We help IT Professionals succeed at work.

Samba as PDC - DOMAIN is invisible to Windows machines

715 Views
Last Modified: 2014-11-26
Hi!

I have configured samba as PDC for the domain LATTARI. Windows machines cannot find the domain controller.

Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[homes]"
Processing section "[printers]"
Processing section "[netlogon]"
Processing section "[public]"
Loaded services file OK.
Server role: ROLE_DOMAIN_PDC
Press enter to see a dump of your service definitions

[global]
        workgroup = LATTARI
        server string = Lunar Lander Software
        interfaces = lo, 192.168.0.6
        log file = /var/log/samba/log.%m
        max log size = 50
        load printers = No
        add user script = /usr/sbin/useradd "%u" -n -g users
        delete user script = /usr/sbin/userdel "%u"
        add group script = /usr/sbin/groupadd "%g"
        delete group script = /usr/sbin/groupdel "%g"
        delete user from group script = /usr/sbin/userdel "%u" "%g"
        add machine script = /usr/sbin/useradd -n -c "Workstation (%u)" -M -d /nohome -s /bin/false "%u"
        logon script = %u.bat
        logon path = \\%L\Profiles\%u
        domain logons = Yes
        os level = 33
        preferred master = Yes
        domain master = Yes
        wins support = Yes
        idmap config * : backend = tdb
        hosts allow = 127., 192.168.0.
        cups options = raw

[homes]
        comment = Home Directories
        valid users = %S
        read only = No

[printers]
        comment = All Printers
        path = /var/spool/samba
        printable = Yes
        print ok = Yes
        browseable = No

[netlogon]
        comment = Network Logon Service
        path = /var/lib/samba/netlogon

[public]
        comment = Public Stuff
        path = /home/samba
        write list = +staff
        read only = No
        guest ok = Yes

Please help!
Comment
Watch Question

CERTIFIED EXPERT

Commented:
Some thoughts:
1. Is the time on Windows machines and samba controller in sync?
2. Can you ping samba server from clients?
3. Do you have firewall on server enabled?
4. What is your dhcpd configuration?
5. Do you have DNS configured?

Author

Commented:
Hi!

1. Yes - the clocks are in sync

2. I cannot ping the netbios name LATTARI but YES I can ping the DNS server name filemon1 on wich the PDC is active and I can nslookup the DNS record for the serwer

C:\Users\XNOTE>nslookup filemon1
Server:  UnKnown
Address:  192.168.0.7

Name:    filemon1.intranet.lattari.pl
Address:  192.168.0.6

ohhh... really I CAN ping the server:

C:\Users\XNOTE>ping filemon1

Pinging filemon1.intranet.lattari.pl [192.168.0.6] with 32 bytes of data:
Reply from 192.168.0.6: bytes=32 time=2ms TTL=64
Reply from 192.168.0.6: bytes=32 time=1ms TTL=64
Reply from 192.168.0.6: bytes=32 time=1ms TTL=64
Reply from 192.168.0.6: bytes=32 time=2ms TTL=64

Ping statistics for 192.168.0.6:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 1ms, Maximum = 2ms, Average = 1ms

4. No firewall on the PDC machine
5. DNS is on another server on the same network (192.168.0.7)
6. dhcpd runs on another server on the same network (192.168.0.7), it has option wins server configured with samba PDC address

Windows machines network settings:
Wireless LAN adapter Wi-Fi:

   Connection-specific DNS Suffix  . : intranet.lattari.pl
   Description . . . . . . . . . . . : Intel(R) Wireless-N 7260
   Physical Address. . . . . . . . . : 0C-8B-FD-82-33-18
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.0.158(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 19 listopada 2014 16:21:31
   Lease Expires . . . . . . . . . . : 19 listopada 2014 16:51:32
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.7
   DNS Servers . . . . . . . . . . . : 192.168.0.7
   Primary WINS Server . . . . . . . : 192.168.0.6
   NetBIOS over Tcpip. . . . . . . . : Enabled

Author

Commented:
Sorry! firewalld was active.... I have made a quick test without firewall and nothing changes.... :-(

Tomorrow I will try to run bind on the same machine as samba and I let You know what happens...

Thanks for the help
CERTIFIED EXPERT

Commented:
One more thought - have you configured and enabled Kerberos?
BTW, on that wiki above I found that samba should provide sysvol share - maybe thats your problem?

PS. Pozdrawiam z Warszawy :^)

Author

Commented:
Hi again!

Really I am trying to run samba as simple old style PDC without AD services. I have made some changes in the configuration. Now, when I try to join the domain LATTARI from a Windows 8.1 PRO machine, the username and password window appears but the login process fails.

Here some info about what is happening:

====================================

smb.conf

====================================

Processing section "[homes]"
Processing section "[printers]"
Processing section "[netlogon]"
Processing section "[Profiles]"
Loaded services file OK.
Server role: ROLE_DOMAIN_PDC
Press enter to see a dump of your service definitions

[global]
        workgroup = LATTARI
        server string = Lunar Lander Software
        interfaces = lo, enp3s6
        log file = /var/log/samba/log.%m
        max log size = 50
        load printers = No
        printcap name = lpstat
        add user script = /usr/sbin/useradd "%u" -n -g users
        delete user script = /usr/sbin/userdel "%u"
        add group script = /usr/sbin/groupadd "%g"
        delete group script = /usr/sbin/groupdel "%g"
        delete user from group script = /usr/sbin/userdel "%u" "%g"
        add machine script = /usr/sbin/useradd -n -c "Workstation (%u)" -M -d /nohome -s /bin/false "%u"
        logon script = %u.bat
        logon path = \\%L\Profiles\%u
        logon drive = H:
        domain logons = Yes
        os level = 64
        preferred master = Yes
        domain master = Yes
        wins support = Yes
        idmap config * : backend = tdb
        invalid users = apache, bin, daemon, adm, sync, shutdown, halt, mail, news, uucp, operator
        admin users = root, @admin
        hosts allow = 127.0.0.1, 192.168.0.0/24
        cups options = raw

[homes]
        comment = Home Directories
        valid users = %S
        read only = No
        create mask = 0700
        directory mask = 0700
        browseable = No

[printers]
        comment = All Printers
        path = /var/spool/samba
        printable = Yes
        print ok = Yes
        browseable = No

[netlogon]
        comment = Network Logon Service
        path = /var/lib/samba/netlogon
        guest ok = Yes

[Profiles]
        path = /home/samba/Profiles
        read only = No
        create mask = 0600
        directory mask = 0700
        guest ok = Yes
        profile acls = Yes
        browseable = No

=============================================

/var/lib/samba

=============================================


[root@filemon1 samba]# ls -al /var/lib/samba
total 2832
drwxr-xr-x  5 root root    4096 Nov 21 08:55 .
drwxr-xr-x 31 root root    4096 Nov 21 07:59 ..
-rw-------  1 root root  421888 Nov 20 23:24 account_policy.tdb
-rw-r--r--  1 root root   40200 Nov 21 08:43 brlock.tdb
-rw-r--r--  1 root root     150 Nov 21 08:43 browse.dat
-rw-------  1 root root     696 Nov 21 08:47 dbwrap_watchers.tdb
-rw-r--r--  1 root root  421888 Nov 21 08:47 gencache_notrans.tdb
-rw-r--r--  1 root root  425984 Nov 21 08:47 gencache.tdb
-rw-------  1 root root  430080 Nov 20 23:19 group_mapping.tdb
-rw-r--r--  1 root root   40200 Nov 21 08:43 locking.tdb
-rw-------  1 root root     696 Nov 21 08:43 messages.tdb
-rw-------  1 root root     696 Nov 19 10:14 mutex.tdb
-rw-r--r--  1 root root   13859 Nov 21 08:43 namelist.debug
drwxrwxr-x  2 root admin      6 Nov 20 16:40 netlogon
-rw-r--r--  1 root root     696 Nov 21 08:43 notify_index.tdb
-rw-r--r--  1 root root     696 Nov 21 08:43 notify.tdb
-rw-r--r--  1 root root   12288 Nov 21 08:44 printer_list.tdb
drwxr-xr-x  2 root root      25 Nov 19 10:25 printing
drwx------  2 root root      66 Nov 19 11:00 private
-rw-------  1 root root  528384 Nov 19 10:25 registry.tdb
-rw-r--r--  1 root root    8192 Nov 21 08:47 serverid.tdb
-rw-------  1 root root  421888 Nov 19 10:25 share_info.tdb
-rw-------  1 root root     696 Nov 21 08:43 smbXsrv_open_global.tdb
-rw-------  1 root root   32768 Nov 21 08:47 smbXsrv_session_global.tdb
-rw-------  1 root root   16384 Nov 21 08:47 smbXsrv_tcon_global.tdb
-rw-------  1 root root   16384 Nov 21 08:43 smbXsrv_version_global.tdb
-rw-r--r--  1 root root    1608 Nov 21 08:55 wins.dat
-rw-------  1 root root   24576 Nov 21 08:55 wins.tdb

=====================================

/home/samba

=====================================

[root@filemon1 samba]# ls -al /home/samba
total 0
drwxrwxrwx 3 root admin 21 Nov 21 08:21 .
drwxr-xr-x 6 root root  61 Nov 21 08:20 ..
drwxrwxrwx 2 root admin  6 Nov 21 08:21 Profiles

=======================================

samba net

=======================================

net groupmap add ntgroup="Domain Admins" unixgroup=admin rid=512 type=d
net rpc rights grant -U m.lattari LATTARI\Domain Admins SeMachineAccountPrivilege SePrintOperatorPrivilege SeAddUsersPrivilege SeDiskOperatorPrivilege Se
RemoteShutdownPrivilege

=======================================

log.smbd trying to join the domain

=======================================

[2014/11/21 09:02:50,  4, pid=3047, effective(0, 0), real(0, 0)] ../source3/libsmb/nmblib.c:108(debug_nmb_packet)
  nmb packet from 192.168.0.150(137) header: id=53066 opcode=Query(0) response=No
      header: flags: bcast=Yes rec_avail=No rec_des=Yes trunc=No auth=No
      header: rcode=0 qdcount=1 ancount=0 nscount=0 arcount=0
      question: q_name=WPAD<00> q_type=32 q_class=1
[2014/11/21 09:02:50, 10, pid=3047, effective(0, 0), real(0, 0)] ../source3/nmbd/nmbd_winsserver.c:524(packet_is_for_wins_server)
  packet_is_for_wins_server: failing WINS test #1.
[2014/11/21 09:02:50,  3, pid=3047, effective(0, 0), real(0, 0)] ../source3/nmbd/nmbd_incomingrequests.c:459(process_name_query_request)
  process_name_query_request: Name query from 192.168.0.150 on subnet 192.168.0.6 for name WPAD<00>
[2014/11/21 09:02:50,  9, pid=3047, effective(0, 0), real(0, 0)] ../source3/nmbd/nmbd_namelistdb.c:141(find_name_on_subnet)
  find_name_on_subnet: on subnet 192.168.0.6 - name WPAD<00> NOT FOUND
[2014/11/21 09:02:50,  4, pid=3047, effective(0, 0), real(0, 0)] ../source3/nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet)
  find_workgroup_on_subnet: workgroup search for LATTARI on subnet 192.168.0.6: found.
[2014/11/21 09:02:50, 10, pid=3047, effective(0, 0), real(0, 0)] ../source3/nmbd/nmbd_sendannounce.c:386(announce_myself_to_domain_master_browser)
  announce_myself_to_domain_master_browser: t (1416556969) - last(1416556952) < 900
[2014/11/21 09:02:50,  4, pid=3047, effective(0, 0), real(0, 0)] ../source3/nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet)
  find_workgroup_on_subnet: workgroup search for LATTARI on subnet UNICAST_SUBNET: found.
[2014/11/21 09:02:50,  4, pid=3047, effective(0, 0), real(0, 0)] ../source3/nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet)
  find_workgroup_on_subnet: workgroup search for LATTARI on subnet UNICAST_SUBNET: found.
[2014/11/21 09:03:00,  4, pid=3047, effective(0, 0), real(0, 0)] ../source3/nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet)
  find_workgroup_on_subnet: workgroup search for LATTARI on subnet 192.168.0.6: found.
[2014/11/21 09:03:00, 10, pid=3047, effective(0, 0), real(0, 0)] ../source3/nmbd/nmbd_sendannounce.c:386(announce_myself_to_domain_master_browser)
  announce_myself_to_domain_master_browser: t (1416556970) - last(1416556952) < 900
[2014/11/21 09:03:00,  4, pid=3047, effective(0, 0), real(0, 0)] ../source3/nmbd/nmbd_workgroupdb.c:276(dump_workgroups)
  dump_workgroups()
   dump workgroup on subnet     192.168.0.6: netmask=  255.255.255.0:
        LATTARI(1) current master browser = FILEMON1
                FILEMON1 408c9b0b (Lunar Lander Software)
[2014/11/21 09:03:00,  4, pid=3047, effective(0, 0), real(0, 0)] ../source3/nmbd/nmbd_workgroupdb.c:276(dump_workgroups)
  dump_workgroups()
   dump workgroup on subnet  UNICAST_SUBNET: netmask=    192.168.0.6:
        LATTARI(1) current master browser = UNKNOWN
                FILEMON1 40899b0b (Lunar Lander Software)
[2014/11/21 09:03:00,  4, pid=3047, effective(0, 0), real(0, 0)] ../source3/nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet)
  find_workgroup_on_subnet: workgroup search for LATTARI on subnet UNICAST_SUBNET: found.
[2014/11/21 09:03:00,  4, pid=3047, effective(0, 0), real(0, 0)] ../source3/nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet)


I would appreciate Your suggestions.

P.S. Pozdrawiam z 05-500 Piaseczno :-)

Author

Commented:
[root@filemon1 BOINC]# smbclient //FILEMON1/netlogon -U root
Enter root's password:
Domain=[LATTARI] OS=[Unix] Server=[Samba 4.1.1]
smb: \>

============================================

[root@filemon1 BOINC]#  smbtree

 \\FILEMON1\root                 Home Directories
 \\FILEMON1\IPC$                 IPC Service (Lunar Lander Software)
 \\FILEMON1\netlogon             Network Logon Service

=======================================================

[root@filemon1 BOINC]# net domain
Enter root's password:

Enumerating domains:

        Domain name          Server name of Browse Master
        -------------        ----------------------------
        LATTARI              FILEMON1

==========================================================================

And I can map server shares as network drives from windows machines, but I cannot join the domain :-(
CERTIFIED EXPERT

Commented:
1.
dump workgroup on subnet     192.168.0.6: netmask=  255.255.255.0:
seems OK, but
dump workgroup on subnet  UNICAST_SUBNET: netmask=    192.168.0.6:
not.
It seems like you have two workgroups on different subnets. How many network interfaces are on?

2.
packet_is_for_wins_server: failing WINS test #1.
means troubles with wins server configuration. Download nblookup and see what is the output of
nblookup filemon1

Open in new window

Author

Commented:
Thank You for the suggestions!

1.  I have only 1 network card on the Samba machine:

[root@filemon1 samba]# ifconfig
enp3s6: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.0.6  netmask 255.255.255.0  broadcast 192.168.0.255
        ether 00:1e:58:48:6a:23  txqueuelen 1000  (Ethernet)
        RX packets 195515  bytes 230444340 (219.7 MiB)
        RX errors 0  dropped 7  overruns 0  frame 0
        TX packets 112380  bytes 14192784 (13.5 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        device interrupt 19

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        loop  txqueuelen 0  (Local Loopback)
        RX packets 1095  bytes 355836 (347.4 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 1095  bytes 355836 (347.4 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

2a. nslookup on the samba machine

[root@filemon1 samba]# nslookup filemon1
Server:         192.168.0.6
Address:        192.168.0.6#53

filemon1.intranet.lattari.pl    canonical name = ns1.intranet.lattari.pl.
Name:   ns1.intranet.lattari.pl
Address: 192.168.0.6

2b. nslookup on the windows client

C:\Users\XNOTE>nslookup filemon1
Server:  UnKnown
Address:  192.168.0.6

Name:    ns1.intranet.lattari.pl
Address:  192.168.0.6
Aliases:  filemon1.intranet.lattari.pl
CERTIFIED EXPERT

Commented:
nslookup queries DNS, nblookup queries WINS - these are not the same. :^)

Author

Commented:
I understand...

This is the output of nblookup filemon1:

C:\Users\XNOTE\AppData\Local\Temp>nblookup

NBLookup Interactive Mode

Type 'help' for a list of commands

Default Server: 192.168.0.6

Current option values:
   timeout=2 seconds
   retry=0 retries
   suffix=20
   recursion is on (recurse)
> filemon1
Recursion is on

Querying WINS Server: 192.168.0.6
NetBIOS Name: filemon1
Suffix: 20

Name returned: FILEMON1
Record type: Unique
IP Address: 192.168.0.6
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
I have found the solution to my problem

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.