Re: [Samba] how to allow ISC dhcpd to add/update entries to bind9 with bind_dlz (samba4)
Am 20.03.2012 19:20, schrieb Charles Tryon: > Hi Andreas, > > Yes, I did a lot of work trying to get that script working (along with a > bunch of other people on that discussion thread). I have it mostly > functional, but have largely backed away from that approach, since it runs > against what appears to be the more accepted policy of letting the machines > (in particular, the Windows machines) do their own secure update of the DNS > records. The unfortunate part is that the Linux clients don't seem to have > a way to do this by default. I have no idea how the Mac machines handle > their DNS once they get a DHCP response. Servers, which mostly use static > IP assignments, are a moot point, since I can just manually create the DNS > records and be done with it. > > The issue is the fact that DNS remembers "who" created (owns) the DNS > record, and based on that ownership, who it will allow to change it. If it > is created by some dhcpd initiated transaction, then the Windows client > itself is not allowed to update the record in the future. > > My feeling at this point is to try to follow the Windows Way for the time > being (since that's the bulk of the machines on the network), and handle > the few Linux clients (oddballs like myself) as special cases. We also use > DHCP reservations based on the machine's MAC address, so largely it's a > non-issue. (Or, at least I've got bigger fish to fry first before I go > back and make sure the DHCP/DLZ behavior is tidy.) > > > > On Sun, Mar 18, 2012 at 3:38 AM, Andreas Oster wrote: > >> Am 17.03.2012 21:06, schrieb Matthieu Patou: >>> On 03/17/2012 10:00 AM, Andreas Oster wrote: Hello all, I have set up a samba4 server with bind9 and the bind_dlz module. Everything is working as it should but now I need to allow the dhcp server to add entries to the forwarding zone. Has anybody implemented such a configuration ? Can this be done with the kerberos DNS dynamic update configuration. >>> I had it working with flat file backend. >>> I think that the way dhcp and bind do their DDNS is different form the >>> way windows do it's DDNS, as far as I know dlz_plugin only support the >>> later one so far. >>> I want to achieve the following: 1) allow non-Windows machines (printers, ILO ...) to be added by dhcpd 2) allow Windows machines (joined to AD) to update their own entries 2 - already works with the configuration from samba wiki >>> I put our DNS experts in direct copy maybe then can advise you better >>> than I. >>> >> Hello Mattieu, >> >> thank you for you answer. I searched the web allot, but the >> only useful stuff I found was a script by Michael Kuron which >> has been slightly modified by Charles Tryon but I have no >> clue how to integrate this with bind9 dlz, see: >> >> >> http://blog.michael.kuron-germany.de/2011/02/isc-dhcpd-dynamic-dns-updates-against-secure-microsoft-dns/ >> >> It would be great if someone could help me with the DDNS setup. >> >> best regards >> >> Andreas >> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >> > > > Hello Charles, first I would like to thank you for this great script. For our small network,50 or so clients, I modified your script just a little. I have added an additional name comparison to check if the name contains a special string ( in our case all Windows workstations are named like DOMAINNAME+WS+Number) and if it does just exit the script. This way I do not get the ownership issue. All other machines either do have static IPs or are not members in the AD. Thanks best regards Andreas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Upgrade of IDMAP_VERSION from -1 to 2 is not possible with incomplete configuration
Thanks for the suggestion, but no joy Below is my [global] workgroup = endace realm = ad.DOMAIN.COM server string = %h server wins server = 10.0.32.2 dns proxy = no panic action = /usr/share/samba/panic-action %d security = ADS encrypt passwords = true passdb backend = tdbsam obey pam restrictions = no unix password sync = yes password server = dcn01.ad.DOMAIN.COM passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . machine password timeout = 0 pam password change = yes map to guest = bad user force group = domain^users idmap config ALL:backend = lwicompat_v4 idmap config ALL:default = yes idmap config ALL:readonly = yes idmap backend idmap uid idmap gid hosts allow = ALL usershare allow guests = yes printcap name = /etc/printcap #Logging # log file = /var/log/samba/log.%m max log size = 1000 #syslog = 0 log level = 1 vfs:1 log file = /var/log/samba/%U.%m.log #Network socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=65536 SO_SNDBUF=65536 # Any further advice ? Thanks On Sat, Mar 17, 2012 at 2:58 AM, Tom Noonan II wrote: > I saw this on CentOS 6 with winbind, not LikewiseOpen. The problem is > that it expects configuration options to be present that are flagged as having > (sane) defaults in the smb.conf man page. Once I added the following options > for winbind to my smb.conf this problem went away: > > idmap backend > idmap uid > idmap gid > > I believe it was "idmap backend," but I didn't verify that. > > > -- > Tom Noonan II > ESL Technician - Randstad > > > On Fri, 16 Mar 2012 08:37:48 + > Gregory Machin wrote: > >> Hi >> >> I'm running CentOS 6.2 with samba-3.5.10-114 , and LikewiseOpen 6.1 . >> >> How do I fix these errors ? >> >> Mar 16 20:25:43 nzhmlfpr05 winbindd[2556]: [2012/03/16 >> 20:25:43.639871, 0] winbindd/idmap_tdb.c:287(idmap_tdb_open_db) >> Mar 16 20:25:43 nzhmlfpr05 winbindd[2556]: Upgrade of IDMAP_VERSION >> from -1 to 2 is not possible with incomplete configuration >> Mar 16 20:25:43 nzhmlfpr05 winbindd[2556]: [2012/03/16 >> 20:25:43.654353, 0] winbindd/idmap_tdb.c:287(idmap_tdb_open_db) >> Mar 16 20:25:43 nzhmlfpr05 winbindd[2556]: Upgrade of IDMAP_VERSION >> from -1 to 2 is not possible with incomplete configuration >> Mar 16 20:25:43 nzhmlfpr05 winbindd[2556]: [2012/03/16 >> 20:25:43.655811, 0] winbindd/idmap_tdb.c:287(idmap_tdb_open_db) >> Mar 16 20:25:43 nzhmlfpr05 winbindd[2556]: Upgrade of IDMAP_VERSION >> from -1 to 2 is not possible with incomplete configuration >> Mar 16 20:25:43 nzhmlfpr05 winbindd[2556]: [2012/03/16 >> 20:25:43.674267, 0] winbindd/idmap_tdb.c:287(idmap_tdb_open_db) >> Mar 16 20:25:43 nzhmlfpr05 winbindd[2556]: Upgrade of IDMAP_VERSION >> from -1 to 2 is not possible with incomplete configuration >> Mar 16 20:25:43 nzhmlfpr05 winbindd[2556]: [2012/03/16 >> 20:25:43.675524, 0] winbindd/idmap_tdb.c:287(idmap_tdb_open_db) >> Mar 16 20:25:43 nzhmlfpr05 winbindd[2556]: Upgrade of IDMAP_VERSION >> from -1 to 2 is not possible with incomplete configuration >> Mar 16 20:25:43 nzhmlfpr05 winbindd[2556]: [2012/03/16 >> 20:25:43.693888, 0] winbindd/idmap_tdb.c:287(idmap_tdb_open_db) >> Mar 16 20:25:43 nzhmlfpr05 winbindd[2556]: Upgrade of IDMAP_VERSION >> from -1 to 2 is not possible with incomplete configuration >> Mar 16 20:25:43 nzhmlfpr05 winbindd[2556]: [2012/03/16 >> 20:25:43.695097, 0] winbindd/idmap_tdb.c:287(idmap_tdb_open_db) >> >> Thanks >> >> Greg > > > > -- > Tom Noonan II > ESL Technician - Randstad -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help with smbpasswd file
The "testparm -v" will let you see which smb.conf file is being used and what the settings are. If the default settings for passwd file and private directory are not to your liking you can specify the in the smb.conf file e.g. # testparm -v | grep -i priv Load smb config files from /etc/samba/smb.conf smb passwd file = /var/lib/samba/private/smbpasswd private dir = /var/lib/samba/private On 03/20/12 14:18, Beau Gauthreaux wrote: Is there a procedure for copying the smbpasswd from an old machine to a new machine (fresh samba build), and have the new machine recognize the old smbpasswd file? Both machines are aix 6.1 and Samba version 3.5.12. I copied all of the .tdb files but that didn't seem to work. The new machine does not seem to know what is in /usr/local/samba/private/smbpasswd. Below is my smb.conf Thanks, bash-4.2# cat smb.conf [global] workgroup = privateworkgroup netbios name = someserver server string = Some Samba Server %v security = user encrypt passwords = yes passdb backend = smbpasswd log file = /LOGS/log.smbd max log size = 20 log level = 2 delete readonly = yes invalid users = root daemon bin sys adm uucp nuucp lpd imnadm ipsec lp snapp inv scout guest account = nobody host msdfs = no max xmit = 65535 socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 strict locking = no allocation roundup size = 2097152 use sendfile = true comment = Samba Share path = /export/shares writeable = yes create mask = 0775 directory mask = 0775 security mask = 0770 force security mode = 770 directory security mask = 0770 force directory security mode = 770 force create mode = 0775 force directory mode = 0775 inherit acls = yes [Tshare] #Windows no Unix yes (Execute bit) map archive = no map system = no map hidden = no [Tshares-unix] #Windows no Unix yes (Execute bit) map archive = yes map system = yes map hidden = yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] how to allow ISC dhcpd to add/update entries to bind9 with bind_dlz (samba4)
Hi Andreas, Yes, I did a lot of work trying to get that script working (along with a bunch of other people on that discussion thread). I have it mostly functional, but have largely backed away from that approach, since it runs against what appears to be the more accepted policy of letting the machines (in particular, the Windows machines) do their own secure update of the DNS records. The unfortunate part is that the Linux clients don't seem to have a way to do this by default. I have no idea how the Mac machines handle their DNS once they get a DHCP response. Servers, which mostly use static IP assignments, are a moot point, since I can just manually create the DNS records and be done with it. The issue is the fact that DNS remembers "who" created (owns) the DNS record, and based on that ownership, who it will allow to change it. If it is created by some dhcpd initiated transaction, then the Windows client itself is not allowed to update the record in the future. My feeling at this point is to try to follow the Windows Way for the time being (since that's the bulk of the machines on the network), and handle the few Linux clients (oddballs like myself) as special cases. We also use DHCP reservations based on the machine's MAC address, so largely it's a non-issue. (Or, at least I've got bigger fish to fry first before I go back and make sure the DHCP/DLZ behavior is tidy.) On Sun, Mar 18, 2012 at 3:38 AM, Andreas Oster wrote: > Am 17.03.2012 21:06, schrieb Matthieu Patou: > > On 03/17/2012 10:00 AM, Andreas Oster wrote: > >> Hello all, > >> > >> I have set up a samba4 server with bind9 and the bind_dlz module. > >> Everything is working as it should but now I need to allow the dhcp > >> server to add entries to the forwarding zone. Has anybody implemented > >> such a configuration ? Can this be done with the kerberos DNS dynamic > >> update configuration. > > I had it working with flat file backend. > > I think that the way dhcp and bind do their DDNS is different form the > > way windows do it's DDNS, as far as I know dlz_plugin only support the > > later one so far. > > > >> I want to achieve the following: > >> > >> 1) allow non-Windows machines (printers, ILO ...) to be added by dhcpd > >> 2) allow Windows machines (joined to AD) to update their own entries > >> > >> 2 - already works with the configuration from samba wiki > >> > > I put our DNS experts in direct copy maybe then can advise you better > > than I. > > > Hello Mattieu, > > thank you for you answer. I searched the web allot, but the > only useful stuff I found was a script by Michael Kuron which > has been slightly modified by Charles Tryon but I have no > clue how to integrate this with bind9 dlz, see: > > > http://blog.michael.kuron-germany.de/2011/02/isc-dhcpd-dynamic-dns-updates-against-secure-microsoft-dns/ > > It would be great if someone could help me with the DDNS setup. > > best regards > > Andreas > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > -- Charles Tryon _ “Risks are not to be evaluated in terms of the probability of success, but in terms of the value of the goal.” - Ralph D. Winter -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Help with smbpasswd file
Is there a procedure for copying the smbpasswd from an old machine to a new machine (fresh samba build), and have the new machine recognize the old smbpasswd file? Both machines are aix 6.1 and Samba version 3.5.12. I copied all of the .tdb files but that didn't seem to work. The new machine does not seem to know what is in /usr/local/samba/private/smbpasswd. Below is my smb.conf Thanks, bash-4.2# cat smb.conf [global] workgroup = privateworkgroup netbios name = someserver server string = Some Samba Server %v security = user encrypt passwords = yes passdb backend = smbpasswd log file = /LOGS/log.smbd max log size = 20 log level = 2 delete readonly = yes invalid users = root daemon bin sys adm uucp nuucp lpd imnadm ipsec lp snapp inv scout guest account = nobody host msdfs = no max xmit = 65535 socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 strict locking = no allocation roundup size = 2097152 use sendfile = true comment = Samba Share path = /export/shares writeable = yes create mask = 0775 directory mask = 0775 security mask = 0770 force security mode = 770 directory security mask = 0770 force directory security mode = 770 force create mode = 0775 force directory mode = 0775 inherit acls = yes [Tshare] #Windows no Unix yes (Execute bit) map archive = no map system = no map hidden = no [Tshares-unix] #Windows no Unix yes (Execute bit) map archive = yes map system = yes map hidden = yes -- Beau Gauthreaux -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] security=ADS related question
Hi all, I am just struggling with SAMBA design and i was wondering whether anyone here can help. In my environment, there is an AD server and my SAMBA server is on an AIX box. I need to set up SAMBA so that it will use AD authentication AND few particular users found in AD (but not yet in AIX) will need to own the files within SAMBA shares. Is that possible? The thing is.. other than those 2 or 3 AD users being able to authenticate for SAMBA (and SAMBA ONLY), I really do not want it to be used for AIX authentication. So what kind of configuration do I need to try? I got a server that's checking AD for the password and it appears to be successful but currently it requires for me to create an entry in /etc/passwd file *testuser:!:500:100::/dev/null:/bin/false* (but no password given). And my smb.conf looks like below. *[global]* *workgroup = TEST* *security = ADS* *encrypt passwords = Yes* *realm = TEST.TESTDOMAIN.COM* *winbind separator = +* *log file = /opt/pware/var/log.%m* *lock directory = /opt/pware/var/locks/samba* *client schannel = no* * * *idmap config TEST:default = yes* *idmap config TEST:backend = tdb* *idmap config TEST:range = 900 50* *idmap alloc backend = tdb* *idmap alloc config:range = 900 50* Am I doing this correctly? I do not mind creating an entry in AIX but if anyone can either confirm or disagree what I am doing is correct, that will be great. I've ordered "Using SAMBA - 3rd edition" but if someone is using a resource that's better than that, please point me to it. Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] how to allow ISC dhcpd to add/update entries to bind9 with bind_dlz (samba4)
Am 17.03.2012 18:00, schrieb Andreas Oster: > Hello all, > > I have set up a samba4 server with bind9 and the bind_dlz module. > Everything is working as it should but now I need to allow the dhcp > server to add entries to the forwarding zone. Has anybody implemented > such a configuration ? Can this be done with the kerberos DNS dynamic > update configuration. > > I want to achieve the following: > > 1) allow non-Windows machines (printers, ILO ...) to be added by dhcpd > 2) allow Windows machines (joined to AD) to update their own entries > > 2 - already works with the configuration from samba wiki > > Thank you for your kind help > > best regards > > Andreas > Hi all, finally I got it up and running. I am using the script by Charles Tryon http://blog.michael.kuron-germany.de/2011/02/isc-dhcpd-dynamic-dns-updates-against-secure-microsoft-dns/ best regards Andreas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba over nfs mount and free space problem
On 03/19/2012 10:30 PM, Alex Mestiashvili wrote: > On 03/19/2012 08:35 PM, Volker Lendecke wrote: >> On Mon, Mar 19, 2012 at 03:55:44PM +0100, Alex Mestiashvili wrote: >>> "dfree command" also didn't help. >> The dfree command should always help. You could fake 100GB >> free space always. >> >> Volker > Hi, > > that is my dfree command ( I added simple logging ) > > #!/bin/sh > /usr/sbin/df -k $1 | /usr/bin/tail -1 | /opt/csw/bin/gawk '{print $2" > "$4}' > /bin/echo $1 | /usr/bin/logger -t smbd_dfree_args -p local7.notice > /bin/echo `pwd` | /usr/bin/logger -t smbd_dfree_cwd -p local7.notice > > the output is like that : > $/usr/local/bin/dfree > 629145600 354102404 > > df output for nfs share looks like that: > > df -k |head-1 > Filesystemkbytesused avail capacity Mounted on > > cd /home/mygroup/myuser > df -k . > nfsserver:/users/myuser > 629145600 275043196 35410240444% > /home/mygroup/myuser > > > df -k for local fs: > > localzfs/users/myuser > 1948778496 42750990 914183310 5% > /home/mygroup/myuser > > > nevertheless when I access nfs share via samba I get no free space . > with local fs it is ok . > The same happens in windows when one maps a network drive. > > I will check again tomorrow, but may be I am missing something simple > and obvious ? > > Thank you, > Alex I changed dfree script to the very simple one: #cat dfree #!/bin/sh echo 524150168 524150168 now if I access a share which is a local filesystem to the samba server I get with df -h : Size 500G Used 0B Available 500Gi so dfree works fine in that case. if I access via smb nfs mounted filesystem I get totally different result: Size 186M Used 186M Available 0B So obviously dfree doen't work in this case . What else mechanism is used to determine share size ? Thank you, Alex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba streitet sich um Master Browser und wird kein PDC...
Dear all, since yesterday our samba PDC did "loose" his master status within our LAN for the domain "SRG" - since then windows boxes did not "see" the logon server anymore. nmblookup -T -M SRG is reporting some of the windows machines (one box running since more then a year...). - net rpc join -S SRG -U root (on the PDC works) - net rpc join -S 192.168.123.202 -U root (on a client works) - net rpc join --S SRG -U root (on a client works NOT - "no nmbd around" and srg host got resolved to the wrong one) Some monthes ago i had a similiar problem - in that case i had a bug in my interface conf in smb.config I've produced some level 10 logs (full log see urls above) - these lines seems important to me from then. --- snip --- 2012/03/19 19:12:56, 8] nmbd/nmbd_elections.c:361(check_elections) check_elections: Cannot send election packet yet as name SRG<1e> not yet registered on subnet 192.168.123.202 ---snap --- and: --- snip --- [2012/03/20 07:35:24, 3] nmbd/nmbd_logonnames.c:138(become_logon_server) become_logon_server: go to first stage: register SRG<1c> name [2012/03/20 07:35:24, 3] nmbd/nmbd_elections.c:77(check_for_master_browser_success) check_for_master_browser_success: Local master browser for workgroup SRG exists at IP 192.168.124.242 (just checking). [2012/03/20 07:35:24, 0] nmbd/nmbd_nameregister.c:73(register_name_response) register_name_response: Answer name SRG<00> differs from question name SRG<1c>. [2012/03/20 07:35:24, 3] nmbd/nmbd_incomingrequests.c:456(process_name_query_request) process_name_query_request: Name query from 192.168.124.243 on subnet 192.168.123.202 for name SRG<1d> [2012/03/20 07:35:26, 0] nmbd/nmbd_logonnames.c:64(become_logon_server_fail) become_logon_server_fail: Failed to become a domain master for workgroup SRG on subnet 192.168.123.202. Couldn't register name SRG<1c>. [2012/03/20 07:35:26, 0] nmbd/nmbd_namelistdb.c:309(standard_fail_register) --- snap --- here my [global]: --- schnipp --- [global] name resolve order = host wins lmhosts bcast time server = Yes lprm command = lprm -P'%p' %j netbios name = SERVER lpresume command = lpc release '%p' %j logon script = %U.bat workgroup = SRG os level = 255 queueresume command = lpc start '%p' add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody -g machines -s /bin/false %u max log size = 5000 log level = 10 lanman auth = yes log file = /var/log/samba/log.%m load printers = No map acl inherit = Yes username level = 15 #socket options = SO_KEEPALIVE TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192 logon drive = L: guest ok = yes domain master = Yes local master = Yes idmap backend = rid:KPAK=100-1 winbind use default domain = yes passdb backend = tdbsam logon home = \\%L\%U wins support = Yes case sensitive = No dos filetime resolution = Yes netbios aliases = audioserv server string = PDC queuepause command = lpc stop '%p' preexec = /usr/local/bin/netlogon %U logon path = \\%L\profiles\%U client lanman auth = yes lppause command = lpc hold '%p' %j preferred master = Yes winbind cache time = 1 domain logons = Yes #add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody -g machines -s /bin/false %m$ interfaces = 192.168.123.202/255.255.0.0 127.0.0.1/255.0.0.0 hosts allow = 192.168.123. 192.168.124. localhost bind interfaces only = yes --- schnapp --- ...nmbd seems to hear "properly": ~ # netstat -atun|grep 137 udp0 0 192.168.255.255:137 0.0.0.0:* udp0 0 192.168.123.202:137 0.0.0.0:* udp0 0 0.0.0.0:137 The correct PDC should be 192.168.123.202 - the current wrong one is 192.168.124.242 For testing purposes i still tried to remove wins.dat und browse.dat as some caches to let samba create it freshly. Here is a level 10 log from nmbd: http://217.171.190.10/srg.debug.txt Output from nbmlookup -T -M SRG (Level 10) here: http://217.171.190.10/srg.nmblookup.txt It would be very nice to get any input - many thanks in advance for any hint or tip!... best regards, Niels. -- --- Niels Dettenbach Syndicat IT & Internet http://www.syndicat.com --- signature.asc Description: This is a digitally signed message part. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba not "seen" as logon server / PDC anymore...
Dear all, since yesterday our samba PDC did "loose" his master status within our LAN for the domain "SRG" - since then windows boxes did not "see" the logon server anymore. nmblookup -T -M SRG is reporting some of the windows machines (one box running since more then a year...). - net rpc join -S SRG -U root (on the PDC works) - net rpc join -S 192.168.123.202 -U root (on a client works) - net rpc join --S SRG -U root (on a client works NOT - "no nmbd around" and srg host got resolved to the wrong one) Some monthes ago i had a similiar problem - in that case i had a bug in my interface conf in smb.config I've produced some level 10 logs (full log see urls above) - these lines seems important to me from then. --- snip --- 2012/03/19 19:12:56, 8] nmbd/nmbd_elections.c:361(check_elections) check_elections: Cannot send election packet yet as name SRG<1e> not yet registered on subnet 192.168.123.202 ---snap --- and: --- snip --- [2012/03/20 07:35:24, 3] nmbd/nmbd_logonnames.c:138(become_logon_server) become_logon_server: go to first stage: register SRG<1c> name [2012/03/20 07:35:24, 3] nmbd/nmbd_elections.c:77(check_for_master_browser_success) check_for_master_browser_success: Local master browser for workgroup SRG exists at IP 192.168.124.242 (just checking). [2012/03/20 07:35:24, 0] nmbd/nmbd_nameregister.c:73(register_name_response) register_name_response: Answer name SRG<00> differs from question name SRG<1c>. [2012/03/20 07:35:24, 3] nmbd/nmbd_incomingrequests.c:456(process_name_query_request) process_name_query_request: Name query from 192.168.124.243 on subnet 192.168.123.202 for name SRG<1d> [2012/03/20 07:35:26, 0] nmbd/nmbd_logonnames.c:64(become_logon_server_fail) become_logon_server_fail: Failed to become a domain master for workgroup SRG on subnet 192.168.123.202. Couldn't register name SRG<1c>. [2012/03/20 07:35:26, 0] nmbd/nmbd_namelistdb.c:309(standard_fail_register) --- snap --- here my [global]: --- schnipp --- [global] name resolve order = host wins lmhosts bcast time server = Yes lprm command = lprm -P'%p' %j netbios name = SERVER lpresume command = lpc release '%p' %j logon script = %U.bat workgroup = SRG os level = 255 queueresume command = lpc start '%p' add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody -g machines -s /bin/false %u max log size = 5000 log level = 10 lanman auth = yes log file = /var/log/samba/log.%m load printers = No map acl inherit = Yes username level = 15 #socket options = SO_KEEPALIVE TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192 logon drive = L: guest ok = yes domain master = Yes local master = Yes idmap backend = rid:KPAK=100-1 winbind use default domain = yes passdb backend = tdbsam logon home = \\%L\%U wins support = Yes case sensitive = No dos filetime resolution = Yes netbios aliases = audioserv server string = PDC queuepause command = lpc stop '%p' preexec = /usr/local/bin/netlogon %U logon path = \\%L\profiles\%U client lanman auth = yes lppause command = lpc hold '%p' %j preferred master = Yes winbind cache time = 1 domain logons = Yes #add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody -g machines -s /bin/false %m$ interfaces = 192.168.123.202/255.255.0.0 127.0.0.1/255.0.0.0 hosts allow = 192.168.123. 192.168.124. localhost bind interfaces only = yes --- schnapp --- ...nmbd seems to hear "properly": ~ # netstat -atun|grep 137 udp0 0 192.168.255.255:137 0.0.0.0:* udp0 0 192.168.123.202:137 0.0.0.0:* udp0 0 0.0.0.0:137 The correct PDC should be 192.168.123.202 - the current wrong one is 192.168.124.242 For testing purposes i still tried to remove wins.dat und browse.dat as some caches to let samba create it freshly. Here is a level 10 log from nmbd: http://217.171.190.10/srg.debug.txt Output from nbmlookup -T -M SRG (Level 10) here: http://217.171.190.10/srg.nmblookup.txt It would be very nice to get any input - many thanks in advance for any hint or tip!... best regards, Niels. -- --- Niels Dettenbach Syndicat IT & Internet http://www.syndicat.com --- signature.asc Description: This is a digitally signed message part. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba