Re: wbinfo -t and Win2K DCs ...

2002-05-03 Thread abartlet 

On Fri, May 03, 2002 at 09:38:33AM +0930, Richard Sharpe wrote:
 Hi,
 
 I have run into a spot of bother with wbinfo and Win2K.
 
 We run Samba as a member server from a Win2K DC.
 
 We join the DC correctly, but wbinfo -t does not work.

Then you have not joined the domain corrrectly...

 This seems to be because the WINS server running on the Win2K DC will not 
 answer queries looking for DOMAIN#1c.
 
 However, I know we have joined because wbinfo -u works.

Is this in Samba 2.2 or 3.0?  wbinfo -u works without a correct domain join
in 2.2 - becouse the operations are done anonymously.

 Has anyone seen this? Is there a solution on the DC, or do I have to hack 
 winbindd to be able to look up the DC correctly?

I think you have not joined the domain correctly - it can't be wins if
wbinfo -u is working.

Andrew Bartlett

RE: wbinfo -t and Win2K DCs ...

2002-05-03 Thread Esh, Andrew 
Title: RE: wbinfo -t and Win2K DCs ...





This doesn't match my results. I get good wbinfo replies when I have Samba 2.2.3a joined into a Win2K domain. In fact, we did a bunch of domain controller failure testing in such a domain, to make sure we had our solution right. We didn't see any difference between Win2K and our WinNT results, as far as authentication goes. (We noticed Microsoft removed the NET ACCOUNTS /SYNC command in Win2K, which made testing harder, but that's another story.)

I am also certain that Win2K domain controllers advertise the #1c service.


Here's a PDC I use for testing which runs Win2K (os version 5.0):


[root@pluto source]# rpcclient //PDCNATIVE -W ENDURONATIVE -U Administrator -c srvinfo
...
Domain=[ENDURONATIVE] OS=[Windows 5.0] Server=[Windows 2000 LAN Manager]
cmd = srvinfo
srvinfo
 PDCNATIVE Wk Sv PDC Tim NT LMB 
 platform_id : 500
 os version : 5.0
 server type : 0x204102b


And this shows that it registers the #1c service:


[root@pluto source]# nmblookup -A 10.10.16.21
Looking up status of 10.10.16.21
 PDCNATIVE 00 - M ACTIVE 
 ENDURONATIVE 00 - GROUP M ACTIVE 
 ENDURONATIVE 1c - GROUP M ACTIVE 
 PDCNATIVE 20 - M ACTIVE 
 ENDURONATIVE 1b - M ACTIVE 
 ENDURONATIVE 1e - GROUP M ACTIVE 
 PDCNATIVE 03 - M ACTIVE 
 ENDURONATIVE 1d - M ACTIVE 
 ..__MSBROWSE__. 01 - GROUP M ACTIVE 
 INet~Services 1c - GROUP M ACTIVE 
 IS~PDCNATIVE 00 - M ACTIVE 


Here's my advice:


Do an nmblookup (as above) on your PDC. You can also use nbtstat on Windows the same way. Look for a listing of the #1c service, and make sure it's not marked with a Conflict or Deregistered flag. I have had two different domain controllers in different domains wind up with their Conflict flag set, which caused Samba authentication not to happen. If you have a conflict, try rebooting the PDC. If the #1c service is not listed, try rebooting.

Also, log level 10 during a wbinfo -t may help you to understand why it's failing.


-Original Message-
From: Richard Sharpe [mailto:[EMAIL PROTECTED]]
Sent: Thursday, May 02, 2002 7:09 PM
To: [EMAIL PROTECTED]
Subject: wbinfo -t and Win2K DCs ...



Hi,


I have run into a spot of bother with wbinfo and Win2K.


We run Samba as a member server from a Win2K DC.


We join the DC correctly, but wbinfo -t does not work.


This seems to be because the WINS server running on the Win2K DC will not 
answer queries looking for DOMAIN#1c.


However, I know we have joined because wbinfo -u works.


Has anyone seen this? Is there a solution on the DC, or do I have to hack 
winbindd to be able to look up the DC correctly?

Regards
-
Richard Sharpe, [EMAIL PROTECTED], [EMAIL PROTECTED], 
[EMAIL PROTECTED]