unable to join to a Samba4 domain
in [Samba]
|
From: Michael Wood on 31 May 2010 08:30 On 31 May 2010 14:18, Michael Wood <esiotrot(a)gmail.com> wrote: > On 31 May 2010 12:53, Tomasz Chmielewski <mangoo(a)wpkg.org> wrote: [...] >> http://virtall.com/files/samba4-join-rtl8139.pcap >> >> >> Some more hints? > > That's weird. It looks like the Windows box is ignoring the DNS > responses and just keeps repeating the query. I haven't actually > looked at a capture of a working join, but that can't be right. I see it repeats the CLDAP request too. I will have to capture a join here and compare them. -- Michael Wood <esiotrot(a)gmail.com> -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
From: Michael Wood on 31 May 2010 10:30 On 31 May 2010 14:23, Michael Wood <esiotrot(a)gmail.com> wrote: > On 31 May 2010 14:18, Michael Wood <esiotrot(a)gmail.com> wrote: >> On 31 May 2010 12:53, Tomasz Chmielewski <mangoo(a)wpkg.org> wrote: > [...] >>> http://virtall.com/files/samba4-join-rtl8139.pcap >>> >>> >>> Some more hints? >> >> That's weird. It looks like the Windows box is ignoring the DNS >> responses and just keeps repeating the query. I haven't actually >> looked at a capture of a working join, but that can't be right. > > I see it repeats the CLDAP request too. I will have to capture a join > here and compare them. I renamed the client at the same time for no particular reason, and this is what I see: 1.) First a few NBNS broadcasts to register the new client netbios name, followed by an NBNS broadcast to release it again. 2.) DNS query for _ldap._tcp.dc._msdcs.samba.example.org and a DNS reply pointing at port 389 on the DC. 3.) CLDAP request and reply like yours for the OLD netbios name of the client. Filter: (&(&(DnsDomain=samba.example.org)(Host=OLDHOSTNAME))(NtVer=0x00000006)) 4.) ARP request and reply for the DC's MAC address. 5.) A repeat of the DNS request and reply from step 2. 6.) A repeat of the CLDAP request from step 3. 7.) A CLDAP request for and reply again using the old netbios name of the client. The response says something about netlogon, type=25, version=5, LM token=0xffff, NT token=0xffff. Filter: (&(&(&(&(DnsDomain=samba.example.org)(Host=OLDHOSTNAME))(User=OLDHOSTNAME$))(AAC=80:01:00:00))(NtVer=0x00000006)) 8.) A repeat of the CLDAP request and response from step 7. 9.) An ICMP echo request to the DC and a response. 10.) An SMB connection to the DC on port 445. 11.) Another ping. etc. Later there's some kerberos, DCERPC, etc., etc. Only about 18 seconds from the start does the client send a request to the server containing the new netbios name. There are still various requests containing the old netbios name after that too. Right near the end (about 17 packets from the end) there's an LDAP request to modify the DnsDomainName and ServicePrincipalName to the new client name. After that, an LDAP search still shows the object as being named CN=oldname,CN=Computers,DC=samba,DC=example,DC=org, but various attributes have been updated with the new name: sAMAccountName: NEWNAME$ displayName: NEWNAME$ dNSHostName: newname.samba.example.org servicePrincipalName: HOST/newname.samba.example.org servicePrincipalName: HOST/NEWNAME Anyway, I'm not sure this helps you except to confirm that there's something funny going on in your case :) The only difference I can see is that your netbios DOMAIN name is different from the first part of the realm, but I don't see why that should be a problem. Since I have nothing better to suggest, I suppose you could try with realm samba4.contact-web.de and netbios domain samba4 just to see if that makes a difference. -- Michael Wood <esiotrot(a)gmail.com> -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
First
|
Prev
|
Pages: 1 2 3 4 5 6 7 Prev: [Samba] unable to join to a Samba4 domain Next: [Samba] Login Samba/LDAP |