deep ramcrazy
2012-May-04 08:42 UTC
[Samba] after joining the domain the server loose the domain controller
Hello, I've a rhel6 server on a vmware structure. samba rpm are; samba-common-3.5.10-115.el6_2.x86_64 samba-3.5.10-115.el6_2.x86_64 samba-winbind-clients-3.5.10-115.el6_2.x86_64 smb.conf [global] workgroup = AAAA server string = TSTArchive security = DOMAIN passdb backend = tdbsam log level = 3 local master = No ldap ssl = no cups options = raw short preserve case = No dos filetimes = Yes dos filetime resolution = Yes unix extensions = no wide links = yes # disable printing load printers = no cups options = raw printcap name = /etc/printcap show add printer wizard = no disable spoolss = yes Network: IP=10.13.16.22 NETMASK="255.255.254.0" GATEWAY="10.13.16.1" (it is on a different vlan in rspect to the dc) I successfully join the domain:> net join -w AAAA -S domaincontroller -U networkadmindomaincontroller network: IP= 10.13.0.49 NETMASK="255.255.252.0" GATEWAY=10.13.0.3 and all is running fine for a while. After some time I'm not able to have the authentication to the DC:> net rpc testjoinUnable to find a suitable server for domain AAAA Join to domain 'AAAA' is not valid: NT_STATUS_UNSUCCESSFUL I've a dubt that with different vlan the DC and the samba server cannot communicate, but I'm not sure and in which way bypass it. Thank you Kind Regards Romano
Gaiseric Vandal
2012-May-04 13:27 UTC
[Samba] after joining the domain the server loose the domain controller
I think what is significant is that this server and the domain controller are on separate TCP/IP subnets (which happen to be on separate VLAN's.) When you do your initial domain join, you specify the name of the domain controller- that name probably resolved via DNS (or may be from /etc/hosts) so all goes well, even though the machines are on different subnets. My guess is that when your machine authenticates to the domain controller the next time around it is "asking" for a domain controller but not explicitly asking for the same controller it used before. So it might be doing a broadcast, which will not be successful. You need to make sure your member server "knows" about machines on the DC's subnet. 1- Configure your DC as a WINS server. Configure your member server as a WINS client. 2. Configure "remote browse sync" with the member server querying the DC for its browser info. 3. Use lmhosts on your member server - similar to the hosts file, except that it also tells you which machines are DC's for the domain. On 05/04/12 04:42, deep ramcrazy wrote:> Hello, > I've a rhel6 server on a vmware structure. > samba rpm are; > samba-common-3.5.10-115.el6_2.x86_64 > samba-3.5.10-115.el6_2.x86_64 > samba-winbind-clients-3.5.10-115.el6_2.x86_64 > > smb.conf > [global] > workgroup = AAAA > server string = TSTArchive > security = DOMAIN > passdb backend = tdbsam > log level = 3 > local master = No > ldap ssl = no > cups options = raw > short preserve case = No > dos filetimes = Yes > dos filetime resolution = Yes > unix extensions = no > wide links = yes > > # disable printing > load printers = no > cups options = raw > printcap name = /etc/printcap > show add printer wizard = no > disable spoolss = yes > > Network: > IP=10.13.16.22 NETMASK="255.255.254.0" > GATEWAY="10.13.16.1" (it is on a different vlan in rspect to the dc) > > I successfully join the domain: >> net join -w AAAA -S domaincontroller -U networkadmin > domaincontroller network: > IP= 10.13.0.49 NETMASK="255.255.252.0" > GATEWAY=10.13.0.3 > > and all is running fine for a while. After some time I'm not able to have the authentication to the DC: >> net rpc testjoin > Unable to find a suitable server for domain AAAA > Join to domain 'AAAA' is not valid: NT_STATUS_UNSUCCESSFUL > > I've a dubt that with different vlan the DC and the samba server cannot communicate, but I'm not sure and in which way bypass it. > Thank you > Kind Regards > Romano