Re: samba PDC for WIN2K clients?
Hi Andrew I've managed to get past the initial problems I posted about. I am now able to enter the "Domain" and now clicking "OK" brings up the "Domain Username and Password" dialogue box. However, entering username: root / passwd: root's samba passwd brings up "The specified user does not exist". As a test, I tried it with root and gibberish for a passwd. This returns: "Login Failure: unknown username of bad password". This appears in the logs: # tail /var/log/log.nmbd [2002/10/27 21:30:24, 1] nmbd/nmbd_processlogon.c:process_logon_packet(69) process_logon_packet: Logon from 192.168.1.6: code = 0x12 # The Win2K machine's name is in /etc/passwd (with the $ at the end) as well as in smbpasswd files. I have added a samba account for root (with a different passwd to that of the system) What could be this problem at this stage? Stacey On Mon, 2002-10-21 at 02:32, Andrew Boothman wrote: > Stacey Roberts wrote: > > Hello, > > I've got 2 WIN2K Pro workstations on my home lan that I'd like to > > enable network logon for. I've been banging my head against a wall for > > the last four hours trying to get this sorted, but to no avail. > > > > I keep getting the same error when trying to enter the Domain name into > > the "WORKGROUP" field in Win2K network properties: > > > > "The following error occured validating the name "my_domainname", This > > condition may be caused by a DNS lookup problem. For more information > > about troubleshooting common DNS lookup problems see the following > > Microsoft blah., blah.., blah.., > > > > The specified domain either does not exist or could not be contacted". > > Have you added machine accounts to the FreeBSD box for the client boxes? > > You need machine accounts that look like clientname$ (dollar sign at > end) added both as local accounts and then again with smbpasswd passing > whatever the appropriate switch is to create a machine account. > > I have a FreeBSD box here acting as a PDC so we should be able to find > the problem. > > Andrew. > > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-questions" in the body of the message -- Stacey Roberts B.Sc (HONS) Computer Science Web: www.vickiandstacey.com signature.asc Description: This is a digitally signed message part
Re: IPFW Rules for samba PDC? [WAS: samba PDC for WIN2K clients?]
Hi, I've got a break-through.., I've been testing with new ipfw options and now I'm able to get past entering the "Domain" and clicking "OK". Now I am getting the "Password to log into Domain" dialogue box appear. This is the amended rule that appears to make this work: $fwcmd add 00622 allow log udp from $oip to me 137-139 in via $oif $fwcmd add 00624 allow udp from any to any 137-139 out via $oif However, for now, I'm getting: "The specified user does not exist" when I enter [root] and [root's samba passwd] Any thoughts? Don't think I'm not appreciating your patient efforts to assist me. Cheers! Stacey On Sun, 2002-10-27 at 17:56, D. Penev wrote: > On Sun, Oct 27, 2002 at 10:50:47AM +0000, Stacey Roberts wrote: > >Subject: Re: IPFW Rules for samba PDC? [WAS: samba PDC for WIN2K clients?] > >From: Stacey Roberts <[EMAIL PROTECTED]> > >To: "D. Penev" <[EMAIL PROTECTED]> > >Cc: FreeBSD Questions <[EMAIL PROTECTED]> > >Date: 27 Oct 2002 10:50:47 + > > > >Hi, > > Here's the relevant lines in my firewall: > >00620 allow udp from any to any 137 keep-state out xmit sis0 > >00621 allow tcp from any to any 137 keep-state out xmit sis0 > > Add: > > 00622 allow udp from to any 137,138 keep-state in recv sis0 > > >00623 allow log logamount 10 tcp from to me 137,138 > ^^ use any because > win2k use broadcast > if you don't have > wins server > >keep-state in recv sis0 setup > >00624 allow udp from any to any 138 keep-state out xmit sis0 > >00625 allow tcp from any to any 138 keep-state out xmit sis0 > > > >The output from nbtstat -A : > >"Host not found" > > > >The output from nbtstat -c: > >"No names in cache" > > > >After running both commands, no new entries in /var/log/security appear > >for packets issued from Win2K box. > > > >Hope this helps. > > > >Stacey > > > >On Sun, 2002-10-27 at 07:15, D. Penev wrote: > >> On Sat, Oct 26, 2002 at 10:47:48PM +0100, Stacey Roberts wrote: > >> >Subject: Re: IPFW Rules for samba PDC? [WAS: samba PDC for WIN2K clients?] > >> >From: Stacey Roberts <[EMAIL PROTECTED]> > >> >To: "D. Penev" <[EMAIL PROTECTED]> > >> >Cc: FreeBSD Questions <[EMAIL PROTECTED]> > >> >Date: 26 Oct 2002 22:47:48 +0100 > >> > > >> >Hi, > >> > Thanks for the reply. I should mention that I've made some progress > >> >with my efforts to set up a samba PDC for my Win2K clients. > >> > > >> >First of all I am now able to successfully complete all tests in the > >> >recommended "DIAGNOSTICS.TXT" at > >> >http://hr.uoregon.edu/davidrl/DIAGNOSIS.txt, except:- > >> > > >> >test 8: On the PC type the command "net view \\BIGSERVER" > >> > > >> >Specifically, I am only able to complete this test by using the IP Addr > >> >of the samba server in place of its name. Likewise for test 9 that > >> >follows. > >> > > >> >Recapping, I *am* able to serve share dirs to *NIX clients as well as > >> >the Win2K boxes, with the caveat that for the Windows boxes, I have to > >> >use the IP Addr of the samba server. This is not an issue for other > >> >(*NIX) client hosts. > >> > > >> >Needless to say, I am not as yet able to have the Win2K boxes join the > >> >domain as described in Chapter 9. (How to Configure Samba 2.2 as a > >> >Primary Domain Controller - 9.4.3. Joining the Client to the Domain.4.3. > >> >Joining the Client to the Domain). I still get the MS error when I click > >> >"OK" after entering the domain as defined in smb.conf. > >> > > >> >Hope this presents somewhat a clearer description of the current status > >> >here. Do get back to if you would require more information in assisting > >> >me in resolving this. > >> > >> >From you description of the problem it's looks like that win2k box can't > >> make resolving of names to ip address. That's why I accent to firewall > >> because according to you logs ipfw block port 137, which is used to > >> resolve NetBIOS names to IP address. I make a little test
Re: IPFW Rules for samba PDC? [WAS: samba PDC for WIN2K clients?]
On Sun, Oct 27, 2002 at 10:50:47AM +, Stacey Roberts wrote: Subject: Re: IPFW Rules for samba PDC? [WAS: samba PDC for WIN2K clients?] From: Stacey Roberts <[EMAIL PROTECTED]> To: "D. Penev" <[EMAIL PROTECTED]> Cc: FreeBSD Questions <[EMAIL PROTECTED]> Date: 27 Oct 2002 10:50:47 + Hi, Here's the relevant lines in my firewall: 00620 allow udp from any to any 137 keep-state out xmit sis0 00621 allow tcp from any to any 137 keep-state out xmit sis0 Add: 00622 allow udp from to any 137,138 keep-state in recv sis0 00623 allow log logamount 10 tcp from to me 137,138 ^^ use any because win2k use broadcast if you don't have wins server keep-state in recv sis0 setup 00624 allow udp from any to any 138 keep-state out xmit sis0 00625 allow tcp from any to any 138 keep-state out xmit sis0 The output from nbtstat -A : "Host not found" The output from nbtstat -c: "No names in cache" After running both commands, no new entries in /var/log/security appear for packets issued from Win2K box. Hope this helps. Stacey On Sun, 2002-10-27 at 07:15, D. Penev wrote: On Sat, Oct 26, 2002 at 10:47:48PM +0100, Stacey Roberts wrote: >Subject: Re: IPFW Rules for samba PDC? [WAS: samba PDC for WIN2K clients?] >From: Stacey Roberts <[EMAIL PROTECTED]> >To: "D. Penev" <[EMAIL PROTECTED]> >Cc: FreeBSD Questions <[EMAIL PROTECTED]> >Date: 26 Oct 2002 22:47:48 +0100 > >Hi, > Thanks for the reply. I should mention that I've made some progress >with my efforts to set up a samba PDC for my Win2K clients. > >First of all I am now able to successfully complete all tests in the >recommended "DIAGNOSTICS.TXT" at >http://hr.uoregon.edu/davidrl/DIAGNOSIS.txt, except:- > >test 8: On the PC type the command "net view \\BIGSERVER" > >Specifically, I am only able to complete this test by using the IP Addr >of the samba server in place of its name. Likewise for test 9 that >follows. > >Recapping, I *am* able to serve share dirs to *NIX clients as well as >the Win2K boxes, with the caveat that for the Windows boxes, I have to >use the IP Addr of the samba server. This is not an issue for other >(*NIX) client hosts. > >Needless to say, I am not as yet able to have the Win2K boxes join the >domain as described in Chapter 9. (How to Configure Samba 2.2 as a >Primary Domain Controller - 9.4.3. Joining the Client to the Domain.4.3. >Joining the Client to the Domain). I still get the MS error when I click >"OK" after entering the domain as defined in smb.conf. > >Hope this presents somewhat a clearer description of the current status >here. Do get back to if you would require more information in assisting >me in resolving this. >From you description of the problem it's looks like that win2k box can't make resolving of names to ip address. That's why I accent to firewall because according to you logs ipfw block port 137, which is used to resolve NetBIOS names to IP address. I make a little test and block port 137 on my PDC (Samba 2.2.4 on NetBSD) and results are the same as yours. If that is true (blocking of netbios-ns port) you PDC can't register as domain controler, and workstations when is joined to domain can't find who is PDC for this domain. What are you firewall rules? What's show "nbtstat -A YOU_SAMBA_SERVER" and "nbtstat -c" on win2k box? > >Thanks > >On Sat, 2002-10-26 at 22:26, D. Penev wrote: >> On Mon, Oct 21, 2002 at 07:33:58PM +0100, Stacey Roberts wrote: >> >Subject: IPFW Rules for samba PDC? [WAS: samba PDC for WIN2K clients?] >> >From: Stacey Roberts <[EMAIL PROTECTED]> >> >To: Andrew Boothman <[EMAIL PROTECTED]> >> >Cc: [EMAIL PROTECTED], >> > FreeBSD Questions <[EMAIL PROTECTED]> >> >Date: 21 Oct 2002 19:33:58 +0100 >> > >> >Hello, >> > I'd appreciate some help from anyone who's got samba 2.2.6 running >> >on FreeBSD as a PDC for Win2K client wkstations, please. >> > >> >I'm trying to following the SAMBA How-To at: >> >http://samba.epfl.ch/samba/docs/Samba-HOWTO-Collection.html#AEN60 >> >but fail at the smbclient -L stage: >> > >> ># smbclient -L -N Demon >> >added interface ip=192.168.1.8 bcast=192.168.1.255 nmask=255.255.255.0 >> >Packet send failed to 192.168.1.255(137) ERRNO=Permission denied >> >Connection to -N failed >> ># >> > >> >I get these entries in /var/log/s
Re: IPFW Rules for samba PDC? [WAS: samba PDC for WIN2K clients?]
Hi, Here's the relevant lines in my firewall: 00620 allow udp from any to any 137 keep-state out xmit sis0 00621 allow tcp from any to any 137 keep-state out xmit sis0 00623 allow log logamount 10 tcp from to me 137,138 keep-state in recv sis0 setup 00624 allow udp from any to any 138 keep-state out xmit sis0 00625 allow tcp from any to any 138 keep-state out xmit sis0 The output from nbtstat -A : "Host not found" The output from nbtstat -c: "No names in cache" After running both commands, no new entries in /var/log/security appear for packets issued from Win2K box. Hope this helps. Stacey On Sun, 2002-10-27 at 07:15, D. Penev wrote: > On Sat, Oct 26, 2002 at 10:47:48PM +0100, Stacey Roberts wrote: > >Subject: Re: IPFW Rules for samba PDC? [WAS: samba PDC for WIN2K clients?] > >From: Stacey Roberts <[EMAIL PROTECTED]> > >To: "D. Penev" <[EMAIL PROTECTED]> > >Cc: FreeBSD Questions <[EMAIL PROTECTED]> > >Date: 26 Oct 2002 22:47:48 +0100 > > > >Hi, > > Thanks for the reply. I should mention that I've made some progress > >with my efforts to set up a samba PDC for my Win2K clients. > > > >First of all I am now able to successfully complete all tests in the > >recommended "DIAGNOSTICS.TXT" at > >http://hr.uoregon.edu/davidrl/DIAGNOSIS.txt, except:- > > > >test 8: On the PC type the command "net view \\BIGSERVER" > > > >Specifically, I am only able to complete this test by using the IP Addr > >of the samba server in place of its name. Likewise for test 9 that > >follows. > > > >Recapping, I *am* able to serve share dirs to *NIX clients as well as > >the Win2K boxes, with the caveat that for the Windows boxes, I have to > >use the IP Addr of the samba server. This is not an issue for other > >(*NIX) client hosts. > > > >Needless to say, I am not as yet able to have the Win2K boxes join the > >domain as described in Chapter 9. (How to Configure Samba 2.2 as a > >Primary Domain Controller - 9.4.3. Joining the Client to the Domain.4.3. > >Joining the Client to the Domain). I still get the MS error when I click > >"OK" after entering the domain as defined in smb.conf. > > > >Hope this presents somewhat a clearer description of the current status > >here. Do get back to if you would require more information in assisting > >me in resolving this. > > >From you description of the problem it's looks like that win2k box can't > make resolving of names to ip address. That's why I accent to firewall > because according to you logs ipfw block port 137, which is used to > resolve NetBIOS names to IP address. I make a little test and block port > 137 on my PDC (Samba 2.2.4 on NetBSD) and results are the same as yours. > If that is true (blocking of netbios-ns port) you PDC can't register > as domain controler, and workstations when is joined to domain can't find > who is PDC for this domain. > What are you firewall rules? > What's show "nbtstat -A YOU_SAMBA_SERVER" and "nbtstat -c" on win2k box? > > > > >Thanks > > > >On Sat, 2002-10-26 at 22:26, D. Penev wrote: > >> On Mon, Oct 21, 2002 at 07:33:58PM +0100, Stacey Roberts wrote: > >> >Subject: IPFW Rules for samba PDC? [WAS: samba PDC for WIN2K clients?] > >> >From: Stacey Roberts <[EMAIL PROTECTED]> > >> >To: Andrew Boothman <[EMAIL PROTECTED]> > >> >Cc: [EMAIL PROTECTED], > >> > FreeBSD Questions <[EMAIL PROTECTED]> > >> >Date: 21 Oct 2002 19:33:58 +0100 > >> > > >> >Hello, > >> > I'd appreciate some help from anyone who's got samba 2.2.6 running > >> >on FreeBSD as a PDC for Win2K client wkstations, please. > >> > > >> >I'm trying to following the SAMBA How-To at: > >> >http://samba.epfl.ch/samba/docs/Samba-HOWTO-Collection.html#AEN60 > >> >but fail at the smbclient -L stage: > >> > > >> ># smbclient -L -N Demon > >> >added interface ip=192.168.1.8 bcast=192.168.1.255 nmask=255.255.255.0 > >> >Packet send failed to 192.168.1.255(137) ERRNO=Permission denied > >> >Connection to -N failed > >> ># > >> > > >> >I get these entries in /var/log/security: > >> >Oct 21 19:31:08 Demon /kernel: ipfw: 910 Deny UDP :2308 > >> >:137 out via sis0 > >> > >> You firewall blocks packets to port 137 (netbios-ns). That's > >> why you can access samba server with ip address and not by name. > >> > &
Re: IPFW Rules for samba PDC? [WAS: samba PDC for WIN2K clients?]
On Sat, Oct 26, 2002 at 10:47:48PM +0100, Stacey Roberts wrote: Subject: Re: IPFW Rules for samba PDC? [WAS: samba PDC for WIN2K clients?] From: Stacey Roberts <[EMAIL PROTECTED]> To: "D. Penev" <[EMAIL PROTECTED]> Cc: FreeBSD Questions <[EMAIL PROTECTED]> Date: 26 Oct 2002 22:47:48 +0100 Hi, Thanks for the reply. I should mention that I've made some progress with my efforts to set up a samba PDC for my Win2K clients. First of all I am now able to successfully complete all tests in the recommended "DIAGNOSTICS.TXT" at http://hr.uoregon.edu/davidrl/DIAGNOSIS.txt, except:- test 8: On the PC type the command "net view \\BIGSERVER" Specifically, I am only able to complete this test by using the IP Addr of the samba server in place of its name. Likewise for test 9 that follows. Recapping, I *am* able to serve share dirs to *NIX clients as well as the Win2K boxes, with the caveat that for the Windows boxes, I have to use the IP Addr of the samba server. This is not an issue for other (*NIX) client hosts. Needless to say, I am not as yet able to have the Win2K boxes join the domain as described in Chapter 9. (How to Configure Samba 2.2 as a Primary Domain Controller - 9.4.3. Joining the Client to the Domain.4.3. Joining the Client to the Domain). I still get the MS error when I click "OK" after entering the domain as defined in smb.conf. Hope this presents somewhat a clearer description of the current status here. Do get back to if you would require more information in assisting me in resolving this. From you description of the problem it's looks like that win2k box can't make resolving of names to ip address. That's why I accent to firewall because according to you logs ipfw block port 137, which is used to resolve NetBIOS names to IP address. I make a little test and block port 137 on my PDC (Samba 2.2.4 on NetBSD) and results are the same as yours. If that is true (blocking of netbios-ns port) you PDC can't register as domain controler, and workstations when is joined to domain can't find who is PDC for this domain. What are you firewall rules? What's show "nbtstat -A YOU_SAMBA_SERVER" and "nbtstat -c" on win2k box? Thanks On Sat, 2002-10-26 at 22:26, D. Penev wrote: On Mon, Oct 21, 2002 at 07:33:58PM +0100, Stacey Roberts wrote: >Subject: IPFW Rules for samba PDC? [WAS: samba PDC for WIN2K clients?] >From: Stacey Roberts <[EMAIL PROTECTED]> >To: Andrew Boothman <[EMAIL PROTECTED]> >Cc: [EMAIL PROTECTED], > FreeBSD Questions <[EMAIL PROTECTED]> >Date: 21 Oct 2002 19:33:58 +0100 > >Hello, > I'd appreciate some help from anyone who's got samba 2.2.6 running >on FreeBSD as a PDC for Win2K client wkstations, please. > >I'm trying to following the SAMBA How-To at: >http://samba.epfl.ch/samba/docs/Samba-HOWTO-Collection.html#AEN60 >but fail at the smbclient -L stage: > ># smbclient -L -N Demon >added interface ip=192.168.1.8 bcast=192.168.1.255 nmask=255.255.255.0 >Packet send failed to 192.168.1.255(137) ERRNO=Permission denied >Connection to -N failed ># > >I get these entries in /var/log/security: >Oct 21 19:31:08 Demon /kernel: ipfw: 910 Deny UDP :2308 >:137 out via sis0 You firewall blocks packets to port 137 (netbios-ns). That's why you can access samba server with ip address and not by name. > >Please help me out here. > >Stacey > >On Mon, 2002-10-21 at 02:32, Andrew Boothman wrote: >> Stacey Roberts wrote: >> > Hello, >> > I've got 2 WIN2K Pro workstations on my home lan that I'd like to >> > enable network logon for. I've been banging my head against a wall for >> > the last four hours trying to get this sorted, but to no avail. >> > >> > I keep getting the same error when trying to enter the Domain name into >> > the "WORKGROUP" field in Win2K network properties: >> > >> > "The following error occured validating the name "my_domainname", This >> > condition may be caused by a DNS lookup problem. For more information >> > about troubleshooting common DNS lookup problems see the following >> > Microsoft blah., blah.., blah.., >> > >> > The specified domain either does not exist or could not be contacted". >> >> Have you added machine accounts to the FreeBSD box for the client boxes? >> >> You need machine accounts that look like clientname$ (dollar sign at >> end) added both as local accounts and then again with smbpasswd passing >> whatever the appropriate switch is to create a machine account. >> >> I have a FreeBSD box here acting as a PDC so we should be able to find >> the problem. >> &
Re: IPFW Rules for samba PDC? [WAS: samba PDC for WIN2K clients?]
Hi, Thanks for the reply. I should mention that I've made some progress with my efforts to set up a samba PDC for my Win2K clients. First of all I am now able to successfully complete all tests in the recommended "DIAGNOSTICS.TXT" at http://hr.uoregon.edu/davidrl/DIAGNOSIS.txt, except:- test 8: On the PC type the command "net view \\BIGSERVER" Specifically, I am only able to complete this test by using the IP Addr of the samba server in place of its name. Likewise for test 9 that follows. Recapping, I *am* able to serve share dirs to *NIX clients as well as the Win2K boxes, with the caveat that for the Windows boxes, I have to use the IP Addr of the samba server. This is not an issue for other (*NIX) client hosts. Needless to say, I am not as yet able to have the Win2K boxes join the domain as described in Chapter 9. (How to Configure Samba 2.2 as a Primary Domain Controller - 9.4.3. Joining the Client to the Domain.4.3. Joining the Client to the Domain). I still get the MS error when I click "OK" after entering the domain as defined in smb.conf. Hope this presents somewhat a clearer description of the current status here. Do get back to if you would require more information in assisting me in resolving this. Thanks On Sat, 2002-10-26 at 22:26, D. Penev wrote: > On Mon, Oct 21, 2002 at 07:33:58PM +0100, Stacey Roberts wrote: > >Subject: IPFW Rules for samba PDC? [WAS: samba PDC for WIN2K clients?] > >From: Stacey Roberts <[EMAIL PROTECTED]> > >To: Andrew Boothman <[EMAIL PROTECTED]> > >Cc: [EMAIL PROTECTED], > > FreeBSD Questions <[EMAIL PROTECTED]> > >Date: 21 Oct 2002 19:33:58 +0100 > > > >Hello, > > I'd appreciate some help from anyone who's got samba 2.2.6 running > >on FreeBSD as a PDC for Win2K client wkstations, please. > > > >I'm trying to following the SAMBA How-To at: > >http://samba.epfl.ch/samba/docs/Samba-HOWTO-Collection.html#AEN60 > >but fail at the smbclient -L stage: > > > ># smbclient -L -N Demon > >added interface ip=192.168.1.8 bcast=192.168.1.255 nmask=255.255.255.0 > >Packet send failed to 192.168.1.255(137) ERRNO=Permission denied > >Connection to -N failed > ># > > > >I get these entries in /var/log/security: > >Oct 21 19:31:08 Demon /kernel: ipfw: 910 Deny UDP :2308 > >:137 out via sis0 > > You firewall blocks packets to port 137 (netbios-ns). That's > why you can access samba server with ip address and not by name. > > > > >Please help me out here. > > > >Stacey > > > >On Mon, 2002-10-21 at 02:32, Andrew Boothman wrote: > >> Stacey Roberts wrote: > >> > Hello, > >> > I've got 2 WIN2K Pro workstations on my home lan that I'd like to > >> > enable network logon for. I've been banging my head against a wall for > >> > the last four hours trying to get this sorted, but to no avail. > >> > > >> > I keep getting the same error when trying to enter the Domain name into > >> > the "WORKGROUP" field in Win2K network properties: > >> > > >> > "The following error occured validating the name "my_domainname", This > >> > condition may be caused by a DNS lookup problem. For more information > >> > about troubleshooting common DNS lookup problems see the following > >> > Microsoft blah., blah.., blah.., > >> > > >> > The specified domain either does not exist or could not be contacted". > >> > >> Have you added machine accounts to the FreeBSD box for the client boxes? > >> > >> You need machine accounts that look like clientname$ (dollar sign at > >> end) added both as local accounts and then again with smbpasswd passing > >> whatever the appropriate switch is to create a machine account. > >> > >> I have a FreeBSD box here acting as a PDC so we should be able to find > >> the problem. > >> > >> Andrew. > >> > >> > >> To Unsubscribe: send mail to [EMAIL PROTECTED] > >> with "unsubscribe freebsd-questions" in the body of the message > >-- > >Stacey Roberts > >B.Sc (HONS) Computer Science > > > >Web: www.vickiandstacey.com > > > > > > -- > Regards, > D. Penev > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-questions" in the body of the message -- Stacey Roberts B.Sc (HONS) Computer Science Web: www.vickiandstacey.com signature.asc Description: This is a digitally signed message part
Re: IPFW Rules for samba PDC? [WAS: samba PDC for WIN2K clients?]
On Mon, Oct 21, 2002 at 07:33:58PM +0100, Stacey Roberts wrote: Subject: IPFW Rules for samba PDC? [WAS: samba PDC for WIN2K clients?] From: Stacey Roberts <[EMAIL PROTECTED]> To: Andrew Boothman <[EMAIL PROTECTED]> Cc: [EMAIL PROTECTED], FreeBSD Questions <[EMAIL PROTECTED]> Date: 21 Oct 2002 19:33:58 +0100 Hello, I'd appreciate some help from anyone who's got samba 2.2.6 running on FreeBSD as a PDC for Win2K client wkstations, please. I'm trying to following the SAMBA How-To at: http://samba.epfl.ch/samba/docs/Samba-HOWTO-Collection.html#AEN60 but fail at the smbclient -L stage: # smbclient -L -N Demon added interface ip=192.168.1.8 bcast=192.168.1.255 nmask=255.255.255.0 Packet send failed to 192.168.1.255(137) ERRNO=Permission denied Connection to -N failed # I get these entries in /var/log/security: Oct 21 19:31:08 Demon /kernel: ipfw: 910 Deny UDP :2308 :137 out via sis0 You firewall blocks packets to port 137 (netbios-ns). That's why you can access samba server with ip address and not by name. Please help me out here. Stacey On Mon, 2002-10-21 at 02:32, Andrew Boothman wrote: Stacey Roberts wrote: > Hello, > I've got 2 WIN2K Pro workstations on my home lan that I'd like to > enable network logon for. I've been banging my head against a wall for > the last four hours trying to get this sorted, but to no avail. > > I keep getting the same error when trying to enter the Domain name into > the "WORKGROUP" field in Win2K network properties: > > "The following error occured validating the name "my_domainname", This > condition may be caused by a DNS lookup problem. For more information > about troubleshooting common DNS lookup problems see the following > Microsoft blah., blah.., blah.., > > The specified domain either does not exist or could not be contacted". Have you added machine accounts to the FreeBSD box for the client boxes? You need machine accounts that look like clientname$ (dollar sign at end) added both as local accounts and then again with smbpasswd passing whatever the appropriate switch is to create a machine account. I have a FreeBSD box here acting as a PDC so we should be able to find the problem. Andrew. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message -- Stacey Roberts B.Sc (HONS) Computer Science Web: www.vickiandstacey.com -- Regards, D. Penev To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: samba PDC for WIN2K clients?
On Sat, 2002-10-26 at 16:30, Roman Neuhauser wrote: > # [EMAIL PROTECTED] / 2002-10-26 16:00:57 +0100: > > I've been working my way through the smaba recommended "DIAGNOSTICS.TXT" > > procedures, and find that I am able to successfully complete all > > except:- > > > > Test 8 - On the PC type the command "net view \\BIGSERVER". > > Here the only way this works is if I use the IP Addr of the samba server > > instead of its name (FQDN or not). > > the name has nothing to do with DNS, so qualifying it won't do you > any good. any router or switch between the two boxes? if so, they > won't see each other *unless* you enable "transport netbios over > tcp/ip" in the windows network control panel. beware of the security > implications. > At this point, the only device between the Win2K box and the FBSD samba samba server is a dumb 10/100 switch. NBT is already enabled on the Win2K box (by default, I believe). Anything else you recommend I look at? Stacey > -- > If you cc me or take the list(s) out completely I'll most likely > ignore your message. -- Stacey Roberts B.Sc (HONS) Computer Science Web: www.vickiandstacey.com signature.asc Description: This is a digitally signed message part
Re: samba PDC for WIN2K clients?
# [EMAIL PROTECTED] / 2002-10-26 16:00:57 +0100: > I've been working my way through the smaba recommended "DIAGNOSTICS.TXT" > procedures, and find that I am able to successfully complete all > except:- > > Test 8 - On the PC type the command "net view \\BIGSERVER". > Here the only way this works is if I use the IP Addr of the samba server > instead of its name (FQDN or not). the name has nothing to do with DNS, so qualifying it won't do you any good. any router or switch between the two boxes? if so, they won't see each other *unless* you enable "transport netbios over tcp/ip" in the windows network control panel. beware of the security implications. -- If you cc me or take the list(s) out completely I'll most likely ignore your message. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: samba PDC for WIN2K clients?
Hi Andrew, Sorry about not getting back to you earlier on this. I've already got the machine accounts set in in etc/passwd & smbpasswd files. I've been working my way through the smaba recommended "DIAGNOSTICS.TXT" procedures, and find that I am able to successfully complete all except:- Test 8 - On the PC type the command "net view \\BIGSERVER". Here the only way this works is if I use the IP Addr of the samba server instead of its name (FQDN or not). Test 9 - Run the command "net use x: \\BIGSERVER\TMP" Same as above for this test too. I am only able to run this using the IP Addr from the Win2K box. >From test 8 onwards, I am able to see the shared dirs from the Win2K box in Windows Explorer under their respective desginated drives letters. Like I said even with this (limited success) in place, I am still unable to get past selecting "Domain" in the "Identification Changes" tab in "Network Identification". When I enter the domain name configured in smb.conf and hit "OK", I get the Microsoft error detailed in my earlier post. I'd really like to get sorted out, so if you'd require my sending (off-list) you my smb.conf file, or anything else that might prove useful in diagnosing this problem, please let me know. Thanks again for taking the time to respond. Stacey On Mon, 2002-10-21 at 02:32, Andrew Boothman wrote: > Stacey Roberts wrote: > > Hello, > > I've got 2 WIN2K Pro workstations on my home lan that I'd like to > > enable network logon for. I've been banging my head against a wall for > > the last four hours trying to get this sorted, but to no avail. > > > > I keep getting the same error when trying to enter the Domain name into > > the "WORKGROUP" field in Win2K network properties: > > > > "The following error occured validating the name "my_domainname", This > > condition may be caused by a DNS lookup problem. For more information > > about troubleshooting common DNS lookup problems see the following > > Microsoft blah., blah.., blah.., > > > > The specified domain either does not exist or could not be contacted". > > Have you added machine accounts to the FreeBSD box for the client boxes? > > You need machine accounts that look like clientname$ (dollar sign at > end) added both as local accounts and then again with smbpasswd passing > whatever the appropriate switch is to create a machine account. > > I have a FreeBSD box here acting as a PDC so we should be able to find > the problem. > > Andrew. > > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-questions" in the body of the message -- Stacey Roberts B.Sc (HONS) Computer Science Web: www.vickiandstacey.com signature.asc Description: This is a digitally signed message part
Re: samba PDC for WIN2K clients?
On Mon, Oct 21, 2002 at 06:07:44AM +0100, Stacey Roberts wrote: Subject: Re: samba PDC for WIN2K clients? From: Stacey Roberts <[EMAIL PROTECTED]> To: Andrew Boothman <[EMAIL PROTECTED]> Cc: [EMAIL PROTECTED], FreeBSD Questions <[EMAIL PROTECTED]> Date: 21 Oct 2002 06:07:44 +0100 Hi Andrew, Thanks for getting back to me. I tried getting the machine account added to smbpasswd file, but this fails: # smbpasswd -m -n -a LDAPS option set...! fetch_ldap_pw: no ldap secret retrieved! ldap_connect_system: Failed to retrieve password for from secrets.tdb LDAPS option set...! fetch_ldap_pw: no ldap secret retrieved! ldap_connect_system: Failed to retrieve password for from secrets.tdb Failed to add entry for user . Failed to modify password entry for user # Is the syntax for adding the account correct here? Thanks again, hope to hear from you again soon. Stacey On Mon, 2002-10-21 at 02:32, Andrew Boothman wrote: Stacey Roberts wrote: > Hello, > I've got 2 WIN2K Pro workstations on my home lan that I'd like to > enable network logon for. I've been banging my head against a wall for > the last four hours trying to get this sorted, but to no avail. > > I keep getting the same error when trying to enter the Domain name into > the "WORKGROUP" field in Win2K network properties: > > "The following error occured validating the name "my_domainname", This > condition may be caused by a DNS lookup problem. For more information > about troubleshooting common DNS lookup problems see the following > Microsoft blah., blah.., blah.., Do you enable NBT on adapter? It seems that win2k box attempt to use dns not wins for resolving names. The standard way to add machine account is to use join to domain function from windows box because if you manual add this account windows box doesn't know what is the password for account. > > The specified domain either does not exist or could not be contacted". Have you added machine accounts to the FreeBSD box for the client boxes? You need machine accounts that look like clientname$ (dollar sign at end) added both as local accounts and then again with smbpasswd passing whatever the appropriate switch is to create a machine account. I have a FreeBSD box here acting as a PDC so we should be able to find the problem. Andrew. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message -- Stacey Roberts B.Sc (HONS) Computer Science Web: www.vickiandstacey.com -- Regards, D. Penev To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: samba PDC for WIN2K clients?
Stacey Roberts wrote: Hello, I've got 2 WIN2K Pro workstations on my home lan that I'd like to enable network logon for. I've been banging my head against a wall for the last four hours trying to get this sorted, but to no avail. I keep getting the same error when trying to enter the Domain name into the "WORKGROUP" field in Win2K network properties: "The following error occured validating the name "my_domainname", This condition may be caused by a DNS lookup problem. For more information about troubleshooting common DNS lookup problems see the following Microsoft blah., blah.., blah.., The specified domain either does not exist or could not be contacted". Have you added machine accounts to the FreeBSD box for the client boxes? You need machine accounts that look like clientname$ (dollar sign at end) added both as local accounts and then again with smbpasswd passing whatever the appropriate switch is to create a machine account. I have a FreeBSD box here acting as a PDC so we should be able to find the problem. Andrew. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
samba PDC for WIN2K clients?
Hello, I've got 2 WIN2K Pro workstations on my home lan that I'd like to enable network logon for. I've been banging my head against a wall for the last four hours trying to get this sorted, but to no avail. I keep getting the same error when trying to enter the Domain name into the "WORKGROUP" field in Win2K network properties: "The following error occured validating the name "my_domainname", This condition may be caused by a DNS lookup problem. For more information about troubleshooting common DNS lookup problems see the following Microsoft blah., blah.., blah.., The specified domain either does not exist or could not be contacted". Here's what I've got in smb.conf: Global Settings: [global] # workgroup = NT-Domain-Name or Workgroup-Name, eg: REDHAT4 workgroup = # server string is the equivalent of the NT Description field server string = Samba Server hosts allow = 192.168.1 127. domain admin group = @wheel security = user encrypt passwords = yes socket options = TCP_NODELAY local master = yes os level = 255 preferred master = yes domain logons = yes # if you enable domain logons then you may want a per-machine or # per user logon script # run a specific logon batch file per workstation (machine) ; logon script = %m.bat # run a specific logon batch file per username ; logon script = %U.bat # Where to store roving profiles (only for Win95 and WinNT) #%L substitutes for this servers netbios name, %U is username #You must uncomment the [Profiles] share below ; logon path = \\%L\Profiles\%U # Windows Internet Name Serving Support Section: # WINS Support - Tells the NMBD component of Samba to enable it's WINS Server wins support = yes [homes] comment = Home Directories browseable = no writeable = yes # Un-comment the following and create the netlogon directory for Domain Logons [netlogon] comment = Network Logon Service path = /usr/local/samba/lib/netlogon guest ok = no writeable = no share modes = no To begin with I added a user in /etc/passwd for one of the machines: :*:1003:1000::/non:/nonexistent Here's what smbstatus gives: # smbstatus Samba version 2.2.6 Service uid gid pid machine -- No locked files # And this is what syslog has: # tail /var/log/log.smbd [2002/10/20 23:36:24, 0] smbd/server.c:main(707) smbd version 2.2.6 started. Copyright Andrew Tridgell and the Samba Team 1992-2002 [2002/10/20 23:36:24, 0] printing/print_cups.c:cups_printer_fn(110) Unable to connect to CUPS server localhost - Connection refused [2002/10/20 23:36:34, 0] smbd/server.c:main(707) smbd version 2.2.6 started. Copyright Andrew Tridgell and the Samba Team 1992-2002 [2002/10/20 23:36:34, 0] printing/print_cups.c:cups_printer_fn(110) Unable to connect to CUPS server localhost - Connection refused # I've not got printing set up on the FBSD box as yet, so I'm thinking that the above errors for CUPS aren't a problem, but I could be wrong.., I've tried googling, and checking samba's docs (mostly for £inux), and Microsoft help, but I'm not any clearer on how to proceed. I'd appreciate any assistance, pointers to a "the secret FBSD" doc somewhere that gives at least a minimal setup from which to start.., TIA Stacey -- Stacey Roberts B.Sc (HONS) Computer Science Web: www.vickiandstacey.com signature.asc Description: This is a digitally signed message part