RE: [Samba] Domain logins across subnets
I have had this problem even with a MS Windows DC. I now have a OSX Panther server as my DC. If you don't have a WINS server then you need to create a lmhosts file on each workstation. Test it with one client and put the lmhosts file in the c:\windows\system32\drivers\etc folder There is one there already called lmhosts.sam so just take the file extension off then add this line to the bottom DC ip address registered name domain name 111.111.111.111 dom-controller #PRE #DOM:my-domain Mine is 129.???.???.??? Cancer #PRE #DOM:cruk This is on evevery PC anyway whether its on my subnet or not and it works. Other people will come up with other suggestions but you'll spend hours at them and they probably wont work cos I did 8 years ago! Regards Paul > -Original Message- > From: John Paul [mailto:[EMAIL PROTECTED] > Sent: Monday 19 February 2007 19:26 > To: samba@lists.samba.org > Subject: [Samba] Domain logins across subnets > > > Greetings, > > My environment is Samba 3.0.23d as a PDC, password backend is > OpenLDAP 2.3.27, running on SuSE 10.1; workstations are > Windows XP SP2, all recent patches applied. All machines are > on the same Class B private IP network. Domain logons > function perfectly, performance is very nice. For security > and performance reasons we are looking at dividing the > network into many VLANS, each with its own IP subnet. > > On the testing network, a very strange thing is happening. > When the workstation is on the Class B subnet, all functions > work perfectly - Adding machine to domain, logging in, > mapping drive to samba server, etc. However, when placed on > the test VLAN (a class C private IP subnet) some of this > functionality goes away. I can ping the DC (meaning the > packets are correctly routed). > I can resolve the DC name to its IP (meaning name resolution > across the subnet is working), I can resolve my own > workstation name to the correct IP. However, when I try to > add this machine to the domain, I get the following error: > > The following error occurred attempting to join the domain "DOMAIN" > > Logon Failure: unknown user name or bad password. > > Of course I'm using the same user name and password (root) as > I use when on the Class B subnet. When I attempt to map a > drive, I get "System error 1326 has occurred - Logon failure: > unknown user name or bad password." Stranger yet is that > every 5 or so times, this all works perfectly. > > I've considered problems with the switching hardware, > however, I set the workstation to ping the DC constantly for > like 4 hours and not a single packet was dropped. There is > nothing strange about the setup, it's really very simple. > All other services function perfectly between the VLANS. I > also tried adding a VLAN on our production network using the > production DC with the exact same results. > > I should add that on the testing network, although the > logical layout is similar, we do not have a DHCP server so > all address assignments are done by hand. However, when we > move the workstation from one subnet to another, we are > careful to put the workstation in the correct subnet and make > sure that the WINS server is set correctly. > > I've attached my smb.conf. If any party is interested in > further diagnosing the problem I'll be happy spend as much > time as necessary to provide the information you might need. > > Here's my smb.conf (names have been changed to protect the guilty) > > [global] > interfaces = eth0 lo > bind interfaces only = yes > workgroup = DOMAIN > server string = "Domain Controller" > passdb backend = ldapsam:ldap://127.0.0.1 log level = 1 > syslog = 0 log file = /usr/local/samba/var/log.%m max log > size = 2500 name resolve order = wins hosts bcast time server > = Yes show add printer wizard = No add user script = > /var/lib/samba/sbin/smbldap-useradd.pl -a -m '%u' > delete user script = /var/lib/samba/sbin/smbldap-userdel.pl > '%u' > add group script = /var/lib/samba/sbin/smbldap-groupadd.pl -p '%g' > delete group script = /var/lib/samba/sbin/smbldap-groupdel.pl > '%g' > add user to group script = > /var/lib/samba/sbin/smbldap-groupmod.pl -m '%u' '%g' > delete user from group script = > /var/lib/samba/sbin/smbldap-groupmod.pl -x '%u' '%g' > set primary group script = > /var/lib/samba/sbin/smbldap-usermod.pl -g '%g' '%u' > add machine script = /var/lib/samba/sbin/smbldap-useradd.pl -w '%u' > logon script = netlogon.cmd > logon path = \\dc\profiles\%U ( file://\dcU ) logon home = &
[Samba] Domain logins across subnets
Greetings, My environment is Samba 3.0.23d as a PDC, password backend is OpenLDAP 2.3.27, running on SuSE 10.1; workstations are Windows XP SP2, all recent patches applied. All machines are on the same Class B private IP network. Domain logons function perfectly, performance is very nice. For security and performance reasons we are looking at dividing the network into many VLANS, each with its own IP subnet. On the testing network, a very strange thing is happening. When the workstation is on the Class B subnet, all functions work perfectly - Adding machine to domain, logging in, mapping drive to samba server, etc. However, when placed on the test VLAN (a class C private IP subnet) some of this functionality goes away. I can ping the DC (meaning the packets are correctly routed). I can resolve the DC name to its IP (meaning name resolution across the subnet is working), I can resolve my own workstation name to the correct IP. However, when I try to add this machine to the domain, I get the following error: The following error occurred attempting to join the domain "DOMAIN" Logon Failure: unknown user name or bad password. Of course I'm using the same user name and password (root) as I use when on the Class B subnet. When I attempt to map a drive, I get "System error 1326 has occurred - Logon failure: unknown user name or bad password." Stranger yet is that every 5 or so times, this all works perfectly. I've considered problems with the switching hardware, however, I set the workstation to ping the DC constantly for like 4 hours and not a single packet was dropped. There is nothing strange about the setup, it's really very simple. All other services function perfectly between the VLANS. I also tried adding a VLAN on our production network using the production DC with the exact same results. I should add that on the testing network, although the logical layout is similar, we do not have a DHCP server so all address assignments are done by hand. However, when we move the workstation from one subnet to another, we are careful to put the workstation in the correct subnet and make sure that the WINS server is set correctly. I've attached my smb.conf. If any party is interested in further diagnosing the problem I'll be happy spend as much time as necessary to provide the information you might need. Here's my smb.conf (names have been changed to protect the guilty) [global] interfaces = eth0 lo bind interfaces only = yes workgroup = DOMAIN server string = "Domain Controller" passdb backend = ldapsam:ldap://127.0.0.1 log level = 1 syslog = 0 log file = /usr/local/samba/var/log.%m max log size = 2500 name resolve order = wins hosts bcast time server = Yes show add printer wizard = No add user script = /var/lib/samba/sbin/smbldap-useradd.pl -a -m '%u' delete user script = /var/lib/samba/sbin/smbldap-userdel.pl '%u' add group script = /var/lib/samba/sbin/smbldap-groupadd.pl -p '%g' delete group script = /var/lib/samba/sbin/smbldap-groupdel.pl '%g' add user to group script = /var/lib/samba/sbin/smbldap-groupmod.pl -m '%u' '%g' delete user from group script = /var/lib/samba/sbin/smbldap-groupmod.pl -x '%u' '%g' set primary group script = /var/lib/samba/sbin/smbldap-usermod.pl -g '%g' '%u' add machine script = /var/lib/samba/sbin/smbldap-useradd.pl -w '%u' logon script = netlogon.cmd logon path = \\dc\profiles\%U ( file://\dcU ) logon home = \\dc\profiles\%U ( file://\dcU ) domain logons = Yes os level = 75 preferred master = Yes domain master = Yes wins support = Yes ldap admin dn = cn=Manager,dc=example,dc=org ldap group suffix = ou=group ldap idmap suffix = ou=Idmap ldap machine suffix = ou=people ldap suffix = dc=example,dc=org ldap user suffix = ou=people idmap backend = ldap://127.0.0.1 idmap uid = 1-2 idmap gid = 1-2 profile acls = Yes map acl inherit = Yes [netlogon] comment = "Net logon share" path = /netlogon write list = root [profiles] comment = "Roaming profile share" path = /profiles read only = No hide files = /desktop.ini/Desktop.ini/DESKTOP.INI/ csc policy = disable create mask = 0700 force create mode = 0700 directory mask = 0700 force directory mode = 0700 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Domain logins across subnets
Greetings, My environment is Samba 3.0.23d as a PDC, password backend is OpenLDAP 2.3.27, running on SuSE 10.1; workstations are Windows XP SP2, all recent patches applied. All machines are on the same Class B private IP network. Domain logons function perfectly, performance is very nice. For security and performance reasons we are looking at dividing the network into many VLANS, each with its own IP subnet. On the testing network, a very strange thing is happening. When the workstation is on the Class B subnet, all functions work perfectly - Adding machine to domain, logging in, mapping drive to samba server, etc. However, when placed on the test VLAN (a class C private IP subnet) some of this functionality goes away. I can ping the DC (meaning the packets are correctly routed). I can resolve the DC name to its IP (meaning name resolution across the subnet is working), I can resolve my own workstation name to the correct IP. However, when I try to add this machine to the domain, I get the following error: The following error occurred attempting to join the domain "DOMAIN" Logon Failure: unknown user name or bad password. Of course I'm using the same user name and password (root) as I use when on the Class B subnet. When I attempt to map a drive, I get "System error 1326 has occurred - Logon failure: unknown user name or bad password." Stranger yet is that every 5 or so times, this all works perfectly. I've considered problems with the switching hardware, however, I set the workstation to ping the DC constantly for like 4 hours and not a single packet was dropped. There is nothing strange about the setup, it's really very simple. All other services function perfectly between the VLANs. I also tried adding a VLAN on our production network using the production DC with the exact same results. I should add that on the testing network, although the logical layout is similar, we do not have a DHCP server so all address assignments are done by hand. However, when we move the workstation from one subnet to another, we are careful to put the workstation in the correct subnet and make sure that the WINS server is set correctly. I've attached my smb.conf. If any party is interested in further diagnosing the problem I'll be happy spend as much time as necessary to provide the information you might need. Here's my smb.conf (names have been changed to protect the guilty) [global] interfaces = eth0 lo bind interfaces only = yes workgroup = DOMAIN server string = "Domain Controller" passdb backend = ldapsam:ldap://127.0.0.1 log level = 1 syslog = 0 log file = /usr/local/samba/var/log.%m max log size = 2500 name resolve order = wins hosts bcast time server = Yes show add printer wizard = No add user script = /var/lib/samba/sbin/smbldap-useradd.pl -a -m '%u' delete user script = /var/lib/samba/sbin/smbldap-userdel.pl '%u' add group script = /var/lib/samba/sbin/smbldap-groupadd.pl -p '%g' delete group script = /var/lib/samba/sbin/smbldap-groupdel.pl '%g' add user to group script = /var/lib/samba/sbin/smbldap-groupmod.pl -m '%u' '%g' delete user from group script = /var/lib/samba/sbin/smbldap-groupmod.pl -x '%u' '%g' set primary group script = /var/lib/samba/sbin/smbldap-usermod.pl -g '%g' '%u' add machine script = /var/lib/samba/sbin/smbldap-useradd.pl -w '%u' logon script = netlogon.cmd logon path = \\dc\profiles\%U logon home = \\dc\profiles\%U domain logons = Yes os level = 75 preferred master = Yes domain master = Yes wins support = Yes ldap admin dn = cn=Manager,dc=example,dc=org ldap group suffix = ou=group ldap idmap suffix = ou=Idmap ldap machine suffix = ou=people ldap suffix = dc=example,dc=org ldap user suffix = ou=people idmap backend = ldap://127.0.0.1 idmap uid = 1-2 idmap gid = 1-2 profile acls = Yes map acl inherit = Yes [netlogon] comment = "Net logon share" path = /netlogon write list = root [profiles] comment = "Roaming profile share" path = /profiles read only = No hide files = /desktop.ini/Desktop.ini/DESKTOP.INI/ csc policy = disable create mask = 0700 force create mode = 0700 directory mask = 0700 force directory mode = 0700 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Domain logins across subnets
Greetings, My environment is Samba 3.0.23d as a PDC, password backend is OpenLDAP 2.3.27, running on SuSE 10.1; workstations are Windows XP SP2, all recent patches applied. All machines are on the same Class B private IP network. Domain logons function perfectly, performance is very nice. For security and performance reasons we are looking at dividing the network into many VLANS, each with its own IP subnet. On the testing network, a very strange thing is happening. When the workstation is on the Class B subnet, all functions work perfectly - Adding machine to domain, logging in, mapping drive to samba server, etc. However, when placed on the test VLAN (a class C private IP subnet) some of this functionality goes away. I can ping the DC (meaning the packets are correctly routed). I can resolve the DC name to its IP (meaning name resolution across the subnet is working), I can resolve my own workstation name to the correct IP. However, when I try to add this machine to the domain, I get the following error: The following error occurred attempting to join the domain "DOMAIN" Logon Failure: unknown user name or bad password. Of course I'm using the same user name and password (root) as I use when on the Class B subnet. When I attempt to map a drive, I get "System error 1326 has occurred - Logon failure: unknown user name or bad password." Stranger yet is that every 5 or so times, this all works perfectly. I've considered problems with the switching hardware, however, I set the workstation to ping the DC constantly for like 4 hours and not a single packet was dropped. There is nothing strange about the setup, it's really very simple. All other services function perfectly between the VLANS. I also tried adding a VLAN on our production network using the production DC with the exact same results. I should add that on the testing network, although the logical layout is similar, we do not have a DHCP server so all address assignments are done by hand. However, when we move the workstation from one subnet to another, we are careful to put the workstation in the correct subnet and make sure that the WINS server is set correctly. I've attached my smb.conf. If any party is interested in further diagnosing the problem I'll be happy spend as much time as necessary to provide the information you might need. Here's my smb.conf (names have been changed to protect the guilty) [global] interfaces = eth0 lo bind interfaces only = yes workgroup = DOMAIN server string = "Domain Controller" passdb backend = ldapsam:ldap://127.0.0.1 log level = 1 syslog = 0 log file = /usr/local/samba/var/log.%m max log size = 2500 name resolve order = wins hosts bcast time server = Yes show add printer wizard = No add user script = /var/lib/samba/sbin/smbldap-useradd.pl -a -m '%u' delete user script = /var/lib/samba/sbin/smbldap-userdel.pl '%u' add group script = /var/lib/samba/sbin/smbldap-groupadd.pl -p '%g' delete group script = /var/lib/samba/sbin/smbldap-groupdel.pl '%g' add user to group script = /var/lib/samba/sbin/smbldap-groupmod.pl -m '%u' '%g' delete user from group script = /var/lib/samba/sbin/smbldap-groupmod.pl -x '%u' '%g' set primary group script = /var/lib/samba/sbin/smbldap-usermod.pl -g '%g' '%u' add machine script = /var/lib/samba/sbin/smbldap-useradd.pl -w '%u' logon script = netlogon.cmd logon path = \\dc\profiles\%U ( file://\dcU ) logon home = \\dc\profiles\%U ( file://\dcU ) domain logons = Yes os level = 75 preferred master = Yes domain master = Yes wins support = Yes ldap admin dn = cn=Manager,dc=example,dc=org ldap group suffix = ou=group ldap idmap suffix = ou=Idmap ldap machine suffix = ou=people ldap suffix = dc=example,dc=org ldap user suffix = ou=people idmap backend = ldap://127.0.0.1 idmap uid = 1-2 idmap gid = 1-2 profile acls = Yes map acl inherit = Yes [netlogon] comment = "Net logon share" path = /netlogon write list = root [profiles] comment = "Roaming profile share" path = /profiles read only = No hide files = /desktop.ini/Desktop.ini/DESKTOP.INI/ csc policy = disable create mask = 0700 force create mode = 0700 directory mask = 0700 force directory mode = 0700 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba