samba - Dec 2008 - samba server in two lans

hello
we have a samba server on centos 5.2 and 2 different lans. so we gave the
server to ips eth0:172.16.93.217 and eth1: 192.168.89.3
but after this when we tried to join clients (windows xp) to the domain the
error: "the specified domain either does not exist or could not be
contacted." what is the solution?

Mohammad Reza Hosseini napsal(a):
> hello
> we have a samba server on centos 5.2 and 2 different lans. so we gave the
> server to ips eth0:172.16.93.217 and eth1: 192.168.89.3
> but after this when we tried to join clients (windows xp) to the domain the
> error: "the specified domain either does not exist or could not be
> contacted." what is the solution?
>   
I had the same problem with Samba 3.0.24 - Debian Etch package. On PDC 
server with 5 interfaces (VLAN) when I tried to join clients to domain, 
sometimes I got several strange errors. Sometimes that errors came on at 
logon...

 From tcpdump output I found a problem that Samba server sometimes send 
browse-reply UDP packets with source IP address of other interface than 
the outgoing interface. So the client can't locate PDC address.

This solution perfectly works for me:

smb.conf - global section:
   interfaces = 192.168.1.0/24 lo
   socket address = 192.168.1.5
where the 192.168.1.5/24 is address of one local interface. Be ware that 
now Samba can be reached only on this 1 address.

On the clients is required to set the LMHOSTS file, so client knows 
selected IP of PDC. I'm using this batch:
   echo 192.168.1.5 PDCNAME #PRE #DOM:DOMNAME > 
%systemroot%\system32\drivers\etc\lmhosts
   REM keep length = 16 chars including the \0x1b
   echo 192.168.1.5 "DOMNAME        \0x1b" #PRE >> 
%systemroot%\system32\drivers\etc\lmhosts
   REM reload config
   nbtstat -R

Maybe this issue is solved in some newer Samba version.

do you have the iptables firewall running or disabled?  what does your 
bind interfaces only, interfaces, and hosts allow lines look like in 
smb.conf?

Mohammad Reza Hosseini wrote:
> hello
> we have a samba server on centos 5.2 and 2 different lans. so we gave the
> server to ips eth0:172.16.93.217 and eth1: 192.168.89.3
> but after this when we tried to join clients (windows xp) to the domain the
> error: "the specified domain either does not exist or could not be
> contacted." what is the solution?
>

---------- Forwarded message ----------
From: John Mazza <maz@maznets.com>
Date: Wed, Dec 24, 2008 at 10:24 AM
Subject: Re: [Samba] samba server in two lans
To: wes <samba@the-wes.com>


Generally, I avoid multi-homing SAMBA (and Windows Servers too). It's always
seemed to cause browse list issues that are too troublesome to deal with.

I fix these issues at the network level by putting a firewall between the
subnets and placing the server in a DMZ. That way the two subnets have no
communication with each other, but both see the server at one IP
address/name combination.

You may need to add a route to the server's subnet specifying the
"firewall"
box's interface on each subnet to make it work.




On Wed, 24 Dec 2008 06:52:53 -0800, wes wrote:
>On Wed, Dec 24, 2008 at 4:56 AM, Vlastimil ?etka <
*setka@spsostrov.cz*> wrote:
>
>> Mohammad Reza Hosseini napsal(a):
>>
>>> hello
>>> we have a samba server on centos 5.2 and 2 different lans. so we
gave
the
>>> server to ips eth0:172.16.93.217 and eth1: 192.168.89.3
>>> but after this when we tried to join clients (windows xp) to the
domain
>>> the
>>> error: "the specified domain either does not exist or could
not be
>>> contacted." what is the solution?
>>>
>>>
>> I had the same problem with Samba 3.0.24 - Debian Etch package. On PDC
>> server with 5 interfaces (VLAN) when I tried to join clients to domain,
>> sometimes I got several strange errors. Sometimes that errors came on
at
>> logon...
>>
>> From tcpdump output I found a problem that Samba server sometimes send
>> browse-reply UDP packets with source IP address of other interface than
the
>> outgoing interface. So the client can't locate PDC address.
>>
>> This solution perfectly works for me:
>>
>> smb.conf - global section:
>> interfaces = 192.168.1.0/24 lo
>> socket address = 192.168.1.5
>> where the 192.168.1.5/24 is address of one local interface. Be ware
that
>> now Samba can be reached only on this 1 address.
>>
>> On the clients is required to set the LMHOSTS file, so client knows
>> selected IP of PDC. I'm using this batch:
>> echo 192.168.1.5 PDCNAME #PRE #DOM:DOMNAME >
>> %systemroot%\system32\drivers\etc\lmhosts
>> REM keep length = 16 chars including the \0x1b
>> echo 192.168.1.5 "DOMNAME \0x1b" #PRE >>
>> %systemroot%\system32\drivers\etc\lmhosts
>> REM reload config
>> nbtstat -R
>>
>> Maybe this issue is solved in some newer Samba version.
>>
>
>I am having this issue also, running Samba 3.0.28a. But, I have a problem
in
>that the internal interface has a different IP than the external interface.
>So I can't tell Samba to listen only on the external interface, because
>Samba does not know that interface exists.
>
>How can I tell Samba to listen on 10.0.0.2, but tell its clients that its
IP
>is 1.0.0.3?
>
>thanks,
>-wes
>--
>To unsubscribe from this list go to the following URL and read the
>instructions: *https://lists.samba.org/mailman/listinfo/samba*

firewall is completely disabled. here is my smb.conf:


[global]
    server string = ITCENTER
    workgroup = ITCENTER
;    security = user
    netbios name = ITCENTER_NET

    passdb backend = ldapsam:ldap://ldapserver
    ldap admin dn = cn=Directory Manager
    ldap suffix = dc=iut,dc=ac,dc=ir
    ldap group suffix = ou=Groups
    ldap user suffix = ou=Users
    ldap machine suffix = ou=Computers
    ldap ssl = start_tls
;    enable privileges = yes
    add machine script = /usr/sbin/smbldap-useradd -w "%u"
    add user script = /usr/sbin/smbldap-useradd -m "%u"
    ldap delete dn = Yes
   delete user script = /usr/sbin/smbldap-userdel "%u"
    add group script = /usr/sbin/smbldap-groupadd -p "%g"
    delete group script = /usr/sbin/smbldap-groupdel "%g"
    add user to group script = /usr/sbin/smbldap-groupmod -m "%u"
"%g"
    delete user from group script = /usr/sbin/smbldap-groupmod -x "%u"
"%g"
    set primary group script = /usr/sbin/smbldap-usermod -g "%g"
"%u"
    ldap passwd sync = Yes


    log level = 1
    syslog = 0
    log file = /var/log/samba/%m
;    encrypt passwords = yes
    os level = 69
    max log size = 50
    name resolve order = wins bcast hosts
    time server = Yes
    wins support = Yes
    socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192
SO_RCVBUF=8192

    logon script = logon.bat
    logon path =""
    logon drive 
    domain logons = Yes
    preferred master = Yes
    domain master = Yes
;    local master = yes
    username map = /etc/samba/smbusers

[homes]
    comment = Home Directories
    valid users = %U
    writeable = yes
    root preexec = /root/mkhomedir.sh %U %G

[netlogon]
    comment = Network Logon Service
    path = /home/netlogon
    guest ok = Yes
    locking = No


2008/12/24 Adam Williams <awilliam@mdah.state.ms.us>
> do you have the iptables firewall running or disabled?  what does your bind
> interfaces only, interfaces, and hosts allow lines look like in smb.conf?
>
>
> Mohammad Reza Hosseini wrote:
>
>> hello
>> we have a samba server on centos 5.2 and 2 different lans. so we gave
the
>> server to ips eth0:172.16.93.217 and eth1: 192.168.89.3
>> but after this when we tried to join clients (windows xp) to the domain
>> the
>> error: "the specified domain either does not exist or could not be
>> contacted." what is the solution?
>>
>>
>