Tom Eastep schrieb: > Götz Reinicke wrote: >> Wouter Amsterdam schrieb: >>> L.S., >>> >>> >>> >>> I'm having difficulties joining a Fedora Core 7 Samba server to a >>> Windows 2000 Domain Controller. Both servers are located in a >>> separate subnet which are connected via shorewall (4.0.6). I have >>> configured the policy file to accept all traffic form both subnets >>> and vice versa. This Samba server also runs a Postfix / Dovecot >>> mailserver which succesfully authenticate users on the W2K DC. If I >>> move the Samba server to the same subnet as the W2K DC, joining seems >>> no problem. But when I move the server back to its original subnet >>> and issue the command "net rpc testjoin", the response is "unable to >>> find a suitable server". If I point the command directly to the DC >>> with "net rpc testjoin –S myserver.mydomain.local ", the full output is: >>> >>> >>> >>> [2008/03/12 16:47:04, 0] utils/net_rpc_join.c:net_rpc_join_ok(70) >>> >>> net_rpc_join_ok: failed to get schannel session key from server >>> myserver.mydomain.local for domain MYDOMAIN. Error was >>> NT_STATUS_INVALID_COMPUTER_NAME >>> >>> Join to domain 'MYDOMAIN' is not valid >>> >>> >>> >>> At first is was tempted the blame Samba, but since switching the >>> server between subnets (and so bypassing shorewall) I believe I have >>> misconfigured shorewall. Could shorewall be blocking some >>> broadcasting traffic needed to perform the joining to the domain? >> >> What happens, if you disable shorewall? >> >> What is in the logs? Any blocked packages? > > Shorewall doesn't log any of the Microsoft Networking noise that it > drops or rejects. It did that originally, and we had 100's of newbies > frantically reporting that they were under attack by their own Windows > systems.
I was in a situation where logging was disabled too by default and that was a harder problem to debug. Enabling the logging helped to solve the problem ... so sometimes logging a lot is O.K. (Regarding our problem I had 4GB+ of Logfiles, as some devices flooded the net with broadcasts ...) And may be Wouter Amsterdam enabled logging too? Regards Götz -- Götz Reinicke IT Koordinator Tel. +49 7141 969 420 Fax +49 7141 969 55 420 E-Mail [EMAIL PROTECTED] Filmakademie Baden-Württemberg GmbH Mathildenstr. 20 71638 Ludwigsburg www.filmakademie.de Eintragung Amtsgericht Stuttgart HRB 205016 Vorsitzender des Aufsichtsrats: Dr. Christoph Palmer, MdL, Minister a.D. Geschäftsführer: Prof. Thomas Schadt ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
