I had a very similar problem (without the worm) not too long ago.
My current setup has the following in the dhcp server:
option netbios-node-type 2;
option netbios-name-servers a.b.c.d;
(where a.b.c.d is the actually IP address of my PDC).
This tells the windows clients to use peer-peer mode (only uses WINS,
doesn't use broadcast) and tells them where the WINS server is. This
is working quite well, and previously unknown (and uncached) users
have no problems logging onto the workstations.
You also need to have wins support = yes in your smb.conf, of course.
(Which, I notice, you say you already have).
I did have a couple of teething problems with this setup still
exhibiting the same problems, but they went away. I think you might
need to be sure that the samba server is, indeed the master browser -
by starting it up before any other clients on the windows network,
but that's just a wild guess.
Hope this helps.
On 31/01/2007, at 7:14 AM, Sherwood Botsford wrote:
Ok, I'm stumped.
Last week domain logons worked.
Now when I try to logon, I get a message, "You could not logon
because the SJSA domain is not available.
I've had this happen before when the trust account between the
client and server was out of sync (restored a disk image that had a
different trust account password)
To fix this, it has been sufficient to quit the domain, reset the
password for the machine account, and rejoin the domain.
If I do this, I get a new message:
"The specified domain either does not exist or could not be contacted"
If I log in as a local user, I can map network shares with no problem.
***
Had an idea to test, and now have some more info.
I've recently had problems with a network worm. Part of my
plan is to minimize broadcast traffic, and create a situation where
the clients can't see each other at all.
To this effect I used f-secure to block all tcp traffic to
192.168.1.2 to 192.168.1.239, which corresponds to my client
space. This part seems to work.
The rule that got me was I tried to block 192.168.1.255 -- the
broadcast address, thinking that if the clients couldn't do
broadcasts, they wouldn't be able to find each other.
My server is set up with wins support = yes
with name resolution order of lmhosts (which has the names of my
servers) dns hosts, but no broadcast.
At first I thought that without broadcast, it couldn't send arp
requests, but arps are ether broadcasts, not tcp. And if the
profile was cached, then logons worked, and browsing worked.
So finally my questions:
1. Why does stopping ip broadcasts break domain logons, but not
browsing shares?
2. What changes can I make to my setup to further inhibit client
to client communication?
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
--
Matt Skerritt
[EMAIL PROTECTED]
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
