Thomas Harvey
2011-Jul-08  17:00 UTC
[Samba] Win7 unable to join domain if PDC has a static IP address
I've seen this asked before in various forums and even on here, but never answered; here is a list of the symptoms and what I have done, hopefully someone here will have a solution. I have an Ubuntu10.04 server running samba3.4.7 and I have a (fleet of) Lenovo Thinkpad Edge's running win7Pro64 If the Samba server has been assigned a static IP address then the Lenovo will not join the domain, telling me that the server cannot be found. I get the auth screen where I enter the Samba Domain Admin details. Nothing shows on the samba server logs, and windows dialogs: The following Error occurred when attempting to join the domain "OFS" The specified domain either does not exist or could not be contacted When the server gets it's IP address by DHCP the Lenovo will join just fine. I don't want to rely on a DHCP lease, or on the router distributing a fixed IP to the specific MAC address, I want to set it on ubuntu. Have I misunderstood something about Samba networking? I assume it something to do with my static settings, and broadcasting or something, so here is my /etc/network/interfaces and then I will talk about the things I have tried and the weirdnesses. # The loopback network interface auto lo iface lo inet loopback # The primary network interface auto eth0 iface eth0 inet static address 10.25.100.14 netmask 255.255.0.0 network 10.11.0.0 broadcast 10.11.255.255 gateway 10.25.100.1 Anyone spot anything I'm doing wrong here.. the working DHCP is the standard "iface eth0 inet dhcp" line instead of static and all of the static settings. Surely most people run their servers on a static IP?? So, I tried to create an aliased Static IP... # The loopback network interface auto lo iface lo inet loopback # The primary network interface auto eth0 iface eth0 inet dhcp iface eth0:0 inet static address 10.25.100.14 netmask 255.255.0.0 network 10.11.0.0 broadcast 10.11.255.255 gateway 10.25.100.1 And then bring that up with ifup eth0:0 Then the server will respond on both the static IP and the one assigned by DHCP when pinging and ssh, but the laptop will not join the domain. ifdown eth0:0 and it will join the domain. Once it has joined everything will work fine, so I can log in, access the shares, even log in with users that were created on the server after the laptop was joined to the domain. But, I hardly want to have to ssh in, check the dynamic IP, drop the static one, add a new machine to the domain and then log in to the dynamic IP and up the static IP each time I provision a new laptop! Nor do I want to rely on the dynamic IP lease length on the router to assign the same IP from the DHCP pool each time. This is what static IPs are for. Is there something fundamentally wrong in my understanding of Windows/Samba networks. Also, I can net join form another ubuntu machine to join the domain when the PDC is on static, so this seems to only be an issue with Win clients. I don not have any XP or vista boxes to try this out on. For reasons of completion... here is the redacted output of testparm: Thanks for any help... Processing section "[homes]" Processing section "[profiles]" Processing section "[netlogon]" Processing section "[cappuccino]" Processing section "[photos]" Loaded services file OK. Server role: ROLE_DOMAIN_PDC [global] workgroup = OFS obey pam restrictions = Yes passdb backend = ldapsam:ldap://localhost pam password change = Yes syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 smb ports = 139 server signing = auto add user script = /usr/sbin/smbldap-useradd -m '%u' delete user script = /usr/sbin/smbldap-userdel %u add group script = /usr/sbin/smbldap-groupadd -p '%g' delete group script = /usr/sbin/smbldap-groupdel '%g' add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g' delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g' set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u' add machine script = /usr/sbin/smbldap-useradd -w '%u' logon path = "\\SERVER\profiles\%U" logon drive = U: domain logons = Yes os level = 35 domain master = Yes dns proxy = No wins support = Yes ldap admin dn = cn=admin,dc=domain,dc=com ldap group suffix = ou=groups ldap idmap suffix = ou=Idmap ldap machine suffix = ou=machines ldap passwd sync = yes ldap suffix = dc=domain,dc=com ldap user suffix = ou=people [homes] comment = Home Directories path = /office/homes/%U valid users = %S read only = No create mask = 0750 browseable = No browsable = No [profiles] comment = Roaming Profile Share path = /srv/samba/profiles read only = No create mask = 0600 directory mask = 0700 profile acls = Yes hide files = /desktop.ini/outlook*.lnk/*Briefcase*/ store dos attributes = Yes browseable = No browsable = No [netlogon] comment = Network Logon Service path = /srv/samba/netlogon admin users = root browseable = No browsable = No
Gaiseric Vandal
2011-Jul-08  17:21 UTC
[Samba] Win7 unable to join domain if PDC has a static IP address
What kind of DHCP server do you have? You should make sure that DHCP is assigning the samba PDC's IP as the WINS server IP address to clients. You also want to make sure the samba server is the only WINS server. Windows DHCP servers can OPTIONALLY update DNS info, which means somehow when them samba server is registered with the DHCP server, data gets added to DNS (or even WINS if your DHCP server is also a WINS server.) Clients don't use a hostname for joining a Samba or NT4 domain, so I am not 100% sure that this is the actual issue. You want to make sure that you do have a static DNS entry for the Samba server. Also, make sure that the windows clients - even if they can't join the domain- can see networks shares on the samba server (that will verify netbios is running.) For the moment, you should allocate a DHCP reservation for the samba server anyway. On 07/08/2011 01:00 PM, Thomas Harvey wrote:> I've seen this asked before in various forums and even on here, but never answered; here is a list of the symptoms and what I have done, hopefully someone here will have a solution. > > I have an Ubuntu10.04 server running samba3.4.7 and I have a (fleet of) Lenovo Thinkpad Edge's running win7Pro64 > If the Samba server has been assigned a static IP address then the Lenovo will not join the domain, telling me that the server cannot be found. I get the auth screen where I enter the Samba Domain Admin details. Nothing shows on the samba server logs, and windows dialogs: > > The following Error occurred when attempting to join the domain "OFS" > The specified domain either does not exist or could not be contacted > > When the server gets it's IP address by DHCP the Lenovo will join just fine. > > I don't want to rely on a DHCP lease, or on the router distributing a fixed IP to the specific MAC address, I want to set it on ubuntu. Have I misunderstood something about Samba networking? > I assume it something to do with my static settings, and broadcasting or something, so here is my /etc/network/interfaces and then I will talk about the things I have tried and the weirdnesses. > > # The loopback network interface > auto lo > iface lo inet loopback > > # The primary network interface > auto eth0 > iface eth0 inet static > address 10.25.100.14 > netmask 255.255.0.0 > network 10.11.0.0 > broadcast 10.11.255.255 > gateway 10.25.100.1 > > Anyone spot anything I'm doing wrong here.. the working DHCP is the standard "iface eth0 inet dhcp" line instead of static and all of the static settings. Surely most people run their servers on a static IP?? > > So, I tried to create an aliased Static IP... > > # The loopback network interface > auto lo > iface lo inet loopback > > # The primary network interface > auto eth0 > iface eth0 inet dhcp > iface eth0:0 inet static > address 10.25.100.14 > netmask 255.255.0.0 > network 10.11.0.0 > broadcast 10.11.255.255 > gateway 10.25.100.1 > > And then bring that up with ifup eth0:0 Then the server will respond on both the static IP and the one assigned by DHCP when pinging and ssh, but the laptop will not join the domain. ifdown eth0:0 and it will join the domain. > > Once it has joined everything will work fine, so I can log in, access the shares, even log in with users that were created on the server after the laptop was joined to the domain. But, I hardly want to have to ssh in, check the dynamic IP, drop the static one, add a new machine to the domain and then log in to the dynamic IP and up the static IP each time I provision a new laptop! Nor do I want to rely on the dynamic IP lease length on the router to assign the same IP from the DHCP pool each time. This is what static IPs are for. > > Is there something fundamentally wrong in my understanding of Windows/Samba networks. > > Also, I can net join form another ubuntu machine to join the domain when the PDC is on static, so this seems to only be an issue with Win clients. I don not have any XP or vista boxes to try this out on. > > For reasons of completion... here is the redacted output of testparm: > > Thanks for any help... > > Processing section "[homes]" > Processing section "[profiles]" > Processing section "[netlogon]" > Processing section "[cappuccino]" > Processing section "[photos]" > Loaded services file OK. > Server role: ROLE_DOMAIN_PDC > [global] > workgroup = OFS > obey pam restrictions = Yes > passdb backend = ldapsam:ldap://localhost > pam password change = Yes > syslog = 0 > log file = /var/log/samba/log.%m > max log size = 1000 > smb ports = 139 > server signing = auto > add user script = /usr/sbin/smbldap-useradd -m '%u' > delete user script = /usr/sbin/smbldap-userdel %u > add group script = /usr/sbin/smbldap-groupadd -p '%g' > delete group script = /usr/sbin/smbldap-groupdel '%g' > add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g' > delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g' > set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u' > add machine script = /usr/sbin/smbldap-useradd -w '%u' > logon path = "\\SERVER\profiles\%U" > logon drive = U: > domain logons = Yes > os level = 35 > domain master = Yes > dns proxy = No > wins support = Yes > ldap admin dn = cn=admin,dc=domain,dc=com > ldap group suffix = ou=groups > ldap idmap suffix = ou=Idmap > ldap machine suffix = ou=machines > ldap passwd sync = yes > ldap suffix = dc=domain,dc=com > ldap user suffix = ou=people > > [homes] > comment = Home Directories > path = /office/homes/%U > valid users = %S > read only = No > create mask = 0750 > browseable = No > browsable = No > > [profiles] > comment = Roaming Profile Share > path = /srv/samba/profiles > read only = No > create mask = 0600 > directory mask = 0700 > profile acls = Yes > hide files = /desktop.ini/outlook*.lnk/*Briefcase*/ > store dos attributes = Yes > browseable = No > browsable = No > > [netlogon] > comment = Network Logon Service > path = /srv/samba/netlogon > admin users = root > browseable = No > browsable = No >
Chris Smith
2011-Jul-08  18:49 UTC
[Samba] Win7 unable to join domain if PDC has a static IP address
On Fri, Jul 8, 2011 at 1:00 PM, Thomas Harvey <tom.harvey at onefinestay.com> wrote:> When the server gets it's IP address by DHCP the Lenovo will join just fine.Does: hostname -f ...provide the same info in both cases?
Harry Jede
2011-Jul-08  19:17 UTC
[Samba] Win7 unable to join domain if PDC has a static IP address
On 19:40:39 wrote Thomas Harvey:> # The primary network interface > auto eth0 > iface eth0 inet static > address 10.25.100.14 > netmask 255.255.0.0 > network 10.11.0.0 > broadcast 10.11.255.255 > gateway 10.25.100.1# ipcalc -b 10.25.100.14/255.255.0.0 Address: 10.25.100.14 Netmask: 255.255.0.0 = 16 Wildcard: 0.0.255.255 => Network: 10.25.0.0/16 HostMin: 10.25.0.1 HostMax: 10.25.255.254 Broadcast: 10.25.255.255 Hosts/Net: 65534 Class A, Private Internet Your host ip is NOT on your network, nor is the gateway ip direct reachable. -- Harry Jede -- Gruss Harry Jede