From: Gaiseric Vandal on
Do you have NBT (netbios over tcp) disabled in XP? That would prevent
it joining an "NT4" type domain.
Is nmbd running on your samba server?

SRV DNS records shd only be relevant for Active Domain DC's. It
wouldn't hurt to add it to your DNS server.







On 11/05/09 10:24, Christian Geiger wrote:
> Hi!
>
> I so far succeeded in setting up a Samba NT4 DC with OpenLDAP backend.
> Unfortunately I get the following error message connecting a Windows
> XP client to the domain (translated from german):
>
> [...]
> The error was: "DNS name does not exist."
> (error code 0x0000232B RCODE_NAME_ERROR)
>
> The query was for the SRV record for _ldap._tcp.dc._msdcs.lohrmann.de
> [...]
>
> This is surely due to a problem in the name resolution. I therefore
> configured the Samba server as a WINS server and checked that it is
> the only one on the net. The WinXP client has been told to use this as
> its WINS server and has additionaly been supplied with entries in the
> hosts and lmhosts configuration files (step by step, always testing in
> between). Unfortunately, this changed nothing. :(
>
> Unsucessfully seeking for a solution on the web for quite a time now I
> would be very grateful if someone could help me!
>
> Find below my smb.conf, the hosts and lmhosts file from the WinXP
> client as well as the console ouput showing some NetBIOS information
> of client (emco-test) and server (domain-controller).
>
> Thank you very much in advance! :)
>
> Chris
>
> --------
>
> smb.conf:
>
> [global]
>
> log level = 2
> wins support = yes
> netbios name = domain-controller
>
> workgroup = LOHRMANN.DE
> domain logons = yes
> domain master = yes
> local master = yes
> preferred master = yes
> os level = 65
>
> passdb backend = ldapsam
> ldap admin dn = cn=samba,dc=lohrmann,dc=de
> ldap suffix = dc=lohrmann,dc=de
> ldap passwd sync = yes
> ldap machine suffix = ou=machines
> ldap user suffix = ou=users
> ldap group suffix = ou=groups
> ldap idmap suffix = ou=idmaps
> ldap ssl = no
> idmap backend = ldap
> idmap alloc backend = ldap
> idmap alloc config:ldap_base_dn = ou=idmaps,dc=lohrmann,dc=de
> idmap alloc config:ldap_user_dn = cn=samba,dc=lohrmann,dc=de
> idmap alloc config:ldap_url = ldap://ldap.lohrmann.de
> idmap uid = 10000-20000
> idmap gid = 10000-20000
>
> ldapsam:trusted = yes
> ldapsam:editposix = yes
>
> logon drive = H:
>
> [homes]
> comment = Users Home Directories
> valid users = %S
> writeable = yes
>
> [netlogon]
> comment = Network Logon Service
> path = /var/lib/samba/netlogon
>
> [printers]
> comment = All Printers
> browseable = no
> path = /var/spool/samba
> printable = yes
> guest ok = no
> read only = yes
> create mask = 0700
>
> [print$]
> comment = Printer Drivers
> path = /var/lib/samba/printers
> browseable = yes
> read only = yes
> guest ok = no
>
>
> hosts:
>
> 127.0.0.1 localhost
> 192.168.182.3 lohrmann.de
> 192.168.182.3 domain-controller.lohrmann.de
>
>
> lmhosts:
>
> 192.168.182.3 domain-controller #PRE
>
>
> console output client:
>
> C:\Dokumente und Einstellungen\Administrator>nbtstat -c
>
> LAN-Verbindung:
> Knoten-IP-Adresse: [192.168.182.187] Bereichskennung: []
>
> NetBIOS-Remotecache-Namentabelle
>
> Name Typ Hostadresse Dauer [Sek.]
> -------------------------------------------------------------
> LOHRMANN.DE <1C> GRUPPE 192.168.182.3 510
> DOMAIN-CONTROLL<03> EINDEUTIG 192.168.182.3 -1
> DOMAIN-CONTROLL<00> EINDEUTIG 192.168.182.3 -1
> DOMAIN-CONTROLL<20> EINDEUTIG 192.168.182.3 -1
>
> C:\Dokumente und Einstellungen\Administrator>nbtstat -n
>
> LAN-Verbindung:
> Knoten-IP-Adresse: [192.168.182.187] Bereichskennung: []
>
> Lokale NetBIOS-Namentabelle
>
> Name Typ Status
> ---------------------------------------------
> EMCO-TEST <00> EINDEUTIG Registriert
> LOHRMANN <00> GRUPPE Registriert
> EMCO-TEST <20> EINDEUTIG Registriert
> LOHRMANN <1E> GRUPPE Registriert
>
>
> console output server:
>
> root(a)domain-controller:/var/log# nmblookup -R -U 192.168.182.3
> lohrmann.de
> added interface eth0 ip=fe80::4049:31ff:fe69:67a%eth0
> bcast=fe80::ffff:ffff:ffff
> :ffff%eth0 netmask=ffff:ffff:ffff:ffff::
> added interface eth0 ip=192.168.182.3 bcast=192.168.182.255
> netmask=255.255.255.0
> querying lohrmann.de on 192.168.182.3
> Got a positive name query response from 192.168.182.3 ( 0.0.0.0 )
> 0.0.0.0 lohrmann.de<00>
>
> root(a)domain-controller:/var/log# nmblookup -R -U 192.168.182.3
> domain-controller
> added interface eth0 ip=fe80::4049:31ff:fe69:67a%eth0
> bcast=fe80::ffff:ffff:ffff
> :ffff%eth0 netmask=ffff:ffff:ffff:ffff::
> added interface eth0 ip=192.168.182.3 bcast=192.168.182.255
> netmask=255.255.255.0
> querying domain-controller on 192.168.182.3
> Got a positive name query response from 192.168.182.3 ( 192.168.182.3 )
> 192.168.182.3 domain-controller<00>
>
> root(a)domain-controller:/var/log# nmblookup -R -U 192.168.182.3 emco-test
> added interface eth0 ip=fe80::4049:31ff:fe69:67a%eth0
> bcast=fe80::ffff:ffff:ffff
> :ffff%eth0 netmask=ffff:ffff:ffff:ffff::
> added interface eth0 ip=192.168.182.3 bcast=192.168.182.255
> netmask=255.255.255.0
> querying emco-test on 192.168.182.3
> Got a positive name query response from 192.168.182.3 ( 192.168.182.187 )
> 192.168.182.187 emco-test<00>

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
From: Christian Geiger on
NBT is explicitly activated on the client (after the standard option
didn't work) and nmbd is running on the server. Thx for the pointer anyway!

The SRV DNS records might not hurt but would they really help? That
seems a bit to me like just fighting the symptoms. Regarding that I do
not have an alternative solution at the moment, I will try it anyways. :)

Do you have another idea what the reason might be?


Am 05.11.2009 16:51, schrieb Gaiseric Vandal:
> Do you have NBT (netbios over tcp) disabled in XP? That would prevent
> it joining an "NT4" type domain.
> Is nmbd running on your samba server?
>
> SRV DNS records shd only be relevant for Active Domain DC's. It wouldn't
> hurt to add it to your DNS server.
>
>
>
>
>
>
>
> On 11/05/09 10:24, Christian Geiger wrote:
>> Hi!
>>
>> I so far succeeded in setting up a Samba NT4 DC with OpenLDAP backend.
>> Unfortunately I get the following error message connecting a Windows
>> XP client to the domain (translated from german):
>>
>> [...]
>> The error was: "DNS name does not exist."
>> (error code 0x0000232B RCODE_NAME_ERROR)
>>
>> The query was for the SRV record for _ldap._tcp.dc._msdcs.lohrmann.de
>> [...]
>>
>> This is surely due to a problem in the name resolution. I therefore
>> configured the Samba server as a WINS server and checked that it is
>> the only one on the net. The WinXP client has been told to use this as
>> its WINS server and has additionaly been supplied with entries in the
>> hosts and lmhosts configuration files (step by step, always testing in
>> between). Unfortunately, this changed nothing. :(
>>
>> Unsucessfully seeking for a solution on the web for quite a time now I
>> would be very grateful if someone could help me!
>>
>> Find below my smb.conf, the hosts and lmhosts file from the WinXP
>> client as well as the console ouput showing some NetBIOS information
>> of client (emco-test) and server (domain-controller).
>>
>> Thank you very much in advance! :)
>>
>> Chris
>>
>> --------
>>
>> smb.conf:
>>
>> [global]
>>
>> log level = 2
>> wins support = yes
>> netbios name = domain-controller
>>
>> workgroup = LOHRMANN.DE
>> domain logons = yes
>> domain master = yes
>> local master = yes
>> preferred master = yes
>> os level = 65
>>
>> passdb backend = ldapsam
>> ldap admin dn = cn=samba,dc=lohrmann,dc=de
>> ldap suffix = dc=lohrmann,dc=de
>> ldap passwd sync = yes
>> ldap machine suffix = ou=machines
>> ldap user suffix = ou=users
>> ldap group suffix = ou=groups
>> ldap idmap suffix = ou=idmaps
>> ldap ssl = no
>> idmap backend = ldap
>> idmap alloc backend = ldap
>> idmap alloc config:ldap_base_dn = ou=idmaps,dc=lohrmann,dc=de
>> idmap alloc config:ldap_user_dn = cn=samba,dc=lohrmann,dc=de
>> idmap alloc config:ldap_url = ldap://ldap.lohrmann.de
>> idmap uid = 10000-20000
>> idmap gid = 10000-20000
>>
>> ldapsam:trusted = yes
>> ldapsam:editposix = yes
>>
>> logon drive = H:
>>
>> [homes]
>> comment = Users Home Directories
>> valid users = %S
>> writeable = yes
>>
>> [netlogon]
>> comment = Network Logon Service
>> path = /var/lib/samba/netlogon
>>
>> [printers]
>> comment = All Printers
>> browseable = no
>> path = /var/spool/samba
>> printable = yes
>> guest ok = no
>> read only = yes
>> create mask = 0700
>>
>> [print$]
>> comment = Printer Drivers
>> path = /var/lib/samba/printers
>> browseable = yes
>> read only = yes
>> guest ok = no
>>
>>
>> hosts:
>>
>> 127.0.0.1 localhost
>> 192.168.182.3 lohrmann.de
>> 192.168.182.3 domain-controller.lohrmann.de
>>
>>
>> lmhosts:
>>
>> 192.168.182.3 domain-controller #PRE
>>
>>
>> console output client:
>>
>> C:\Dokumente und Einstellungen\Administrator>nbtstat -c
>>
>> LAN-Verbindung:
>> Knoten-IP-Adresse: [192.168.182.187] Bereichskennung: []
>>
>> NetBIOS-Remotecache-Namentabelle
>>
>> Name Typ Hostadresse Dauer [Sek.]
>> -------------------------------------------------------------
>> LOHRMANN.DE <1C> GRUPPE 192.168.182.3 510
>> DOMAIN-CONTROLL<03> EINDEUTIG 192.168.182.3 -1
>> DOMAIN-CONTROLL<00> EINDEUTIG 192.168.182.3 -1
>> DOMAIN-CONTROLL<20> EINDEUTIG 192.168.182.3 -1
>>
>> C:\Dokumente und Einstellungen\Administrator>nbtstat -n
>>
>> LAN-Verbindung:
>> Knoten-IP-Adresse: [192.168.182.187] Bereichskennung: []
>>
>> Lokale NetBIOS-Namentabelle
>>
>> Name Typ Status
>> ---------------------------------------------
>> EMCO-TEST <00> EINDEUTIG Registriert
>> LOHRMANN <00> GRUPPE Registriert
>> EMCO-TEST <20> EINDEUTIG Registriert
>> LOHRMANN <1E> GRUPPE Registriert
>>
>>
>> console output server:
>>
>> root(a)domain-controller:/var/log# nmblookup -R -U 192.168.182.3
>> lohrmann.de
>> added interface eth0 ip=fe80::4049:31ff:fe69:67a%eth0
>> bcast=fe80::ffff:ffff:ffff
>> :ffff%eth0 netmask=ffff:ffff:ffff:ffff::
>> added interface eth0 ip=192.168.182.3 bcast=192.168.182.255
>> netmask=255.255.255.0
>> querying lohrmann.de on 192.168.182.3
>> Got a positive name query response from 192.168.182.3 ( 0.0.0.0 )
>> 0.0.0.0 lohrmann.de<00>
>>
>> root(a)domain-controller:/var/log# nmblookup -R -U 192.168.182.3
>> domain-controller
>> added interface eth0 ip=fe80::4049:31ff:fe69:67a%eth0
>> bcast=fe80::ffff:ffff:ffff
>> :ffff%eth0 netmask=ffff:ffff:ffff:ffff::
>> added interface eth0 ip=192.168.182.3 bcast=192.168.182.255
>> netmask=255.255.255.0
>> querying domain-controller on 192.168.182.3
>> Got a positive name query response from 192.168.182.3 ( 192.168.182.3 )
>> 192.168.182.3 domain-controller<00>
>>
>> root(a)domain-controller:/var/log# nmblookup -R -U 192.168.182.3 emco-test
>> added interface eth0 ip=fe80::4049:31ff:fe69:67a%eth0
>> bcast=fe80::ffff:ffff:ffff
>> :ffff%eth0 netmask=ffff:ffff:ffff:ffff::
>> added interface eth0 ip=192.168.182.3 bcast=192.168.182.255
>> netmask=255.255.255.0
>> querying emco-test on 192.168.182.3
>> Got a positive name query response from 192.168.182.3 ( 192.168.182.187 )
>> 192.168.182.187 emco-test<00>
>

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
From: Christian Geiger on
OK - using wireshark I further investigated into it. The name resolution
probably isn't the problem as the client sends a netlogon request to the
domain controller:

[code]
6 7.496115 192.168.182.187 192.168.182.3 SMB_NETLOGON SAM LOGON request
from client
[/code]

However, no reply seems to be sent back to the client by the samba
server according to the wireshark protocol. This is what nmbd logs at
the same time (debug level 3):

[code]
[2009/11/06 14:57:48, 3]
nmbd/nmbd_winsserver.c:wins_process_name_query_request
(1918)
wins_process_name_query: name query for name LOHRMANN.DE<1c> from IP
192.168.1
82.187
[2009/11/06 14:57:48, 3]
nmbd/nmbd_winsserver.c:wins_process_name_query_request
(1970)
wins_process_name_query: name query for name LOHRMANN.DE<1c>
returning first I
P 192.168.182.3.
[2009/11/06 14:57:48, 3] nmbd/nmbd_processlogon.c:process_logon_packet(386)
process_logon_packet: LOGON_SAM_LOGON_REQUEST sidsize 0 ntv 11
[2009/11/06 14:57:48, 3] nmbd/nmbd_processlogon.c:process_logon_packet(667)
process_logon_packet: processing delayed initial logon reply for
client EMCO-T
EST(192.168.182.187)
[2009/11/06 14:57:48, 3] nmbd/nmbd_processlogon.c:process_logon_packet(386)
process_logon_packet: LOGON_SAM_LOGON_REQUEST sidsize 0 ntv 11
[2009/11/06 14:57:48, 3] nmbd/nmbd_processlogon.c:process_logon_packet(667)
process_logon_packet: processing delayed initial logon reply for
client EMCO-T
EST(192.168.182.187)
[2009/11/06 14:57:56, 3] nmbd/nmbd_processlogon.c:process_logon_packet(386)
process_logon_packet: LOGON_SAM_LOGON_REQUEST sidsize 0 ntv 11
[2009/11/06 14:57:56, 3] nmbd/nmbd_processlogon.c:process_logon_packet(667)
process_logon_packet: processing delayed initial logon reply for
client EMCO-T
EST(192.168.182.187)
[2009/11/06 14:57:56, 3] nmbd/nmbd_processlogon.c:process_logon_packet(386)
process_logon_packet: LOGON_SAM_LOGON_REQUEST sidsize 0 ntv 11
[2009/11/06 14:57:56, 3] nmbd/nmbd_processlogon.c:process_logon_packet(667)
process_logon_packet: processing delayed initial logon reply for
client EMCO-T
EST(192.168.182.187)
[/code]

Has someone an idea? Thx!
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
From: Christian Geiger on
Sorry - it seems I could use a break. I made an (embarrassing) mistake
capturing the network traffic: in fact, the samba server DOES answer the
request. The following response comes back:

4 0.001857 192.168.182.3 192.168.182.187 SMB_NETLOGON SAM Response -
user unknown

However, Windows does not ask for a user to login. Trying to join the
domain using the netdom command from the Windows Support Tools supplying
a user and password for the Domain (netdom join emco-test
/Domain:lohrmann /UserD user /PasswordD password) doesn't work either.

I'm really stuck - can someone please help me?
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
From: Christian Geiger on
OK - finally fixed it. As already described in another thread, the
problem was a too long netbios name. Adding the following line to the
smb.conf fixed the problem:

netbios name = dc


Am 06.11.2009 15:48, schrieb Christian Geiger:
> Sorry - it seems I could use a break. I made an (embarrassing) mistake
> capturing the network traffic: in fact, the samba server DOES answer the
> request. The following response comes back:
>
> 4 0.001857 192.168.182.3 192.168.182.187 SMB_NETLOGON SAM Response -
> user unknown
>
> However, Windows does not ask for a user to login. Trying to join the
> domain using the netdom command from the Windows Support Tools supplying
> a user and password for the Domain (netdom join emco-test
> /Domain:lohrmann /UserD user /PasswordD password) doesn't work either.
>
> I'm really stuck - can someone please help me?

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba