marce_lito
asked on
Ebox PDC: Cannot join workstations to domain
Hello experts,
I'm migrating a Windows 2003 domain to a domain using free tools using an ebox domain controller. Everything was going quite well since I decided to reboot the server. Since then, I cannot join the workstations to the domain.
When I try to join the workstation, I get a username/password prompt, and then I get the Message "The domain is not accessible or it cannot be found". I have tried so many solutions from this forum, but none of them have worked (or I haven't been smart enough to get them working). I have a Wireshark capture of the client/server conversation, and the workstation queries using netbios net service for the domain name, to the broadcast address, but gets no response whatsoever.
The problem is, I have migrated all of the accounts to the new domain, and I don't want to reinstall or make configurations changes that won't let me keep my migrated information as it is.
I'm using Ubuntu Server 8.04 LTS amd64, and ebox 1.0.3-0ubuntu1~ppa1~hardy1
What can I do?
Thanks in advance,
marce_lito
I'm migrating a Windows 2003 domain to a domain using free tools using an ebox domain controller. Everything was going quite well since I decided to reboot the server. Since then, I cannot join the workstations to the domain.
When I try to join the workstation, I get a username/password prompt, and then I get the Message "The domain is not accessible or it cannot be found". I have tried so many solutions from this forum, but none of them have worked (or I haven't been smart enough to get them working). I have a Wireshark capture of the client/server conversation, and the workstation queries using netbios net service for the domain name, to the broadcast address, but gets no response whatsoever.
The problem is, I have migrated all of the accounts to the new domain, and I don't want to reinstall or make configurations changes that won't let me keep my migrated information as it is.
I'm using Ubuntu Server 8.04 LTS amd64, and ebox 1.0.3-0ubuntu1~ppa1~hardy1
What can I do?
Thanks in advance,
marce_lito
ASKER
Thanks for the comment... Thought so too... especially one of the browser roles...
I guess the problem is in nmbd, as all the fuctionality of smbd is available... I've managed to join the computers specifying a wins server explicitly... I would have loved to put the wins server in dhcp, but there's no such option in ebox, and even though I could have edited the stub files directly, any update would have broken the hand made configuration...
Just in case you can give me some sort of clue, here's the nmbd log
There is already a domain master browser at IP 10.80.46.3 for workgroup MICSIED.LOCAL registered on subnet UNICAST_SUBNET.
[2009/05/11 10:17:59, 0] nmbd/nmbd_become_dmb.c:bec
become_domain_master_brows
Attempting to become domain master browser on workgroup MICSIED.LOCAL, subnet UNICAST_SUBNET.
[2009/05/11 10:17:59, 0] nmbd/nmbd_become_dmb.c:bec
become_domain_master_brows
[2009/05/11 10:17:59, 0] nmbd/nmbd_become_dmb.c:bec
become_domain_master_query
There is already a domain master browser at IP 10.80.46.3 for workgroup MICSIED.LOCAL registered on subnet UNICAST_SUBNET.
[2009/05/11 10:18:20, 0] nmbd/nmbd_browsesync.c:dom
domain_master_node_status_
Doing a node status request to the domain master browser
for workgroup MICSIED.LOCAL at IP 10.80.46.3 failed.
Cannot sync browser lists.
[2009/05/11 10:22:59, 0] nmbd/nmbd_become_dmb.c:bec
become_domain_master_brows
Attempting to become domain master browser on workgroup MICSIED.LOCAL, subnet UNICAST_SUBNET.
[2009/05/11 10:22:59, 0] nmbd/nmbd_become_dmb.c:bec
become_domain_master_brows
[2009/05/11 10:22:59, 0] nmbd/nmbd_become_dmb.c:bec
10.80.46.3 is actually my external ip address... I really don't know what's that doing there since samba is not listening on that interface...
I guess the problem is in nmbd, as all the fuctionality of smbd is available... I've managed to join the computers specifying a wins server explicitly... I would have loved to put the wins server in dhcp, but there's no such option in ebox, and even though I could have edited the stub files directly, any update would have broken the hand made configuration...
Just in case you can give me some sort of clue, here's the nmbd log
There is already a domain master browser at IP 10.80.46.3 for workgroup MICSIED.LOCAL registered on subnet UNICAST_SUBNET.
[2009/05/11 10:17:59, 0] nmbd/nmbd_become_dmb.c:bec
become_domain_master_brows
Attempting to become domain master browser on workgroup MICSIED.LOCAL, subnet UNICAST_SUBNET.
[2009/05/11 10:17:59, 0] nmbd/nmbd_become_dmb.c:bec
become_domain_master_brows
[2009/05/11 10:17:59, 0] nmbd/nmbd_become_dmb.c:bec
become_domain_master_query
There is already a domain master browser at IP 10.80.46.3 for workgroup MICSIED.LOCAL registered on subnet UNICAST_SUBNET.
[2009/05/11 10:18:20, 0] nmbd/nmbd_browsesync.c:dom
domain_master_node_status_
Doing a node status request to the domain master browser
for workgroup MICSIED.LOCAL at IP 10.80.46.3 failed.
Cannot sync browser lists.
[2009/05/11 10:22:59, 0] nmbd/nmbd_become_dmb.c:bec
become_domain_master_brows
Attempting to become domain master browser on workgroup MICSIED.LOCAL, subnet UNICAST_SUBNET.
[2009/05/11 10:22:59, 0] nmbd/nmbd_become_dmb.c:bec
become_domain_master_brows
[2009/05/11 10:22:59, 0] nmbd/nmbd_become_dmb.c:bec
10.80.46.3 is actually my external ip address... I really don't know what's that doing there since samba is not listening on that interface...
I dont know if you can edit smb.conf on eebox, but you probably want to limit the connections to your precise interfaces by adding this to smb.conf
[global]
interfaces = eth1 lo
bind interfaces only = yes
This covers smb and nmb, usually.
You'll need to restart.
[global]
interfaces = eth1 lo
bind interfaces only = yes
This covers smb and nmb, usually.
You'll need to restart.
Interfaces should be your internal interface...
http://samba.org/~tpot/articles/multiple-interfaces.html
http://samba.org/~tpot/articles/multiple-interfaces.html
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
You can't edit smb.conf directly in ebox, but you can edit the stub files that will become smb.conf... about the interfaces, it was already there... samba was already only listening on the internal interfaces... Indeed I had to edit the stub files by hand in order to do that... I have checked it with netstat, and only the internal interface is listening on port 139 and the others...
Still, I really don't know why the external interface is throwing nmb errors, and why nmbd is not answering broadcast queries for the domain name... I thought it could some firewall issue, but no luck without the firewall either... anyway, the wins server specification in the dhcpd files was a great idea...
Ebox could be a really simple solutions, but I guess it still needs time to get mature... If were the one to manage the domain, I would have installed the samba package independently, and managed it independently... alas, I'm doing this for a client terrified to death by a CLI.
Thanks a lot, you have been very helpful
Still, I really don't know why the external interface is throwing nmb errors, and why nmbd is not answering broadcast queries for the domain name... I thought it could some firewall issue, but no luck without the firewall either... anyway, the wins server specification in the dhcpd files was a great idea...
Ebox could be a really simple solutions, but I guess it still needs time to get mature... If were the one to manage the domain, I would have installed the samba package independently, and managed it independently... alas, I'm doing this for a client terrified to death by a CLI.
Thanks a lot, you have been very helpful
ASKER
Thanks a lot... putting the WINS options in the dhcpd stub files is what I'm going to do, but they will get overwritten if I upgrade my box... anyway, I haven't discovered why the linux box is not answering queries for the domain name...
samba_directory /var/smbd.log and samba_directory /var/nmbd.log
Something hre may give you some assistance. Additionally since this occured during a reboot, someone may have grabbed the AD roles for the network in the servers absense.