• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 567
  • Last Modified:

Samba as PDC - DOMAIN is invisible to Windows machines

Hi!

I have configured samba as PDC for the domain LATTARI. Windows machines cannot find the domain controller.

Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[homes]"
Processing section "[printers]"
Processing section "[netlogon]"
Processing section "[public]"
Loaded services file OK.
Server role: ROLE_DOMAIN_PDC
Press enter to see a dump of your service definitions

[global]
        workgroup = LATTARI
        server string = Lunar Lander Software
        interfaces = lo, 192.168.0.6
        log file = /var/log/samba/log.%m
        max log size = 50
        load printers = No
        add user script = /usr/sbin/useradd "%u" -n -g users
        delete user script = /usr/sbin/userdel "%u"
        add group script = /usr/sbin/groupadd "%g"
        delete group script = /usr/sbin/groupdel "%g"
        delete user from group script = /usr/sbin/userdel "%u" "%g"
        add machine script = /usr/sbin/useradd -n -c "Workstation (%u)" -M -d /nohome -s /bin/false "%u"
        logon script = %u.bat
        logon path = \\%L\Profiles\%u
        domain logons = Yes
        os level = 33
        preferred master = Yes
        domain master = Yes
        wins support = Yes
        idmap config * : backend = tdb
        hosts allow = 127., 192.168.0.
        cups options = raw

[homes]
        comment = Home Directories
        valid users = %S
        read only = No

[printers]
        comment = All Printers
        path = /var/spool/samba
        printable = Yes
        print ok = Yes
        browseable = No

[netlogon]
        comment = Network Logon Service
        path = /var/lib/samba/netlogon

[public]
        comment = Public Stuff
        path = /home/samba
        write list = +staff
        read only = No
        guest ok = Yes

Please help!
0
Lelio Michele Lattari
Asked:
Lelio Michele Lattari
  • 8
  • 4
1 Solution
 
slubekCommented:
Some thoughts:
1. Is the time on Windows machines and samba controller in sync?
2. Can you ping samba server from clients?
3. Do you have firewall on server enabled?
4. What is your dhcpd configuration?
5. Do you have DNS configured?
0
 
Lelio Michele LattariIT ManagerAuthor Commented:
Hi!

1. Yes - the clocks are in sync

2. I cannot ping the netbios name LATTARI but YES I can ping the DNS server name filemon1 on wich the PDC is active and I can nslookup the DNS record for the serwer

C:\Users\XNOTE>nslookup filemon1
Server:  UnKnown
Address:  192.168.0.7

Name:    filemon1.intranet.lattari.pl
Address:  192.168.0.6

ohhh... really I CAN ping the server:

C:\Users\XNOTE>ping filemon1

Pinging filemon1.intranet.lattari.pl [192.168.0.6] with 32 bytes of data:
Reply from 192.168.0.6: bytes=32 time=2ms TTL=64
Reply from 192.168.0.6: bytes=32 time=1ms TTL=64
Reply from 192.168.0.6: bytes=32 time=1ms TTL=64
Reply from 192.168.0.6: bytes=32 time=2ms TTL=64

Ping statistics for 192.168.0.6:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 1ms, Maximum = 2ms, Average = 1ms

4. No firewall on the PDC machine
5. DNS is on another server on the same network (192.168.0.7)
6. dhcpd runs on another server on the same network (192.168.0.7), it has option wins server configured with samba PDC address

Windows machines network settings:
Wireless LAN adapter Wi-Fi:

   Connection-specific DNS Suffix  . : intranet.lattari.pl
   Description . . . . . . . . . . . : Intel(R) Wireless-N 7260
   Physical Address. . . . . . . . . : 0C-8B-FD-82-33-18
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.0.158(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 19 listopada 2014 16:21:31
   Lease Expires . . . . . . . . . . : 19 listopada 2014 16:51:32
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.7
   DNS Servers . . . . . . . . . . . : 192.168.0.7
   Primary WINS Server . . . . . . . : 192.168.0.6
   NetBIOS over Tcpip. . . . . . . . : Enabled
0
 
Lelio Michele LattariIT ManagerAuthor Commented:
Sorry! firewalld was active.... I have made a quick test without firewall and nothing changes.... :-(

Tomorrow I will try to run bind on the same machine as samba and I let You know what happens...

Thanks for the help
0
Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 
slubekCommented:
One more thought - have you configured and enabled Kerberos?
BTW, on that wiki above I found that samba should provide sysvol share - maybe thats your problem?

PS. Pozdrawiam z Warszawy :^)
0
 
Lelio Michele LattariIT ManagerAuthor Commented:
Hi again!

Really I am trying to run samba as simple old style PDC without AD services. I have made some changes in the configuration. Now, when I try to join the domain LATTARI from a Windows 8.1 PRO machine, the username and password window appears but the login process fails.

Here some info about what is happening:

====================================

smb.conf

====================================

Processing section "[homes]"
Processing section "[printers]"
Processing section "[netlogon]"
Processing section "[Profiles]"
Loaded services file OK.
Server role: ROLE_DOMAIN_PDC
Press enter to see a dump of your service definitions

[global]
        workgroup = LATTARI
        server string = Lunar Lander Software
        interfaces = lo, enp3s6
        log file = /var/log/samba/log.%m
        max log size = 50
        load printers = No
        printcap name = lpstat
        add user script = /usr/sbin/useradd "%u" -n -g users
        delete user script = /usr/sbin/userdel "%u"
        add group script = /usr/sbin/groupadd "%g"
        delete group script = /usr/sbin/groupdel "%g"
        delete user from group script = /usr/sbin/userdel "%u" "%g"
        add machine script = /usr/sbin/useradd -n -c "Workstation (%u)" -M -d /nohome -s /bin/false "%u"
        logon script = %u.bat
        logon path = \\%L\Profiles\%u
        logon drive = H:
        domain logons = Yes
        os level = 64
        preferred master = Yes
        domain master = Yes
        wins support = Yes
        idmap config * : backend = tdb
        invalid users = apache, bin, daemon, adm, sync, shutdown, halt, mail, news, uucp, operator
        admin users = root, @admin
        hosts allow = 127.0.0.1, 192.168.0.0/24
        cups options = raw

[homes]
        comment = Home Directories
        valid users = %S
        read only = No
        create mask = 0700
        directory mask = 0700
        browseable = No

[printers]
        comment = All Printers
        path = /var/spool/samba
        printable = Yes
        print ok = Yes
        browseable = No

[netlogon]
        comment = Network Logon Service
        path = /var/lib/samba/netlogon
        guest ok = Yes

[Profiles]
        path = /home/samba/Profiles
        read only = No
        create mask = 0600
        directory mask = 0700
        guest ok = Yes
        profile acls = Yes
        browseable = No

=============================================

/var/lib/samba

=============================================


[root@filemon1 samba]# ls -al /var/lib/samba
total 2832
drwxr-xr-x  5 root root    4096 Nov 21 08:55 .
drwxr-xr-x 31 root root    4096 Nov 21 07:59 ..
-rw-------  1 root root  421888 Nov 20 23:24 account_policy.tdb
-rw-r--r--  1 root root   40200 Nov 21 08:43 brlock.tdb
-rw-r--r--  1 root root     150 Nov 21 08:43 browse.dat
-rw-------  1 root root     696 Nov 21 08:47 dbwrap_watchers.tdb
-rw-r--r--  1 root root  421888 Nov 21 08:47 gencache_notrans.tdb
-rw-r--r--  1 root root  425984 Nov 21 08:47 gencache.tdb
-rw-------  1 root root  430080 Nov 20 23:19 group_mapping.tdb
-rw-r--r--  1 root root   40200 Nov 21 08:43 locking.tdb
-rw-------  1 root root     696 Nov 21 08:43 messages.tdb
-rw-------  1 root root     696 Nov 19 10:14 mutex.tdb
-rw-r--r--  1 root root   13859 Nov 21 08:43 namelist.debug
drwxrwxr-x  2 root admin      6 Nov 20 16:40 netlogon
-rw-r--r--  1 root root     696 Nov 21 08:43 notify_index.tdb
-rw-r--r--  1 root root     696 Nov 21 08:43 notify.tdb
-rw-r--r--  1 root root   12288 Nov 21 08:44 printer_list.tdb
drwxr-xr-x  2 root root      25 Nov 19 10:25 printing
drwx------  2 root root      66 Nov 19 11:00 private
-rw-------  1 root root  528384 Nov 19 10:25 registry.tdb
-rw-r--r--  1 root root    8192 Nov 21 08:47 serverid.tdb
-rw-------  1 root root  421888 Nov 19 10:25 share_info.tdb
-rw-------  1 root root     696 Nov 21 08:43 smbXsrv_open_global.tdb
-rw-------  1 root root   32768 Nov 21 08:47 smbXsrv_session_global.tdb
-rw-------  1 root root   16384 Nov 21 08:47 smbXsrv_tcon_global.tdb
-rw-------  1 root root   16384 Nov 21 08:43 smbXsrv_version_global.tdb
-rw-r--r--  1 root root    1608 Nov 21 08:55 wins.dat
-rw-------  1 root root   24576 Nov 21 08:55 wins.tdb

=====================================

/home/samba

=====================================

[root@filemon1 samba]# ls -al /home/samba
total 0
drwxrwxrwx 3 root admin 21 Nov 21 08:21 .
drwxr-xr-x 6 root root  61 Nov 21 08:20 ..
drwxrwxrwx 2 root admin  6 Nov 21 08:21 Profiles

=======================================

samba net

=======================================

net groupmap add ntgroup="Domain Admins" unixgroup=admin rid=512 type=d
net rpc rights grant -U m.lattari LATTARI\Domain Admins SeMachineAccountPrivilege SePrintOperatorPrivilege SeAddUsersPrivilege SeDiskOperatorPrivilege Se
RemoteShutdownPrivilege

=======================================

log.smbd trying to join the domain

=======================================

[2014/11/21 09:02:50,  4, pid=3047, effective(0, 0), real(0, 0)] ../source3/libsmb/nmblib.c:108(debug_nmb_packet)
  nmb packet from 192.168.0.150(137) header: id=53066 opcode=Query(0) response=No
      header: flags: bcast=Yes rec_avail=No rec_des=Yes trunc=No auth=No
      header: rcode=0 qdcount=1 ancount=0 nscount=0 arcount=0
      question: q_name=WPAD<00> q_type=32 q_class=1
[2014/11/21 09:02:50, 10, pid=3047, effective(0, 0), real(0, 0)] ../source3/nmbd/nmbd_winsserver.c:524(packet_is_for_wins_server)
  packet_is_for_wins_server: failing WINS test #1.
[2014/11/21 09:02:50,  3, pid=3047, effective(0, 0), real(0, 0)] ../source3/nmbd/nmbd_incomingrequests.c:459(process_name_query_request)
  process_name_query_request: Name query from 192.168.0.150 on subnet 192.168.0.6 for name WPAD<00>
[2014/11/21 09:02:50,  9, pid=3047, effective(0, 0), real(0, 0)] ../source3/nmbd/nmbd_namelistdb.c:141(find_name_on_subnet)
  find_name_on_subnet: on subnet 192.168.0.6 - name WPAD<00> NOT FOUND
[2014/11/21 09:02:50,  4, pid=3047, effective(0, 0), real(0, 0)] ../source3/nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet)
  find_workgroup_on_subnet: workgroup search for LATTARI on subnet 192.168.0.6: found.
[2014/11/21 09:02:50, 10, pid=3047, effective(0, 0), real(0, 0)] ../source3/nmbd/nmbd_sendannounce.c:386(announce_myself_to_domain_master_browser)
  announce_myself_to_domain_master_browser: t (1416556969) - last(1416556952) < 900
[2014/11/21 09:02:50,  4, pid=3047, effective(0, 0), real(0, 0)] ../source3/nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet)
  find_workgroup_on_subnet: workgroup search for LATTARI on subnet UNICAST_SUBNET: found.
[2014/11/21 09:02:50,  4, pid=3047, effective(0, 0), real(0, 0)] ../source3/nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet)
  find_workgroup_on_subnet: workgroup search for LATTARI on subnet UNICAST_SUBNET: found.
[2014/11/21 09:03:00,  4, pid=3047, effective(0, 0), real(0, 0)] ../source3/nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet)
  find_workgroup_on_subnet: workgroup search for LATTARI on subnet 192.168.0.6: found.
[2014/11/21 09:03:00, 10, pid=3047, effective(0, 0), real(0, 0)] ../source3/nmbd/nmbd_sendannounce.c:386(announce_myself_to_domain_master_browser)
  announce_myself_to_domain_master_browser: t (1416556970) - last(1416556952) < 900
[2014/11/21 09:03:00,  4, pid=3047, effective(0, 0), real(0, 0)] ../source3/nmbd/nmbd_workgroupdb.c:276(dump_workgroups)
  dump_workgroups()
   dump workgroup on subnet     192.168.0.6: netmask=  255.255.255.0:
        LATTARI(1) current master browser = FILEMON1
                FILEMON1 408c9b0b (Lunar Lander Software)
[2014/11/21 09:03:00,  4, pid=3047, effective(0, 0), real(0, 0)] ../source3/nmbd/nmbd_workgroupdb.c:276(dump_workgroups)
  dump_workgroups()
   dump workgroup on subnet  UNICAST_SUBNET: netmask=    192.168.0.6:
        LATTARI(1) current master browser = UNKNOWN
                FILEMON1 40899b0b (Lunar Lander Software)
[2014/11/21 09:03:00,  4, pid=3047, effective(0, 0), real(0, 0)] ../source3/nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet)
  find_workgroup_on_subnet: workgroup search for LATTARI on subnet UNICAST_SUBNET: found.
[2014/11/21 09:03:00,  4, pid=3047, effective(0, 0), real(0, 0)] ../source3/nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet)


I would appreciate Your suggestions.

P.S. Pozdrawiam z 05-500 Piaseczno :-)
0
 
Lelio Michele LattariIT ManagerAuthor Commented:
[root@filemon1 BOINC]# smbclient //FILEMON1/netlogon -U root
Enter root's password:
Domain=[LATTARI] OS=[Unix] Server=[Samba 4.1.1]
smb: \>

============================================

[root@filemon1 BOINC]#  smbtree

 \\FILEMON1\root                 Home Directories
 \\FILEMON1\IPC$                 IPC Service (Lunar Lander Software)
 \\FILEMON1\netlogon             Network Logon Service

=======================================================

[root@filemon1 BOINC]# net domain
Enter root's password:

Enumerating domains:

        Domain name          Server name of Browse Master
        -------------        ----------------------------
        LATTARI              FILEMON1

==========================================================================

And I can map server shares as network drives from windows machines, but I cannot join the domain :-(
0
 
slubekCommented:
1.
dump workgroup on subnet     192.168.0.6: netmask=  255.255.255.0:
seems OK, but
dump workgroup on subnet  UNICAST_SUBNET: netmask=    192.168.0.6:
not.
It seems like you have two workgroups on different subnets. How many network interfaces are on?

2.
packet_is_for_wins_server: failing WINS test #1.
means troubles with wins server configuration. Download nblookup and see what is the output of
nblookup filemon1

Open in new window

0
 
Lelio Michele LattariIT ManagerAuthor Commented:
Thank You for the suggestions!

1.  I have only 1 network card on the Samba machine:

[root@filemon1 samba]# ifconfig
enp3s6: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.0.6  netmask 255.255.255.0  broadcast 192.168.0.255
        ether 00:1e:58:48:6a:23  txqueuelen 1000  (Ethernet)
        RX packets 195515  bytes 230444340 (219.7 MiB)
        RX errors 0  dropped 7  overruns 0  frame 0
        TX packets 112380  bytes 14192784 (13.5 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        device interrupt 19

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        loop  txqueuelen 0  (Local Loopback)
        RX packets 1095  bytes 355836 (347.4 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 1095  bytes 355836 (347.4 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

2a. nslookup on the samba machine

[root@filemon1 samba]# nslookup filemon1
Server:         192.168.0.6
Address:        192.168.0.6#53

filemon1.intranet.lattari.pl    canonical name = ns1.intranet.lattari.pl.
Name:   ns1.intranet.lattari.pl
Address: 192.168.0.6

2b. nslookup on the windows client

C:\Users\XNOTE>nslookup filemon1
Server:  UnKnown
Address:  192.168.0.6

Name:    ns1.intranet.lattari.pl
Address:  192.168.0.6
Aliases:  filemon1.intranet.lattari.pl
0
 
slubekCommented:
nslookup queries DNS, nblookup queries WINS - these are not the same. :^)
0
 
Lelio Michele LattariIT ManagerAuthor Commented:
I understand...

This is the output of nblookup filemon1:

C:\Users\XNOTE\AppData\Local\Temp>nblookup

NBLookup Interactive Mode

Type 'help' for a list of commands

Default Server: 192.168.0.6

Current option values:
   timeout=2 seconds
   retry=0 retries
   suffix=20
   recursion is on (recurse)
> filemon1
Recursion is on

Querying WINS Server: 192.168.0.6
NetBIOS Name: filemon1
Suffix: 20

Name returned: FILEMON1
Record type: Unique
IP Address: 192.168.0.6
0
 
Lelio Michele LattariIT ManagerAuthor Commented:
I have finally found the reason why it did not work. All my settings were correct on both machines but...


Windows registry changes:
https://wiki.samba.org/index.php/Registry_changes_for_NT4-style_domains

Thank You for the help!
0
 
Lelio Michele LattariIT ManagerAuthor Commented:
I have found the solution to my problem
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: CompTIA Healthcare IT Tech

This course will help prep you to earn the CompTIA Healthcare IT Technician certification showing that you have the knowledge and skills needed to succeed in installing, managing, and troubleshooting IT systems in medical and clinical settings.

  • 8
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now