Solved

Samba as PDC - DOMAIN is invisible to Windows machines

Posted on 2014-11-19
12
463 Views
Last Modified: 2014-11-26
Hi!

I have configured samba as PDC for the domain LATTARI. Windows machines cannot find the domain controller.

Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[homes]"
Processing section "[printers]"
Processing section "[netlogon]"
Processing section "[public]"
Loaded services file OK.
Server role: ROLE_DOMAIN_PDC
Press enter to see a dump of your service definitions

[global]
        workgroup = LATTARI
        server string = Lunar Lander Software
        interfaces = lo, 192.168.0.6
        log file = /var/log/samba/log.%m
        max log size = 50
        load printers = No
        add user script = /usr/sbin/useradd "%u" -n -g users
        delete user script = /usr/sbin/userdel "%u"
        add group script = /usr/sbin/groupadd "%g"
        delete group script = /usr/sbin/groupdel "%g"
        delete user from group script = /usr/sbin/userdel "%u" "%g"
        add machine script = /usr/sbin/useradd -n -c "Workstation (%u)" -M -d /nohome -s /bin/false "%u"
        logon script = %u.bat
        logon path = \\%L\Profiles\%u
        domain logons = Yes
        os level = 33
        preferred master = Yes
        domain master = Yes
        wins support = Yes
        idmap config * : backend = tdb
        hosts allow = 127., 192.168.0.
        cups options = raw

[homes]
        comment = Home Directories
        valid users = %S
        read only = No

[printers]
        comment = All Printers
        path = /var/spool/samba
        printable = Yes
        print ok = Yes
        browseable = No

[netlogon]
        comment = Network Logon Service
        path = /var/lib/samba/netlogon

[public]
        comment = Public Stuff
        path = /home/samba
        write list = +staff
        read only = No
        guest ok = Yes

Please help!
0
Comment
Question by:Lelio Michele Lattari
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 4
12 Comments
 
LVL 7

Expert Comment

by:slubek
ID: 40452442
Some thoughts:
1. Is the time on Windows machines and samba controller in sync?
2. Can you ping samba server from clients?
3. Do you have firewall on server enabled?
4. What is your dhcpd configuration?
5. Do you have DNS configured?
0
 

Author Comment

by:Lelio Michele Lattari
ID: 40452567
Hi!

1. Yes - the clocks are in sync

2. I cannot ping the netbios name LATTARI but YES I can ping the DNS server name filemon1 on wich the PDC is active and I can nslookup the DNS record for the serwer

C:\Users\XNOTE>nslookup filemon1
Server:  UnKnown
Address:  192.168.0.7

Name:    filemon1.intranet.lattari.pl
Address:  192.168.0.6

ohhh... really I CAN ping the server:

C:\Users\XNOTE>ping filemon1

Pinging filemon1.intranet.lattari.pl [192.168.0.6] with 32 bytes of data:
Reply from 192.168.0.6: bytes=32 time=2ms TTL=64
Reply from 192.168.0.6: bytes=32 time=1ms TTL=64
Reply from 192.168.0.6: bytes=32 time=1ms TTL=64
Reply from 192.168.0.6: bytes=32 time=2ms TTL=64

Ping statistics for 192.168.0.6:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 1ms, Maximum = 2ms, Average = 1ms

4. No firewall on the PDC machine
5. DNS is on another server on the same network (192.168.0.7)
6. dhcpd runs on another server on the same network (192.168.0.7), it has option wins server configured with samba PDC address

Windows machines network settings:
Wireless LAN adapter Wi-Fi:

   Connection-specific DNS Suffix  . : intranet.lattari.pl
   Description . . . . . . . . . . . : Intel(R) Wireless-N 7260
   Physical Address. . . . . . . . . : 0C-8B-FD-82-33-18
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.0.158(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 19 listopada 2014 16:21:31
   Lease Expires . . . . . . . . . . : 19 listopada 2014 16:51:32
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.7
   DNS Servers . . . . . . . . . . . : 192.168.0.7
   Primary WINS Server . . . . . . . : 192.168.0.6
   NetBIOS over Tcpip. . . . . . . . : Enabled
0
 

Author Comment

by:Lelio Michele Lattari
ID: 40453699
Sorry! firewalld was active.... I have made a quick test without firewall and nothing changes.... :-(

Tomorrow I will try to run bind on the same machine as samba and I let You know what happens...

Thanks for the help
0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 
LVL 7

Expert Comment

by:slubek
ID: 40454375
One more thought - have you configured and enabled Kerberos?
BTW, on that wiki above I found that samba should provide sysvol share - maybe thats your problem?

PS. Pozdrawiam z Warszawy :^)
0
 

Author Comment

by:Lelio Michele Lattari
ID: 40456793
Hi again!

Really I am trying to run samba as simple old style PDC without AD services. I have made some changes in the configuration. Now, when I try to join the domain LATTARI from a Windows 8.1 PRO machine, the username and password window appears but the login process fails.

Here some info about what is happening:

====================================

smb.conf

====================================

Processing section "[homes]"
Processing section "[printers]"
Processing section "[netlogon]"
Processing section "[Profiles]"
Loaded services file OK.
Server role: ROLE_DOMAIN_PDC
Press enter to see a dump of your service definitions

[global]
        workgroup = LATTARI
        server string = Lunar Lander Software
        interfaces = lo, enp3s6
        log file = /var/log/samba/log.%m
        max log size = 50
        load printers = No
        printcap name = lpstat
        add user script = /usr/sbin/useradd "%u" -n -g users
        delete user script = /usr/sbin/userdel "%u"
        add group script = /usr/sbin/groupadd "%g"
        delete group script = /usr/sbin/groupdel "%g"
        delete user from group script = /usr/sbin/userdel "%u" "%g"
        add machine script = /usr/sbin/useradd -n -c "Workstation (%u)" -M -d /nohome -s /bin/false "%u"
        logon script = %u.bat
        logon path = \\%L\Profiles\%u
        logon drive = H:
        domain logons = Yes
        os level = 64
        preferred master = Yes
        domain master = Yes
        wins support = Yes
        idmap config * : backend = tdb
        invalid users = apache, bin, daemon, adm, sync, shutdown, halt, mail, news, uucp, operator
        admin users = root, @admin
        hosts allow = 127.0.0.1, 192.168.0.0/24
        cups options = raw

[homes]
        comment = Home Directories
        valid users = %S
        read only = No
        create mask = 0700
        directory mask = 0700
        browseable = No

[printers]
        comment = All Printers
        path = /var/spool/samba
        printable = Yes
        print ok = Yes
        browseable = No

[netlogon]
        comment = Network Logon Service
        path = /var/lib/samba/netlogon
        guest ok = Yes

[Profiles]
        path = /home/samba/Profiles
        read only = No
        create mask = 0600
        directory mask = 0700
        guest ok = Yes
        profile acls = Yes
        browseable = No

=============================================

/var/lib/samba

=============================================


[root@filemon1 samba]# ls -al /var/lib/samba
total 2832
drwxr-xr-x  5 root root    4096 Nov 21 08:55 .
drwxr-xr-x 31 root root    4096 Nov 21 07:59 ..
-rw-------  1 root root  421888 Nov 20 23:24 account_policy.tdb
-rw-r--r--  1 root root   40200 Nov 21 08:43 brlock.tdb
-rw-r--r--  1 root root     150 Nov 21 08:43 browse.dat
-rw-------  1 root root     696 Nov 21 08:47 dbwrap_watchers.tdb
-rw-r--r--  1 root root  421888 Nov 21 08:47 gencache_notrans.tdb
-rw-r--r--  1 root root  425984 Nov 21 08:47 gencache.tdb
-rw-------  1 root root  430080 Nov 20 23:19 group_mapping.tdb
-rw-r--r--  1 root root   40200 Nov 21 08:43 locking.tdb
-rw-------  1 root root     696 Nov 21 08:43 messages.tdb
-rw-------  1 root root     696 Nov 19 10:14 mutex.tdb
-rw-r--r--  1 root root   13859 Nov 21 08:43 namelist.debug
drwxrwxr-x  2 root admin      6 Nov 20 16:40 netlogon
-rw-r--r--  1 root root     696 Nov 21 08:43 notify_index.tdb
-rw-r--r--  1 root root     696 Nov 21 08:43 notify.tdb
-rw-r--r--  1 root root   12288 Nov 21 08:44 printer_list.tdb
drwxr-xr-x  2 root root      25 Nov 19 10:25 printing
drwx------  2 root root      66 Nov 19 11:00 private
-rw-------  1 root root  528384 Nov 19 10:25 registry.tdb
-rw-r--r--  1 root root    8192 Nov 21 08:47 serverid.tdb
-rw-------  1 root root  421888 Nov 19 10:25 share_info.tdb
-rw-------  1 root root     696 Nov 21 08:43 smbXsrv_open_global.tdb
-rw-------  1 root root   32768 Nov 21 08:47 smbXsrv_session_global.tdb
-rw-------  1 root root   16384 Nov 21 08:47 smbXsrv_tcon_global.tdb
-rw-------  1 root root   16384 Nov 21 08:43 smbXsrv_version_global.tdb
-rw-r--r--  1 root root    1608 Nov 21 08:55 wins.dat
-rw-------  1 root root   24576 Nov 21 08:55 wins.tdb

=====================================

/home/samba

=====================================

[root@filemon1 samba]# ls -al /home/samba
total 0
drwxrwxrwx 3 root admin 21 Nov 21 08:21 .
drwxr-xr-x 6 root root  61 Nov 21 08:20 ..
drwxrwxrwx 2 root admin  6 Nov 21 08:21 Profiles

=======================================

samba net

=======================================

net groupmap add ntgroup="Domain Admins" unixgroup=admin rid=512 type=d
net rpc rights grant -U m.lattari LATTARI\Domain Admins SeMachineAccountPrivilege SePrintOperatorPrivilege SeAddUsersPrivilege SeDiskOperatorPrivilege Se
RemoteShutdownPrivilege

=======================================

log.smbd trying to join the domain

=======================================

[2014/11/21 09:02:50,  4, pid=3047, effective(0, 0), real(0, 0)] ../source3/libsmb/nmblib.c:108(debug_nmb_packet)
  nmb packet from 192.168.0.150(137) header: id=53066 opcode=Query(0) response=No
      header: flags: bcast=Yes rec_avail=No rec_des=Yes trunc=No auth=No
      header: rcode=0 qdcount=1 ancount=0 nscount=0 arcount=0
      question: q_name=WPAD<00> q_type=32 q_class=1
[2014/11/21 09:02:50, 10, pid=3047, effective(0, 0), real(0, 0)] ../source3/nmbd/nmbd_winsserver.c:524(packet_is_for_wins_server)
  packet_is_for_wins_server: failing WINS test #1.
[2014/11/21 09:02:50,  3, pid=3047, effective(0, 0), real(0, 0)] ../source3/nmbd/nmbd_incomingrequests.c:459(process_name_query_request)
  process_name_query_request: Name query from 192.168.0.150 on subnet 192.168.0.6 for name WPAD<00>
[2014/11/21 09:02:50,  9, pid=3047, effective(0, 0), real(0, 0)] ../source3/nmbd/nmbd_namelistdb.c:141(find_name_on_subnet)
  find_name_on_subnet: on subnet 192.168.0.6 - name WPAD<00> NOT FOUND
[2014/11/21 09:02:50,  4, pid=3047, effective(0, 0), real(0, 0)] ../source3/nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet)
  find_workgroup_on_subnet: workgroup search for LATTARI on subnet 192.168.0.6: found.
[2014/11/21 09:02:50, 10, pid=3047, effective(0, 0), real(0, 0)] ../source3/nmbd/nmbd_sendannounce.c:386(announce_myself_to_domain_master_browser)
  announce_myself_to_domain_master_browser: t (1416556969) - last(1416556952) < 900
[2014/11/21 09:02:50,  4, pid=3047, effective(0, 0), real(0, 0)] ../source3/nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet)
  find_workgroup_on_subnet: workgroup search for LATTARI on subnet UNICAST_SUBNET: found.
[2014/11/21 09:02:50,  4, pid=3047, effective(0, 0), real(0, 0)] ../source3/nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet)
  find_workgroup_on_subnet: workgroup search for LATTARI on subnet UNICAST_SUBNET: found.
[2014/11/21 09:03:00,  4, pid=3047, effective(0, 0), real(0, 0)] ../source3/nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet)
  find_workgroup_on_subnet: workgroup search for LATTARI on subnet 192.168.0.6: found.
[2014/11/21 09:03:00, 10, pid=3047, effective(0, 0), real(0, 0)] ../source3/nmbd/nmbd_sendannounce.c:386(announce_myself_to_domain_master_browser)
  announce_myself_to_domain_master_browser: t (1416556970) - last(1416556952) < 900
[2014/11/21 09:03:00,  4, pid=3047, effective(0, 0), real(0, 0)] ../source3/nmbd/nmbd_workgroupdb.c:276(dump_workgroups)
  dump_workgroups()
   dump workgroup on subnet     192.168.0.6: netmask=  255.255.255.0:
        LATTARI(1) current master browser = FILEMON1
                FILEMON1 408c9b0b (Lunar Lander Software)
[2014/11/21 09:03:00,  4, pid=3047, effective(0, 0), real(0, 0)] ../source3/nmbd/nmbd_workgroupdb.c:276(dump_workgroups)
  dump_workgroups()
   dump workgroup on subnet  UNICAST_SUBNET: netmask=    192.168.0.6:
        LATTARI(1) current master browser = UNKNOWN
                FILEMON1 40899b0b (Lunar Lander Software)
[2014/11/21 09:03:00,  4, pid=3047, effective(0, 0), real(0, 0)] ../source3/nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet)
  find_workgroup_on_subnet: workgroup search for LATTARI on subnet UNICAST_SUBNET: found.
[2014/11/21 09:03:00,  4, pid=3047, effective(0, 0), real(0, 0)] ../source3/nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet)


I would appreciate Your suggestions.

P.S. Pozdrawiam z 05-500 Piaseczno :-)
0
 

Author Comment

by:Lelio Michele Lattari
ID: 40456911
[root@filemon1 BOINC]# smbclient //FILEMON1/netlogon -U root
Enter root's password:
Domain=[LATTARI] OS=[Unix] Server=[Samba 4.1.1]
smb: \>

============================================

[root@filemon1 BOINC]#  smbtree

 \\FILEMON1\root                 Home Directories
 \\FILEMON1\IPC$                 IPC Service (Lunar Lander Software)
 \\FILEMON1\netlogon             Network Logon Service

=======================================================

[root@filemon1 BOINC]# net domain
Enter root's password:

Enumerating domains:

        Domain name          Server name of Browse Master
        -------------        ----------------------------
        LATTARI              FILEMON1

==========================================================================

And I can map server shares as network drives from windows machines, but I cannot join the domain :-(
0
 
LVL 7

Expert Comment

by:slubek
ID: 40456915
1.
dump workgroup on subnet     192.168.0.6: netmask=  255.255.255.0:
seems OK, but
dump workgroup on subnet  UNICAST_SUBNET: netmask=    192.168.0.6:
not.
It seems like you have two workgroups on different subnets. How many network interfaces are on?

2.
packet_is_for_wins_server: failing WINS test #1.
means troubles with wins server configuration. Download nblookup and see what is the output of
nblookup filemon1

Open in new window

0
 

Author Comment

by:Lelio Michele Lattari
ID: 40457050
Thank You for the suggestions!

1.  I have only 1 network card on the Samba machine:

[root@filemon1 samba]# ifconfig
enp3s6: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.0.6  netmask 255.255.255.0  broadcast 192.168.0.255
        ether 00:1e:58:48:6a:23  txqueuelen 1000  (Ethernet)
        RX packets 195515  bytes 230444340 (219.7 MiB)
        RX errors 0  dropped 7  overruns 0  frame 0
        TX packets 112380  bytes 14192784 (13.5 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        device interrupt 19

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        loop  txqueuelen 0  (Local Loopback)
        RX packets 1095  bytes 355836 (347.4 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 1095  bytes 355836 (347.4 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

2a. nslookup on the samba machine

[root@filemon1 samba]# nslookup filemon1
Server:         192.168.0.6
Address:        192.168.0.6#53

filemon1.intranet.lattari.pl    canonical name = ns1.intranet.lattari.pl.
Name:   ns1.intranet.lattari.pl
Address: 192.168.0.6

2b. nslookup on the windows client

C:\Users\XNOTE>nslookup filemon1
Server:  UnKnown
Address:  192.168.0.6

Name:    ns1.intranet.lattari.pl
Address:  192.168.0.6
Aliases:  filemon1.intranet.lattari.pl
0
 
LVL 7

Expert Comment

by:slubek
ID: 40457175
nslookup queries DNS, nblookup queries WINS - these are not the same. :^)
0
 

Author Comment

by:Lelio Michele Lattari
ID: 40457482
I understand...

This is the output of nblookup filemon1:

C:\Users\XNOTE\AppData\Local\Temp>nblookup

NBLookup Interactive Mode

Type 'help' for a list of commands

Default Server: 192.168.0.6

Current option values:
   timeout=2 seconds
   retry=0 retries
   suffix=20
   recursion is on (recurse)
> filemon1
Recursion is on

Querying WINS Server: 192.168.0.6
NetBIOS Name: filemon1
Suffix: 20

Name returned: FILEMON1
Record type: Unique
IP Address: 192.168.0.6
0
 

Accepted Solution

by:
Lelio Michele Lattari earned 0 total points
ID: 40458483
I have finally found the reason why it did not work. All my settings were correct on both machines but...


Windows registry changes:
https://wiki.samba.org/index.php/Registry_changes_for_NT4-style_domains

Thank You for the help!
0
 

Author Closing Comment

by:Lelio Michele Lattari
ID: 40466453
I have found the solution to my problem
0

Featured Post

Manage your data center from practically anywhere

The KN8164V features HD resolution of 1920 x 1200, FIPS 140-2 with level 1 security standards and virtual media transmissions at twice the speed. Built for reliability, the KN series provides local console and remote over IP access, ensuring 24/7 availability to all servers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you use Debian 6 Squeeze and you are tired of looking at the childish graphical GDM login screen that is used by default, here's an easy way to change it. If you've already tried to change it you've probably discovered that none of the old met…
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial
Suggested Courses

624 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question