Re: [Samba] can connect to 2 samba servers by name but to one by IPonly
This is where things stand so far: Pdc1 is samba 3.4.x Bdc1 is samba 3.0.x (also the WINS server) Bdc2 is samba 3.0.x On an XP Pro machine at work, joined to the domain, the following commands work net use \\pdc1 net use \\bdc1 net use \\bdc2 If I connect to work via VPN from either a work machine (which is a domain member, but logging in using cached credentials) or my home PC (XP Pro but not in the domain) the following commands fail net use \\pdc1 net use \\pdc1.mydomain.com The following commands work net use \\bdc1 net use \\bdc2 net use \\IP_OF_PDC1 ping pdc1 ping pdc1.mydomain.com nslookup pdc1.mydomain.com IN fact, net use seems to work for any other Windows or Samba server (in the same or different domains), just not the PDC1. Since, by default, VPN clients do NOT use WINS server, this indicates that they are resolving host names via DNS.(I did try enabling WINS client but it didn't change anything.) If the machine is a domain member, nslookup pdc1 also works. I use sonicwall VPN client which has a virtual nic, which gets an IP address (including DNS and optionally wins info) from the company DHCP server, and on the same subnet as the servers and other machines on the network. If I update lmhosts on my PC, I can use net use \\pdc1. This suggests that XP is NOT using DNS to resolve host name for this host. But that doesn't make sense, since every other host can be accessed by name. nbtstat -r (Lists names resolved by broadcast and via WINS) only shows the other xp machine on my home network, not any of the machines on the company network, so I am pretty sure I am not resolving server names via broadcast or wins. Updating hosts file on my XP machine doesn't help either. It also should not matter how the server resolves hostnames. Any thoughts? Thanks -Original Message- From: Gaiseric Vandal [mailto:gaiseric.van...@gmail.com] Sent: Thursday, January 13, 2011 2:14 PM To: TAKAHASHI Motonobu Cc: Samba Subject: Re: [Samba] can connect to 2 samba servers by name but to one by IPonly nslookup on windows machines does require the FQDN name- i.e. pdc1.mydomain.com. ping does not (windows will appropriately add the domain name.) I have not tried net use \\pdc1.mydomain.com from a VPN connection. I know that nslookup and ping in Windows have separate name resolution routines, and handle domain suffixes a little differently. Again, that should have affected all machines. Machines on VPN connection get the mydomain.com appended to the VPN virtual NIC, but it is not the default domain for the machine. I looked at my DNS server- I can't see any differences in the entry for pdc1 vs any other machine- even though DNS is the only thing that would make sense. But VPN clients use the 2ndary DNS servers for name lookup, not the primary. I may try configuring VPN clients to use the primary DNS server.None of the server names are 16 characters or more. Thanks On 01/13/2011 12:38 PM, TAKAHASHI Motonobu wrote: 2011/1/13 Gaiseric Vandalgaiseric.van...@gmail.com: Adding pdc1 to the hosts file (c:\windows\system32\drivers\etc\hosts) did not make a difference. After adding pdc1 to lmhosts, net use \\pdc1 did work. So in the case of pdc1 one, the name is being resolved as a netbios name (i.e. via lmhosts) not a tcp/ip type name (i.e. via dns or hosts) But then why does net use work with all the other windows or samba servers? As far as I can tell, DNS is the only method by which the names are being resolved. What does nslookup PDC1 and ping PDC1 show? If you have a host named PDC1.example.com then nslookup PDC1 may return the IP address of PDC1.example.com, not the IP address of expected PDC1. Anyway, you had better debug at the view of DNS name resolution, not Samba. --- TAKAHASHI Motonobumo...@samba.gr.jp -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] can connect to 2 samba servers by name but to one by IPonly
I ran snoop on my samba servers to capture Ethernet packets between the remote XP machine and the samba servers. It does show that the With a successful connection: The client sends what appears to be an empty SMB packet to the server on port 445 SMB: - SMB: - SMB: SMB: SMB: The server responds with a similar packet, then the client starts sending more information to the server e.g. NBT: - NBT Header - NBT: NBT: Type = SESSION MESSAGE NBT: Length = 133 bytes NBT: SMB: - SMB Header - SMB: SMB: CLIENT REQUEST SMB: Command code = 0x72 SMB: Command name = SMBnegprot SMB: SMB: SMB Status: SMB: - Error class = No error SMB: - Error code = No error SMB: SMB: Header: SMB: - Tree ID (TID) = 0x SMB: - Process ID (PID) = 0xfeff SMB: - User ID (UID) = 0x SMB: - Multiplex ID (MID) = 0x SMB: - Flags summary = 0x18 SMB: - Flags2 summary = 0xc853 SMB: SMB: ByteCount = 98 SMB: Dialect String = PC NETWORK PROGRAM 1.0 SMB: Dialect String = LANMAN1.0 SMB: Dialect String = Windows for Workgroups 3.1a SMB: Dialect String = LM1.2X002 SMB: Dialect String = LANMAN2.1 SMB: Dialect String = NT LM 0.12 SMB: However which a failed connection, it looks like the client sends the empty SMB packet, the server does respond with an empty SMB packet, but then the client just sends another empty SMB packet. I am stumped. I appreciate any advice. -Original Message- From: Gaiseric Vandal [mailto:gaiseric.van...@gmail.com] Sent: Wednesday, February 02, 2011 7:39 AM To: 'Samba' Subject: RE: [Samba] can connect to 2 samba servers by name but to one by IPonly This is where things stand so far: Pdc1 is samba 3.4.x Bdc1 is samba 3.0.x (also the WINS server) Bdc2 is samba 3.0.x On an XP Pro machine at work, joined to the domain, the following commands work net use \\pdc1 net use \\bdc1 net use \\bdc2 If I connect to work via VPN from either a work machine (which is a domain member, but logging in using cached credentials) or my home PC (XP Pro but not in the domain) the following commands fail net use \\pdc1 net use \\pdc1.mydomain.com The following commands work net use \\bdc1 net use \\bdc2 net use \\IP_OF_PDC1 ping pdc1 ping pdc1.mydomain.com nslookup pdc1.mydomain.com IN fact, net use seems to work for any other Windows or Samba server (in the same or different domains), just not the PDC1. Since, by default, VPN clients do NOT use WINS server, this indicates that they are resolving host names via DNS.(I did try enabling WINS client but it didn't change anything.) If the machine is a domain member, nslookup pdc1 also works. I use sonicwall VPN client which has a virtual nic, which gets an IP address (including DNS and optionally wins info) from the company DHCP server, and on the same subnet as the servers and other machines on the network. If I update lmhosts on my PC, I can use net use \\pdc1. This suggests that XP is NOT using DNS to resolve host name for this host. But that doesn't make sense, since every other host can be accessed by name. nbtstat -r (Lists names resolved by broadcast and via WINS) only shows the other xp machine on my home network, not any of the machines on the company network, so I am pretty sure I am not resolving server names via broadcast or wins. Updating hosts file on my XP machine doesn't help either. It also should not matter how the server resolves hostnames. Any thoughts? Thanks -Original Message- From: Gaiseric Vandal [mailto:gaiseric.van...@gmail.com] Sent: Thursday, January 13, 2011 2:14 PM To: TAKAHASHI Motonobu Cc: Samba Subject: Re: [Samba] can connect to 2 samba servers by name but to one by IPonly nslookup on windows machines does require the FQDN name- i.e. pdc1.mydomain.com. ping does not (windows will appropriately add the domain name.) I have not tried net use \\pdc1.mydomain.com from a VPN connection. I know that nslookup and ping in Windows have separate name resolution routines, and handle domain suffixes a little differently. Again, that should have affected all machines. Machines on VPN connection get the mydomain.com appended to the VPN virtual NIC, but it is not the default domain for the machine. I looked at my DNS server- I can't see any differences in the entry for pdc1 vs any other machine- even though DNS is the only thing that would make sense. But VPN clients use the 2ndary DNS servers for name lookup, not the primary. I may try configuring VPN clients to use the primary DNS server.None of the server names are 16 characters or more. Thanks On 01/13/2011 12:38 PM, TAKAHASHI Motonobu wrote: 2011/1/13 Gaiseric Vandalgaiseric.van...@gmail.com: Adding pdc1 to the hosts file (c:\windows\system32\drivers\etc\hosts) did not make a difference. After adding pdc1 to lmhosts,
Re: [Samba] can connect to 2 samba servers by name but to one by IPonly
2011/1/13 Gaiseric Vandal gaiseric.van...@gmail.com: Adding pdc1 to the hosts file (c:\windows\system32\drivers\etc\hosts) did not make a difference. After adding pdc1 to lmhosts, net use \\pdc1 did work. So in the case of pdc1 one, the name is being resolved as a netbios name (i.e. via lmhosts) not a tcp/ip type name (i.e. via dns or hosts) But then why does net use work with all the other windows or samba servers? As far as I can tell, DNS is the only method by which the names are being resolved. What does nslookup PDC1 and ping PDC1 show? If you have a host named PDC1.example.com then nslookup PDC1 may return the IP address of PDC1.example.com, not the IP address of expected PDC1. Anyway, you had better debug at the view of DNS name resolution, not Samba. --- TAKAHASHI Motonobu mo...@samba.gr.jp -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] can connect to 2 samba servers by name but to one by IPonly
nslookup on windows machines does require the FQDN name- i.e. pdc1.mydomain.com. ping does not (windows will appropriately add the domain name.) I have not tried net use \\pdc1.mydomain.com from a VPN connection. I know that nslookup and ping in Windows have separate name resolution routines, and handle domain suffixes a little differently. Again, that should have affected all machines. Machines on VPN connection get the mydomain.com appended to the VPN virtual NIC, but it is not the default domain for the machine. I looked at my DNS server- I can't see any differences in the entry for pdc1 vs any other machine- even though DNS is the only thing that would make sense. But VPN clients use the 2ndary DNS servers for name lookup, not the primary. I may try configuring VPN clients to use the primary DNS server.None of the server names are 16 characters or more. Thanks On 01/13/2011 12:38 PM, TAKAHASHI Motonobu wrote: 2011/1/13 Gaiseric Vandalgaiseric.van...@gmail.com: Adding pdc1 to the hosts file (c:\windows\system32\drivers\etc\hosts) did not make a difference. After adding pdc1 to lmhosts, net use \\pdc1 did work. So in the case of pdc1 one, the name is being resolved as a netbios name (i.e. via lmhosts) not a tcp/ip type name (i.e. via dns or hosts) But then why does net use work with all the other windows or samba servers? As far as I can tell, DNS is the only method by which the names are being resolved. What does nslookup PDC1 and ping PDC1 show? If you have a host named PDC1.example.com then nslookup PDC1 may return the IP address of PDC1.example.com, not the IP address of expected PDC1. Anyway, you had better debug at the view of DNS name resolution, not Samba. --- TAKAHASHI Motonobumo...@samba.gr.jp -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] can connect to 2 samba servers by name but to one by IPonly
Adding pdc1 to the hosts file (c:\windows\system32\drivers\etc\hosts) did not make a difference. After adding pdc1 to lmhosts, net use \\pdc1 did work. So in the case of pdc1 one, the name is being resolved as a netbios name (i.e. via lmhosts) not a tcp/ip type name (i.e. via dns or hosts) But then why does net use work with all the other windows or samba servers? As far as I can tell, DNS is the only method by which the names are being resolved. I did notice that nbtstat -c shows the following What does nbtstat -r show? SonicWALL VPN Connection: Node IpAddress: [x.x.x.x.] Scope Id: [] NetBIOS Remote Cache Name Table Name Type Host AddressLife [sec] BDC1 20 UNIQUE x.x.x.x.10522 BDC2 20 UNIQUE x.x.x.x.11560 SOMEMACHINE 20 UNIQUE x.x.x.x.12597 PDC1 is not in cache- which I guess makes sense since it is explicitly listed in lmhosts. The nbtstat -r command only shows machine on my home network, nothing on the corporate network, so this really does indicate that there is no netbios broadcasts going on crossing the VPN link. Thanks -Original Message- From: TAKAHASHI Motonobu [mailto:mo...@monyo.com] Sent: Thursday, January 06, 2011 8:09 AM To: gaiseric.van...@gmail.com Cc: samba@lists.samba.org Subject: Re: [Samba] can connect to 2 samba servers by name but to one by IP only 2011/1/6 Gaiseric Vandal gaiseric.van...@gmail.com: In fact this seems to work for any samba or windows machine on the network EXCEPT the Samba 3.4.x PDC. It seems to work for Win 2003 machines, Samba 3.4.x member servers, XP machines, etc. To analyze the problem, first put the entry for PDC1 into both LMHOSTS and hosts files and try: net use \\pdc1. If you still meet the 67 error, something other than name resolution will cause this problem. Look at the Samba log and network capture. My understanding is that XP (and Win 2000/2003) machines are smart enough to use DNS look ups to resolve a windows netbios name to IP in the case that legacy (archaic) Netbios name resolution (WINS, lmhosts, broadcast) methods don't work. NetBIOS name whose prefix is only #20 ,#00 (and #1C in some case) can be resolved by DNS. --- TAKAHASHI Motonobu mo...@samba.gr.jp -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
