc/samba/smbusers # Specifying printing subsystem #################################################### #printcap name = cups #printing = cups # Path to IDEALX scripts (we will get to that soon) #################################################### add user script = /usr/local/sbin/smbldap-useradd -m %u delete user script = /usr/local/sbin/smbldap-userdel %u add group script = /usr/local/sbin/smbldap-groupadd -p %g delete group script = /usr/local/sbin/smbldap-groupdel %g add user to group script = /usr/local/sbin/smbldap-groupmod -m %g %u delete user from group script = /usr/local/sbin/smbldap-groupmod -x %g %u set primary group script = /usr/local/sbin/smbldap-usermod -g %g %u add machine script = /usr/local/sbin/smbldap-useradd -w %u # if you want to add machines to domain automaticaly, add machine script is: add machine script = /usr/local/sbin/smbldap-useradd -w -i %m # proved on SUSE 10.0 # # Various other directives ( man smb.conf ) #################################################### obey pam restrictions = Yes #logon script = scripts\logon.bat # NULL logon path makes clients store profiles locally logon path #logon drive = H: #logon home = \\%L\%U domain logons = Yes os level = 255 local master = Yes preferred master = Yes domain master = Yes dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd show add printer wizard = yes # OpenLDAP stuff is defined here ################################################### ldap suffix = dc=<MY DOMAIN>,dc=com ldap machine suffix = ou=Computers ldap user suffix = ou=Users ldap group suffix = ou=Groups ldap idmap suffix = ou=Users ldap admin dn = cn=Manager,dc=<MY DOMAIN>,dc=com ldap ssl = no ldap passwd sync = Yes idmap uid = 15000-20000 idmap gid = 15000-20000 # Defining logging facility #################################################### log level = 2 log file = /var/log/samba/%m.log # Defining user home directories #################################################### [homes] comment = Home Directories valid users = %S read only = No browseable = No
Eric Knudstrup schrieb:> Server NITIN at IP 192.168.1.126 is announcing itself as a local master > browser for workgroup DVC and we think we are master. Forcing election. > Mar 27 09:10:05 macallan nmbd[3481]: [2007/03/27 09:10:05, 0] > nmbd/nmbd_become_lmb.c:unbecome_local_master_success(149) > Mar 27 09:10:05 macallan nmbd[3481]: ***** > Mar 27 09:10:05 macallan nmbd[3481]: Mar 27 09:10:05 macallan > nmbd[3481]: Samba name server MACALLAN has stopped being a local > master browser for workgroup DVC on subnet 192.168.1.2> os level = 255Tell the dork with the XP machine to stop that. YOU are the network's master, aren't you? (Pity if not...) AFAIK he must have tweaked his registry for that, but i'm not completely sure. timbo
samba-request@lists.samba.org wrote:> > Subject: > Re: [Samba] Dueling master browsers... > From: > Tim Boneko <lists@boneko.de> > Date: > Wed, 28 Mar 2007 20:39:16 +0200 > To: > samba@lists.samba.org > > To: > samba@lists.samba.org > > > Eric Knudstrup schrieb: > > >> Server NITIN at IP 192.168.1.126 is announcing itself as a local master >> browser for workgroup DVC and we think we are master. Forcing election. >> Mar 27 09:10:05 macallan nmbd[3481]: [2007/03/27 09:10:05, 0] >> nmbd/nmbd_become_lmb.c:unbecome_local_master_success(149) >> Mar 27 09:10:05 macallan nmbd[3481]: ***** >> Mar 27 09:10:05 macallan nmbd[3481]: Mar 27 09:10:05 macallan >> nmbd[3481]: Samba name server MACALLAN has stopped being a local >> master browser for workgroup DVC on subnet 192.168.1.2 >> > > > >> os level = 255 >> > > > Tell the dork with the XP machine to stop that. YOU are the network's > master, aren't you? (Pity if not...) > AFAIK he must have tweaked his registry for that, but i'm not completely > sure. > > timbo >I don't think so. There are a couple of machines that insist on it. Both of them are the guys who aren't logged into the domain. This machine is also dual homed - wireless and wired ethernet. I even have the DHCP server setting macallan as the WINS server. Is there any way *I* can tweak the registry to disable them from announcing themselves as the master browser? I think I've tried just about everything on the PDC to disable this... Eric
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Tom Robinson schrieb:> Robert Schetterer wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Tom Robinson schrieb: >>> Hi All >>> >>> Our company got a Windows Vista installed laptop even though we ordered >>> it with XP. Now I'm faced with the task of integrating the beast into >>> our samba controlled domain. Something I was hoping to delay for some >>> time. >>> >>> Our PDC is samba 2.2.8a with openldap 2.1.4 >>> We also have a Domain Member Server running samba 3.0.10. >>> >>> There is a document on the Microsoft site that I downloaded >>> (http://www.microsoft.com/downloads/details.aspx?FamilyID=311f4be8-9983-4ab0-9685-f1bfec1e7d62&DisplayLang=en) >>> >>> explaining how to do folder redirection so that at least some of the >>> XP/Vista profile will roam. To do this you have to logon to Vista as a >>> "Domain User" and run GPMC.MSC. The problem is that, even though I logon >>> as a domain user (DOMAIN\user) the GPMC.MSC issues the warning: >>> >>> "To manage Group Policy, you must log on to the computer with a domain >>> user account." >>> >>> With samba 2.2.8a we have no "Domain Users" group. Could this be the >>> problem? How would I add this group to the PDC? >>> >>> Is there a workaround for this? >>> >>> Any help is appreciated. >>> >>> Thanks, >>> >>> Tom >>> >> Hi Tom, i dont think you will get vista to join a samba 2.2.8a pdc >> domain, at my tests upgrade to samba latest was needed to handle vista >> in a minimum, the adm format ( policies ) changed in vista its now called >> admx, after all a simply folder redirect reg patch should work in vista >> include it as local admin, >> i would recommend setup win xp, and wait for stabelizing vista, in mean >> time upgrade your samba setup to latest. >> But maybe someone else can give you more advice handle vista, my tests >> where very basic, cause i will not implement vista anywhere in the next >> year, and will not sombody advice to do so. >> > > Hi Robert, > > Thanks for your reply. > > Surprisingly I have the Vista box already joined to the domain. It > authenticates to the PDC and logs on sucessfully. So I suspect a problem > elsewhere in the 2.2.8a config or LDAP. > > I can't upgrade so simply on the server as it is the main authentication > for the entire domain. It is scheduled for upgrade later this year. The > new Vista laptop is for one of our directors and he wants it working > now. :-/ > > I'm not sure what you mean with the reg patch and the admx files. This > sounds like a workaround that may work for me. How do I integrate the > admx and reg patches into vista? > > Regards, > > Tom >Hi Tom very suprised to hear that you could join the domain,good for you, but i expect you will get in more troubles later with vista and samba, i know upgrade may paine, but you have to do it anyway cause of security fixes. i have no idea how to integrate policies in vista, but reg patches should be the same as in xp read http://www.microsoft.com/technet/technetmag/issues/2007/02/Templates/default.aspx?loc=en for the new admx format, formally known as adm ( which was compatible to a nt4 domain policies in netlogon share as NTConfig.POL with poledit or in local computer with mmc with the group policy snap in ) i dont think that your boss will have muc fun with vista in your samba domain at all, and its a failure to use m$ os before reaching service pack 1 level. There are known issuses with vista like slow copy renaming of files etc and it not very compatibile in drivers and software. - -- Mit freundlichen Gruessen Best Regards Robert Schetterer https://www.schetterer.org Munich/Bavaria/Germany -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFGDXSdfGH2AvR16oERAjAhAKCNnK0I6lirwPLhvHoPVFFsPYrxBgCdG6oi pyyN2ZPBh5y60+ahq3Qof/c=vzQb -----END PGP SIGNATURE-----