Christian Brandes
2010-Oct-06 15:27 UTC
[Samba] SAMBA replies SAM LOGON request from different ip alias
Hi all, we have got 4 Samba Servers. All BDCs for "MYDOMAIN", except by SERVER3 that is a PDC. All of them have 3 physical Network interfaces, from which 2 are used by samba. Each of them has a several ip aliases, except by SERVER1 which has only primary ip numbers on its interfaces. When I try to join a new Windows client (XP SP3) to the domain. It asks our wins server for MYDOMAIN<1c> and gets a correct reply with all primary ip numbers of all SERVERs. The Windows client picks one in its network and does a SAM LOGON request. Then there are two possibilities: 1) Either it picks a SERVER2-4 with ip aliases on its interfaces. Then the SERVER responds with a different ip number than the client sent its request to. So the client does not recognize the SAM Response "user unknown" and does not pop up the requester for a valid domain admin username and password. After a while it displays an error message instead. And the join procedure cannot go on. 2) Or it picks SERVER1 whithout ip aliases on its interfaces. The SERVER responds with the only ip number on its interface in the client's network. So the client does recognize the SAM Response "user unknown" and pops up the domain admin logon requester and the join procedure can continue. ????? So, why does SAMBA not reply on the same ip number ist was queried? How can I get SAMBA to reply on the same ip number ist was queried? Versions: Samba: 3.4.7 Samba4wins: 1.0.8-2 Linux: Ubuntu 10.04.1 LTS Kernel: Linux tux1 2.6.32-24-server #42-Ubuntu SMP Fri Aug 20 15:38:55 UTC 2010 x86_64 GNU/Linux 192.168.16.0 is one single network with netmask 255.255.254.0 ! Related interfaces (and aliases): XP-CLIENT: 192.168.17.25 WINS-SERVER: 192.168.16.28 DNS-SERVER: 192.168.16.6 SERVER1 (BDC): 192.168.16.31 SERVER2 (BDC): 192.168.16.32 (primary) 192.168.16.38 (ip alias) (and other aliases) SERVER3 (PDC): 192.168.16.33 (and other aliases) SERVER2 picked: (fails) No. Time Source Destination Protocol Info 1 2.076876 192.168.17.25 192.168.16.28 NBNS Name query NB MYDOMAIN<1c> 2 2.078163 192.168.16.28 192.168.17.25 NBNS Name query response NB 192.168.16.32 3 2.088111 192.168.17.25 192.168.16.32 SMB_NETLOGON SAM LOGON request from client 4 2.088776 192.168.16.38 192.168.17.25 SMB_NETLOGON SAM Response - user unknown 5 9.530892 192.168.17.25 192.168.16.32 SMB_NETLOGON SAM LOGON request from client 6 9.531494 192.168.16.38 192.168.17.25 SMB_NETLOGON SAM Response - user unknown SERVER1 picked: (success) No. Time Source Destination Protocol Info 1 14.454644 192.168.17.25 192.168.16.28 NBNS Name query NB MYDOMAIN<1c> 2 14.456279 192.168.16.28 192.168.17.25 NBNS Name query response NB 192.168.16.31 3 14.466001 192.168.17.25 192.168.16.31 SMB_NETLOGON SAM LOGON request from client 4 14.466893 192.168.16.31 192.168.17.25 SMB_NETLOGON SAM Response - user unknown 5 22.146011 192.168.17.25 192.168.16.31 SMB_NETLOGON SAM LOGON request from client 6 22.146843 192.168.16.31 192.168.17.25 SMB_NETLOGON SAM Response - user unknown 7 22.251916 192.168.17.25 192.168.16.31 SMB_NETLOGON SAM LOGON request from client 8 22.253337 192.168.16.31 192.168.17.25 SMB_NETLOGON Response to SAM LOGON request 9 22.360521 192.168.17.25 192.168.16.45 SMB_NETLOGON Query for PDC from XP-CLIENT 10 22.361161 192.168.16.45 192.168.17.25 SMB_NETLOGON Response from PDC: host SERVER3, domain MYDOMAIN 11 29.769958 192.168.17.25 192.168.16.33 TCP 1027 > netbios-ssn [SYN] Seq=0 Win=64240 Len=0 MSS=1460 12 29.770576 192.168.16.33 192.168.17.25 TCP netbios-ssn > 1027 [SYN, ACK] Seq=0 Ack=1 Win=5840 Len=0 MSS=1460 13 29.772356 192.168.17.25 192.168.16.33 NBSS Session request, to SERVER3<20> from XP-CLIENT<00> 14 29.773223 192.168.16.33 192.168.17.25 TCP netbios-ssn > 1027 [ACK] Seq=1 Ack=73 Win=5840 Len=0 15 29.778573 192.168.16.33 192.168.17.25 NBSS Positive session response 16 29.793630 192.168.17.25 192.168.16.33 SMB Negotiate Protocol Request 17 29.794548 192.168.16.33 192.168.17.25 SMB Negotiate Protocol Response 18 29.801768 192.168.17.25 192.168.16.6 DNS Standard query A SERVER3.mydomain.de 19 29.802515 192.168.16.6 192.168.17.25 DNS Standard query response A 192.168.16.33 20 29.808240 192.168.17.25 192.168.16.33 ICMP Echo (ping) request 21 29.809174 192.168.16.33 192.168.17.25 ICMP Echo (ping) reply 22 29.820861 192.168.17.25 192.168.16.33 SMB Session Setup AndX Request, NTLMSSP_NEGOTIATE 23 29.822494 192.168.16.33 192.168.17.25 SMB Session Setup AndX Response, NTLMSSP_CHALLENGE, Error: STATUS_MORE_PROCESSING_REQUIRED 24 29.822896 192.168.17.25 192.168.16.33 SMB Session Setup AndX Request, NTLMSSP_AUTH, User: MYDOMAIN\root 25 29.833134 192.168.16.33 192.168.17.25 SMB Session Setup AndX Response 26 29.833843 192.168.17.25 192.168.16.33 SMB Tree Connect AndX Request, Path: \\SERVER3\IPC$ 27 29.835794 192.168.16.33 192.168.17.25 SMB Tree Connect AndX Response 28 29.843879 192.168.17.25 192.168.16.33 SMB NT Create AndX Request, FID: 0x4a4e, Path: \lsarpc 29 29.845124 192.168.16.33 192.168.17.25 SMB NT Create AndX Response, FID: 0x4a4e 30 29.853859 192.168.17.25 192.168.16.33 DCERPC Bind: call_id: 1 LSA V0.0 31 29.854438 192.168.16.33 192.168.17.25 SMB Write AndX Response, FID: 0x4a4e, 72 bytes 32 29.858426 192.168.16.33 192.168.17.25 DCERPC Bind_ack: call_id: 1 accept max_xmit: 4280 max_recv: 4280 33 29.860222 192.168.17.25 192.168.16.33 LSA LsarOpenPolicy2 request, \\SERVER3 root at server1# lsof -nPi4 | grep mbd | grep -v ESTABLISHED smbd 5301 root 22u IPv4 13507 0t0 TCP 192.168.16.31:445 (LISTEN) smbd 5301 root 23u IPv4 13508 0t0 TCP 192.168.16.31:139 (LISTEN) nmbd 5309 root 9u IPv4 13472 0t0 UDP *:137 nmbd 5309 root 10u IPv4 13473 0t0 UDP *:138 nmbd 5309 root 11u IPv4 13477 0t0 UDP 192.168.16.31:137 nmbd 5309 root 12u IPv4 13478 0t0 UDP 192.168.16.31:138 root at server2# lsof -nPi4 | grep mbd | grep -v ESTABLISHED smbd 29514 root 42u IPv4 58325208 0t0 TCP 192.168.16.38:445 (LISTEN) smbd 29514 root 43u IPv4 58325209 0t0 TCP 192.168.16.38:139 (LISTEN) smbd 29514 root 54u IPv4 58325220 0t0 TCP 192.168.16.32:445 (LISTEN) smbd 29514 root 55u IPv4 58325221 0t0 TCP 192.168.16.32:139 (LISTEN) nmbd 29520 root 9u IPv4 58325118 0t0 UDP *:137 nmbd 29520 root 10u IPv4 58325119 0t0 UDP *:138 nmbd 29520 root 31u IPv4 58325159 0t0 UDP 192.168.16.38:137 nmbd 29520 root 32u IPv4 58325160 0t0 UDP 192.168.16.38:138 nmbd 29520 root 43u IPv4 58325171 0t0 UDP 192.168.16.32:137 nmbd 29520 root 44u IPv4 58325172 0t0 UDP 192.168.16.32:138 Best regards Christian
Walter Mautner
2010-Oct-06 20:28 UTC
[Samba] SAMBA replies SAM LOGON request from different ip alias
On Wednesday 06 October 2010 17:27:00 Christian Brandes wrote:> Hi all,.....> 1) Either it picks a SERVER2-4 with ip aliases on its interfaces. Then the > SERVER responds with a different ip number than the client sent its > request to. So the client does not recognize the SAM Response "user > unknown" and does not pop up the requester for a valid domain admin > username and password. After a while it displays an error message instead. > And the join procedure cannot go on. > > 2) Or it picks SERVER1 whithout ip aliases on its interfaces. The SERVER > responds with the only ip number on its interface in the client's network. > So the client does recognize the SAM Response "user unknown" and pops up > the domain admin logon requester and the join procedure can continue. > > ????? > So, why does SAMBA not reply on the same ip number ist was queried? > How can I get SAMBA to reply on the same ip number ist was queried? > > > Versions: > > Samba: 3.4.7 > Samba4wins: 1.0.8-2 > Linux: Ubuntu 10.04.1 LTS > Kernel: Linux tux1 2.6.32-24-server #42-Ubuntu SMP Fri Aug 20 15:38:55 UTC > 2010 x86_64 GNU/Linux > > 192.168.16.0 is one single network with netmask 255.255.254.0 ! > > Related interfaces (and aliases): > > XP-CLIENT: 192.168.17.25 > WINS-SERVER: 192.168.16.28 > DNS-SERVER: 192.168.16.6 > SERVER1 (BDC): 192.168.16.31 > SERVER2 (BDC): 192.168.16.32 (primary) > 192.168.16.38 (ip alias) > (and other aliases) > SERVER3 (PDC): 192.168.16.33 > (and other aliases) >There is no alias 192.168.16.38 listed> > SERVER2 picked: (fails) > > No. Time Source Destination Protocol > Info 1 2.076876 192.168.17.25 192.168.16.28 NBNS > Name query NB MYDOMAIN<1c> 2 2.078163 192.168.16.28 > 192.168.17.25 NBNS Name query response NB 192.168.16.32 3 > 2.088111 192.168.17.25 192.168.16.32 SMB_NETLOGON SAM > LOGON request from client 4 2.088776 192.168.16.38 > 192.168.17.25 SMB_NETLOGON SAM Response - user unknown 5 9.530892 > 192.168.17.25 192.168.16.32 SMB_NETLOGON SAM LOGON > request from client 6 9.531494 192.168.16.38 192.168.17.25 > SMB_NETLOGON SAM Response - user unknown >Then why does the server use 192.168.16.38 as source ip?