[CentOS] DNS problem while trying to join windows 7 to samba3x pdc
Craig White
craigwhite at azapple.com
Thu Jul 8 17:28:52 UTC 2010
On Thu, 2010-07-08 at 12:03 -0500, Doug Coats wrote:
> I think you are being vague (similar error).
>
> What is the exact error?
>
> What is the output of 'testparm -sv' ?
>
>
> Craig
>
> Sorry for being to vague.
>
> Here is the XP Pro error I get when I try to join the domain.
>
> A domian controller for the domain admin could not be contacted.
>
> Esure that the domain name is typed correctly.
>
> If the name is correct, click on the Details for troubleshooting
> information.
>
> Details:
>
> Note: This information is intended for a network administrator. If
> you are not your network's administrator, notify the administrator
> that you received this information, which has been recorded in the
> file C:\WINDOWS\debug\dcdiag.txt.
> The domain name admin might be a NetBIOS domain name. If this is the
> case, verify that the domain name is properly registered with WINS.
> If you are certain that the name is not a NetBIOS domain name, then
> the following information can help you troubleshoot your DNS
> configuration.
> An error occurred when DNS was queried for the service location (SRV)
> resource record used to locate a domain controller for domain admin.
> The error was: "No records found for given DNS query."
> (error code 0x0000251D DNS_INFO_NO_RECORDS)
> The query was for the SRV record for _ldap._tcp.dc._msdcs.admin
> For more information, click Help.
>
> Here is the testparm -sv you requested.
>
> For a short explaination of the IP's listed. We have two domains.
> One served by 192.168.6.1 and one by 192.168.5.1. I am currantly
> upgrading the 192.168.6. network to Windows 7. Or atleast trying.
> 192.168.4.1 is our gatway and the two servers listed above act as file
> servers and routers for their domains. I hope that makes sence.
>
> Load smb config files from /etc/samba/smb.conf
> Processing section "[homes]"
> Processing section "[netlogon]"
> WARNING: The "share modes" option is deprecated
> Processing section "[admin]"
> Processing section "[staff]"
> Processing section "[ElemTeachers]"
> Processing section "[SecTeachers]"
> Processing section "[it]"
> Processing section "[office]"
> Processing section "[finance]"
> Processing section "[backup]"
> Processing section "[www]"
> Processing section "[scribeshare]"
> Processing section "[sosub]"
> Loaded services file OK.
> Server role: ROLE_DOMAIN_PDC
> [global]
> dos charset = CP850
> unix charset = UTF-8
> display charset = LOCALE
> workgroup = ADMIN
> realm =
> netbios name = HERITAGE3
> netbios aliases =
> netbios scope =
> server string = Administration Samba Server
> interfaces = 192.168.4.3, 192.168.6.1, 127.0.0.1
> bind interfaces only = No
> config backend = file
> security = USER
> auth methods =
> encrypt passwords = Yes
> update encrypted = No
> client schannel = Auto
> server schannel = Auto
> allow trusted domains = Yes
> map to guest = Never
> null passwords = No
> obey pam restrictions = No
> password server = *
> smb passwd file = /etc/samba/smbpasswd
> private dir = /var/lib/samba/private
> passdb backend = smbpasswd
> algorithmic rid base = 1000
> root directory =
> guest account = nobody
> enable privileges = Yes
> pam password change = No
> passwd program =
> passwd chat = *new*password* %n\n *new*password* %n\n
> *changed*
> passwd chat debug = No
> passwd chat timeout = 2
> check password script =
> username map =
> password level = 0
> username level = 0
> unix password sync = No
> restrict anonymous = 0
> lanman auth = No
> ntlm auth = Yes
> client NTLMv2 auth = No
> client lanman auth = No
> client plaintext auth = No
> preload modules =
> use kerberos keytab = No
> log level = 1
> syslog = 1
> syslog only = No
> log file = /var/log/samba/%m.log
> max log size = 50
> debug timestamp = Yes
> debug prefix timestamp = No
> debug hires timestamp = No
> debug pid = No
> debug uid = No
> debug class = No
> enable core files = Yes
> smb ports = 445 139
> large readwrite = Yes
> max protocol = NT1
> min protocol = CORE
> min receivefile size = 0
> read raw = Yes
> write raw = Yes
> disable netbios = No
> reset on zero vc = No
> acl compatibility = auto
> defer sharing violations = Yes
> nt pipe support = Yes
> nt status support = Yes
> announce version = 4.9
> announce as = NT
> max mux = 50
> max xmit = 16644
> name resolve order = hosts wins lmhosts bcast
> max ttl = 259200
> max wins ttl = 518400
> min wins ttl = 21600
> time server = Yes
> unix extensions = Yes
> use spnego = Yes
> client signing = auto
> server signing = No
> client use spnego = Yes
> client ldap sasl wrapping = plain
> enable asu support = No
> svcctl list =
> deadtime = 0
> getwd cache = Yes
> keepalive = 300
> lpq cache time = 30
> max smbd processes = 0
> paranoid server security = Yes
> max disk size = 0
> max open files = 10000
> socket options = TCP_NODELAY
> use mmap = Yes
> hostname lookups = No
> name cache timeout = 660
> ctdbd socket =
> cluster addresses =
> clustering = No
> load printers = Yes
> printcap cache time = 750
> printcap name =
> cups server =
> cups connection timeout = 30
> iprint server =
> disable spoolss = No
> addport command =
> enumports command =
> addprinter command =
> deleteprinter command =
> show add printer wizard = Yes
> os2 driver map =
> mangling method = hash2
> mangle prefix = 1
> max stat cache size = 256
> stat cache = Yes
> machine password timeout = 604800
> add user script =
> rename user script =
> delete user script =
> add group script =
> delete group script =
> add user to group script =
> delete user from group script =
> set primary group script =
> add machine script = /usr/sbin/adduser -n -g machines -c
> Machine -d /dev/null -s /bin/false %u
> shutdown script =
> abort shutdown script =
> username map script =
> logon script = %U.bat
> logon path =
> logon drive =
> logon home =
> domain logons = Yes
> init logon delayed hosts =
> init logon delay = 100
> os level = 20
> lm announce = Auto
> lm interval = 60
> preferred master = No
> local master = Yes
> domain master = Yes
> browse list = Yes
> enhanced browsing = Yes
> dns proxy = Yes
> wins proxy = Yes
> wins server = 192.168.4.1
> wins support = No
> wins hook =
> kernel oplocks = Yes
> lock spin time = 200
> oplock break wait time = 0
> ldap admin dn =
> ldap delete dn = No
> ldap group suffix =
> ldap idmap suffix =
> ldap machine suffix =
> ldap passwd sync = no
> ldap replication sleep = 1000
> ldap suffix =
> ldap ssl = start tls
> ldap ssl ads = No
> ldap timeout = 15
> ldap connection timeout = 2
> ldap page size = 1024
> ldap user suffix =
> ldap debug level = 0
> ldap debug threshold = 10
> eventlog list =
> add share command =
> change share command =
> delete share command =
> config file =
> preload =
> lock directory = /var/lib/samba
> pid directory = /var/run
> utmp directory =
> wtmp directory =
> utmp = No
> default service =
> message command =
> get quota command =
> set quota command =
> remote announce = 192.168.5.255 192.168.4.255 192.168.0.255
> remote browse sync =
> socket address = 0.0.0.0
> homedir map = auto.home
> afs username map =
> afs token lifetime = 604800
> log nt token command =
> time offset = 0
> NIS homedir = No
> registry shares = No
> usershare allow guests = No
> usershare max shares = 0
> usershare owner only = Yes
> usershare path = /var/lib/samba/usershares
> usershare prefix allow list =
> usershare prefix deny list =
> usershare template share =
> panic action =
> host msdfs = Yes
> passdb expand explicit = No
> idmap backend = tdb
> idmap alloc backend =
> idmap cache time = 604800
> idmap negative cache time = 120
> idmap uid =
> idmap gid =
> template homedir = /home/%D/%U
> template shell = /bin/false
> winbind separator = \
> winbind cache time = 300
> winbind reconnect delay = 30
> winbind enum users = No
> winbind enum groups = No
> winbind use default domain = No
> winbind trusted domains only = No
> winbind nested groups = Yes
> winbind expand groups = 1
> winbind nss info = template
> winbind refresh tickets = No
> winbind offline logon = No
> winbind normalize names = No
> winbind rpc only = No
> comment =
> path =
> username =
> invalid users =
> valid users =
> admin users =
> read list =
> write list =
> printer admin =
> force user =
> force group =
> read only = Yes
> acl check permissions = Yes
> acl group control = No
> acl map full control = Yes
> create mask = 0744
> force create mode = 00
> security mask = 0777
> force security mode = 00
> directory mask = 0755
> force directory mode = 00
> directory security mask = 0777
> force directory security mode = 00
> force unknown acl user = No
> inherit permissions = No
> inherit acls = No
> inherit owner = No
> guest only = No
> administrative share = No
> guest ok = No
> only user = No
> hosts allow = 192.168.4., 192.168.5., 192.168.6., 192.168.1.,
> 127.
> hosts deny =
> allocation roundup size = 1048576
> aio read size = 0
> aio write size = 0
> aio write behind =
> ea support = No
> nt acl support = Yes
> profile acls = No
> map acl inherit = No
> afs share = No
> smb encrypt = auto
> block size = 1024
> change notify = Yes
> directory name cache size = 100
> kernel change notify = Yes
> max connections = 0
> min print space = 0
> strict allocate = No
> strict sync = No
> sync always = No
> use sendfile = No
> write cache size = 0
> max reported print jobs = 0
> max print jobs = 1000
> printable = No
> printing = cups
> cups options =
> print command =
> lpq command = %p
> lprm command =
> lppause command =
> lpresume command =
> queuepause command =
> queueresume command =
> printer name =
> use client driver = No
> default devmode = Yes
> force printername = No
> printjob username = %U
> default case = lower
> case sensitive = Auto
> preserve case = Yes
> short preserve case = Yes
> mangling char = ~
> hide dot files = Yes
> hide special files = No
> hide unreadable = No
> hide unwriteable files = No
> delete veto files = No
> veto files =
> hide files =
> veto oplock files =
> map archive = Yes
> map hidden = No
> map system = No
> map readonly = yes
> mangled names = Yes
> store dos attributes = No
> dmapi support = No
> browseable = Yes
> blocking locks = Yes
> csc policy = manual
> fake oplocks = No
> locking = Yes
> oplocks = Yes
> level2 oplocks = Yes
> oplock contention limit = 2
> posix locking = Yes
> strict locking = Auto
> share modes = Yes
> dfree cache time = 0
> dfree command =
> copy =
> include =
> preexec =
> preexec close = No
> postexec =
> root preexec =
> root preexec close = No
> root postexec =
> available = Yes
> volume =
> fstype = NTFS
> set directory = No
> wide links = Yes
> follow symlinks = Yes
> dont descend =
> magic script =
> magic output =
> delete readonly = No
> dos filemode = No
> dos filetimes = Yes
> dos filetime resolution = No
> fake directory create times = No
> vfs objects =
> msdfs root = No
> msdfs proxy =
----
If you want domain logins - you have to have a PDC and this system
should:
preferred master = yes
remote announce = 192.168.5.255 192.168.4.255 192.168.0.255
remove this ========== ^^^^^^^^^^^^^
but it would appear that your WINS server 192.168.4.1 may not actually
be a wins server or not the dmb (domain master browser) and not winning
the elections so it's hard to figure out which computer is the PDC.
What is output of 'nmblookup -A 192.168.4.1' ?
I think this is where your problem is.
Personally, I would make the PDC system the WINS server
wins support = true
and comment out the line pointing it to another wins server
set 'os level = 64' so that it wins all the elections and is the WINS
server for all networks it is on.
Also FWIW - It would seem that you have a lot of users/networks and I
would not use smbpasswd as the passdb - but would suggest using the tdb
as it is more robust/versatile and really recommend that you get into
LDAP instead (of course this has nothing to do with your problem).
Craig
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the CentOS
mailing list