Question

Ebox PDC: Cannot join workstations to domain

Asked by: marce_lito

Hello experts,

I'm migrating a Windows 2003 domain to a domain using free tools using an ebox domain controller.  Everything was going quite well since I decided to reboot the server.  Since then, I cannot join the workstations to the domain.

When I try to join the workstation, I get a username/password prompt, and then I get the Message "The domain is not accessible or it cannot be found".  I have tried so many solutions from this forum, but none of them have worked (or I haven't been smart enough to get them working).  I have a Wireshark capture of the client/server conversation, and the workstation queries using netbios net service for the domain name, to the broadcast address, but gets no response whatsoever.

The problem is, I have migrated all of the accounts to the new domain, and I don't want to reinstall or make configurations changes that won't let me keep my migrated information as it is.

I'm using Ubuntu Server 8.04 LTS amd64, and  ebox 1.0.3-0ubuntu1~ppa1~hardy1

What can I do?

Thanks in advance,

marce_lito

This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.

Subscribe now for full access to Experts Exchange and get

Instant Access to this Solution

  • Plus...
  • 30 Day FREE access, no risk, no obligation
  • Collaborate with the world's top tech experts
  • Unlimited access to our exclusive solution database
  • Never be left without tech help again

Subscribe Now

Asked On
2009-05-10 at 17:30:50ID24396568
Tags

ebox

,

samba

,

linux

,

domain

Topics

Samba File Server

,

Linux Networking

Participating Experts
1
Points
500
Comments
7

Trusted by hundreds of thousands everyday for fast, accurate and reliable tech support.

  • "The time we save is the biggest benefit of Experts Exchange to Warner Bros. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange." Mike Kapnisakis, Warner Bros.
  • "Our team likes having a resource that is more secure than just using Google and most experts using this service really know their stuff. It's nice to look here first versus using Google." Dayna Sellner, Lockheed Martin
  • "Anytime that I've been stumped with a problem, 9 out of 10 times Experts Exchange has either the accepted solution or an open discussion of the potential solution to the problem." Kenny Red, eBay Inc.

See what Experts Exchange can do for you.

Got a question?

We've got the answer.

Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.

Screenshot of Experts Exchange Knowledgebase

Need individual assistance?

Our experts are ready to help.

If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.

Screenshot of Experts Exchange Knowledgebase

Want to learn from the best?

Read articles from industry experts.

Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.

Screenshot of an Article

Working on a long term project?

Store your work and research.

Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.

Screenshot of Experts Exchange Knowledgebase

Access the answers to your technology questions today.

Subscribe Now

30-day free trial. Register in 60 seconds.

What Makes Experts Exchange Unique?

Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.

Trusted by the world's most respected brands.

image of each brand's logo

Faithfully serving IT professionals since 1996.

Experts Exchange Logo

Try it out and discover for yourself.

Subscribe Now

30-day free trial. Register in 60 seconds.

Related Solutions

  1. Ubuntu/Windows Network
    I posted this originally under Ubuntu but no one has been able to solve the problem so her it is for the Windows experts as I feel it is probably a problem with my Windows Network set up which is preventing access. According to Ubuntu it should show the machines of a Windows...
  2. join xp pro to ubuntu server pdc
    hi! i've followed the regular steps to join xp pro to ubuntu server but xp in joining process wizard says "cannot join to domain". i've added pc machine to unix and samba. i've done all the steps in passwd e smbpasswd files, disabled securyity keys in xp policy i ...
  3. Netbios name and Dns resolution
    Netbios name and Dns resolution we have a samba server in the network, its Netbios name is Serversmb, and IP :10.10.10.10 in windows DNS we have an A record Compsamba pointing to the same samba server 10.10.10.10 there is a share in the samba server that I can access from ...
  4. Wireshark and ASA 5505
    I am trying to find out how I can monitor all incoming and outgoing traffic on my ASA 5505 with wireshark. I want to be able to save the packet captures and use Netwitness 's Investigator to look at specific traffic. I have Wireshark running on my local machine so it basica...
  5. Wireshark captureing  massive amount of Bad Checksums
    A new customer has been experiencing slowness and hesitation on the network both internally and externally. I've used Wireshark to take a look but much of this is over my head. The server 2003 Standard IP is .5. There is an older FoxPro App/Database that is running on the ser...
  6. Upgrade Ubuntu 6.10 LTS (Edgy) to 10.04 LTS …
    According to this page, Ubuntu 6.10 (Edgy)can be upgraded only to 8.04 LTS (Hardy). Is there is a way I can upgrade it to latest version i.e., 10.04 LTS (Lucid Lynx).

Free Tech Articles

  1. WARNING: 5 Reasons why you should NEVER fix a computer for free.
    It is in our nature to love the puzzle. We are obsessed. The lot of us. We love puzzles. We love the challenge. We thrive on finding the answer. We hate disarray. It bothers us deep in our soul. W...
  2. SCCM OSD Basic troubleshooting
    SCCM 2007 OSD is a fantastic way to deploy operating systems, however, like most things SCCM issues can sometimes be difficult to resolve due to the sheer volume of logs to sift through and the dispe...
  3. Migrate Small Business Server 2003 to Exchange 2010 and Windows 2008 R2
    This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Windows 2008 R2 with Exchange 2010. For this migration to work you will need the fo...
  4. Create a Win7 Gadget
    This article shows you how to create a simple "Gadget" -- a sort of mini-application supported by Windows 7 and Vista. Gadgets can be dropped anywhere on the desktop to provide instant information, ...
  5. Outlook continually prompting for username and password
    There have been a lot of questions recently regarding Outlook prompting for a username and password whilst using Exchange 2007. There are a few reasons why this would happen and I will try to cover t...
  6. Backup Exchange 2010 Information Store using Windows Backup
    There seems to be quite a lot of confusion around the ability to backup Exchange 2010 using the built in Windows Backup feature. This stems from the omission of this feature prior to Exchange 2007 s...

Cloud Class Webinars

  1. Avoiding Bugs in Microsoft Access
    Alison Balter takes and in-depth look at avoiding bugs in Access. In this webinar you will learn about using the immediate window to debug your applications, invoking the debugger, using breakpoints to troubleshoot, stepping through code, setting the next statement to execute, ...
  2. Top 10 Best New Features in Visio 2010
    Scott Helmers gives live demonstrations of the top 10 new features in Visio 2010. This webinar will teach you how to create compelling diagrams by adding shapes to the page with a single click, linking the shapes in a diagram to data in Excel (or SQL Server, or SharePoint), ...
  3. IT Consultant Business Secrets Revealed
    Michael Munger, Experts Exchange tech pro and IT consultant, pulls back the curtain on his very successful businesses and answers question on every IT consultant and business owner should know about. He shares secrets on what he did to solve the 5 most common problems in IT, ...
  4. Disaster Recovery and Business Continuity
    Quest CTO, Mike Billon, gives an overview of the steps involved in building a dunamic disaster recovery plan. Through case studies and an examination of software/hardware tooles for monitoring and testing, you'll gain a better understandin of where you are, where you want ...
  5. Organize Your Visio Diagrams with Containers and Lists
    Scott Helmers uses cross functional flowcharts, wireframe diagrams, data graphic legends and seating charts to teach you: how to ustilize all three new structured diagram components in Visio 2010, the best practices for organizeing shapes in previous version of Visio, how to organize ...
  6. How to Us Objects, Properties, Events and Methods in Microsoft Access
    Alison Dalter gives an in-depbth look at objects, properties, events and methods in Microsoft Access. In this webinar you will learn about using the object browser, referring to objects, working with properties and methods, working with object variables, understanding the ...

Join the Community

Give a Little. Get a Lot.

Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.

Join the Community

Answers

 

by: lanboyoPosted on 2009-05-11 at 17:11:33ID: 24360178

You want to check the samba log files...


samba_directory /var/smbd.log and samba_directory /var/nmbd.log

Something hre may give you some assistance. Additionally since this occured during a reboot, someone may have grabbed the AD roles for the network in the servers absense.

 

by: marce_litoPosted on 2009-05-11 at 19:07:08ID: 24360636

Thanks for the comment... Thought so too... especially one of the browser roles...

I guess the problem is in nmbd, as all the fuctionality of smbd is available... I've managed to join the computers specifying a wins server explicitly... I would have loved to put the wins server in dhcp, but there's no such option in ebox, and even though I could have edited the stub files directly, any update would have broken the hand made configuration...

Just in case you can give me some sort of clue, here's the nmbd log
  There is already a domain master browser at IP 10.80.46.3 for workgroup MICSIED.LOCAL registered on subnet UNICAST_SUBNET.
[2009/05/11 10:17:59, 0] nmbd/nmbd_become_dmb.c:become_domain_master_browser_wins(335)
  become_domain_master_browser_wins:
  Attempting to become domain master browser on workgroup MICSIED.LOCAL, subnet UNICAST_SUBNET.
[2009/05/11 10:17:59, 0] nmbd/nmbd_become_dmb.c:become_domain_master_browser_wins(349)
  become_domain_master_browser_wins: querying WINS server from IP 127.0.0.1 for domain master browser name MICSIED.LOCAL<1b> on workgroup MICSIED.LOCAL
[2009/05/11 10:17:59, 0] nmbd/nmbd_become_dmb.c:become_domain_master_query_success(233)
  become_domain_master_query_success:
  There is already a domain master browser at IP 10.80.46.3 for workgroup MICSIED.LOCAL registered on subnet UNICAST_SUBNET.
[2009/05/11 10:18:20, 0] nmbd/nmbd_browsesync.c:domain_master_node_status_fail(248)
  domain_master_node_status_fail:
  Doing a node status request to the domain master browser
  for workgroup MICSIED.LOCAL at IP 10.80.46.3 failed.
  Cannot sync browser lists.
[2009/05/11 10:22:59, 0] nmbd/nmbd_become_dmb.c:become_domain_master_browser_wins(335)
  become_domain_master_browser_wins:
  Attempting to become domain master browser on workgroup MICSIED.LOCAL, subnet UNICAST_SUBNET.
[2009/05/11 10:22:59, 0] nmbd/nmbd_become_dmb.c:become_domain_master_browser_wins(349)
  become_domain_master_browser_wins: querying WINS server from IP 127.0.0.1 for domain master browser name MICSIED.LOCAL<1b> on workgroup MICSIED.LOCAL
[2009/05/11 10:22:59, 0] nmbd/nmbd_become_dmb.c:become_domain_master_query_success(233)

10.80.46.3 is actually my external ip address... I really don't know what's that doing there since samba is not listening on that interface...

 

by: lanboyoPosted on 2009-05-12 at 05:13:13ID: 24363653

I dont know if you can edit smb.conf on eebox, but you probably want to limit the connections to your precise interfaces by adding this to smb.conf

[global]
    interfaces = eth1 lo
    bind interfaces only = yes

This covers smb and nmb, usually.

You'll need to restart.

 

by: lanboyoPosted on 2009-05-12 at 05:14:34ID: 24363668

Interfaces should be your internal interface...

http://samba.org/~tpot/articles/multiple-interfaces.html

 

by: lanboyoPosted on 2009-05-12 at 05:45:21ID: 24363905

Put in a ticket with ebox.

Is there any way that the internal and external interfaces were swapped on reboot? That is, did eth1 become the internal and eth0 become external or whatever?

I don't know if you have or are comfortable with manually editing the ebox configuration files. The internet has an example where the ebox was not the default interface for the network.

I think your problem is that samba is running on your external interface, and the domain master browser is unavailable from the internal interface.

You would need to re-enable ssh in th ebox gui and edit some files by hand...

You would need to edit /usr/shares/ebox/stubs/samba/smb.conf.mas
as above, or it will get deleted each reboot.

dhcp can be manipulated by editing

/usr/share/ebox/stubs/dhcp/dhcp.conf.mas

option netbios-name-servers 172.16.0.1;
option netbios-node-type 8; ### Node type = Hybrid ###

that 172. address needs to be your internal interface.


--------
copied from http://trac.ebox-platform.com/ticket/1268
---------

Ebox needs to add two lines to dhcp.conf when PDC is enabled:

option netbios-name-servers 172.16.0.1; <-EBOX SERVER

option netbios-node-type 8; ### Node type = Hybrid ###

In a standard two interface setup, this is not an issue because netbios automatically looks to the default gateway (EBOX). If, however, ebox is not the default gateway, workstations will not be able to find the PDC to join the domain w/o having to manually add the WINS server interface entry at each workstation.

I tested this fairly thoroughly this evening and I would consider this a major bug for anyone using ebox as a PDC that is not the default gateway.

Cheers,

-Jim
Attachments
Change History
Changed 4 months ago by juruen@& ¶

I think we are missing something here. I always test the PDC configuration in my local network with a machine that only has one interface. My test machine is not working as a gateway, and I have added windows machines to the domain successfully. So I'm pretty sure it should be something else that we are missing...
Changed 4 months ago by jcanfield@& ¶

Hmmm...I'll dig a little deeper. Your client computers are using the default windows interface setting of "Get netbios info from DHCP server" right? ...not NETBIOS over TCP/IP?

Could be a WINS issue. The only way I could get the machines to join w/o editing DHCP conf was by adding a WINS server entry on each client.
Changed 4 months ago by jcanfield@& ¶

I finally have things working the way I want. Here's what needs to be done:

Firstly, this error is a result of having winbind installed. The simple fix is to uninstall winbind and your domain will work just fine in broadcast mode. If, however, you are interested in running winbind this what needs to be done:

1) add the lines above to dhcp.conf.mas

2) run 'smbldap-populate' This will allow root to be the "Netbios Domain Administrator"

3) run 'smbldap-usermod -d /root -s /bin/bash root' This will fix the root account pointers.

4) restart samba and winbind

5) Join the domain locally 'net rpc join -S DOMAIN -U root%password

6) restart winbind

7) Do an anonymous domain query 'smbclient -L localhost -U%' If you see your server and shares you should be all set.

The advantages of of this config:

- Direct WINS host lookups (Reduces broadcast traffic on larger networks)

- Hostnames are matched to IP's even if they are not in DNS.

Also, running smbldap-populate will create a 'nobody' user. This might be annoying for some users. I'm not sure at this point exact what the account is used for.

Changed 7 weeks ago by michael.judd@& ¶

Just letting you know - I had the same issue and this ticket fixed the problem. I also had a separate gateway and I was having problems joining a windows XP computer to the domain. It would be great to see this in the core. I'm on: 0.11.100
Changed 7 weeks ago by juruen@& ¶

Micheal,

Did you have winbind installed on the eBox machine when you tried to add the machine to the domain?

If you did, that's probably the reason why you couldn't add the machine to the domain.
Changed 7 weeks ago by michael.judd@& ¶

No - there's no winbind installed as far as I can see (no /etc/init.d/winbindd)

 

by: marce_litoPosted on 2009-05-12 at 07:34:27ID: 24365008

You can't edit smb.conf directly in ebox, but you can edit the stub files that will become smb.conf... about the interfaces, it was already there... samba was already  only listening on the internal interfaces... Indeed I had to edit the stub files by hand in order to do that... I have checked it with netstat, and only the internal interface is listening on port 139 and the others...
Still, I really don't know why the external interface is throwing nmb errors, and why nmbd is not answering broadcast queries for the domain name... I thought it could some firewall issue, but no luck without the firewall either... anyway, the wins server specification in the dhcpd files was a great idea...

Ebox could be a really simple solutions, but I guess it still needs time to get mature... If were the one to manage the domain, I would have installed the samba package independently, and managed it independently... alas, I'm doing this for a client terrified to death by a CLI.

Thanks a lot, you have been very helpful

 

by: marce_litoPosted on 2009-05-12 at 07:37:58ID: 31579996

Thanks a lot... putting the WINS options in the dhcpd stub files is what I'm going to do, but they will get overwritten if I upgrade my box... anyway, I haven't discovered why the linux box is not answering queries for the domain name...

20120131-EE-VQP-002

3 Ways to Join

30-Day Free Trial

The Experts

98% positive feedback on 31,087 answers since March 2000. angeliii is a Microsoft Most Valuable Professional for his work with MS SQL Server & Develoment.

He has also proven his knowledge of Visual Basic Programming, PHP Scripting and Oracle Databases.

The Experts

97% positive feedback on 10,752 answers since July 2000. lrmoore has more than 18 years experience in the networking industry.

The six-time Mircosoft MVPs specialties include firewalls, virtual private networking, and network management.

Testimonials

"...and excellent source for support... Kind of like having your very own IT dept." Electriciansnet

Testimonials

"I was apprehensive at signing up at first. However... it has already made my life as an IT administrator much easier." JaCrews

Testimonials

"WOW! You guys have great, active, and knowledgeable people on here." moore50

Business Clients

Business Clients

In the Press

"If you’ve got a question... Experts Exchange can supply an answer.”

In the Press

"...an invaluable aid for both IT professionals and those who require tech support."

In the Press

"where IT professionals provide quick answers on just about any topic"

Business Account Plans

Loading Advertisement...