Date: Sun, 27 Oct 2002 09:15:32 +0200 From: "D. Penev" <dpenev@mail.bg> To: sroberts@dsl.pipex.com Cc: freebsd-questions@FreeBSD.ORG Subject: Re: IPFW Rules for samba PDC? [WAS: samba PDC for WIN2K clients?] Message-ID: <20021027071532.GA263@earth.dpsca.bg> In-Reply-To: <1035668870.382.53.camel@Demon.vickiandstacey.com> References: <1035155219.539.2.camel@Demon.vickiandstacey.com> <3DB35946.4070908@cream.org> <1035225240.539.14.camel@Demon.vickiandstacey.com> <20021026212622.GA240@earth.dpsca.bg> <1035668870.382.53.camel@Demon.vickiandstacey.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Oct 26, 2002 at 10:47:48PM +0100, Stacey Roberts wrote: >Subject: Re: IPFW Rules for samba PDC? [WAS: samba PDC for WIN2K clients?] >From: Stacey Roberts <stacey@Demon.vickiandstacey.com> >To: "D. Penev" <dpenev@mail.bg> >Cc: FreeBSD Questions <freebsd-questions@FreeBSD.ORG> >Date: 26 Oct 2002 22:47:48 +0100 > >Hi, > Thanks for the reply. I should mention that I've made some progress >with my efforts to set up a samba PDC for my Win2K clients. > >First of all I am now able to successfully complete all tests in the >recommended "DIAGNOSTICS.TXT" at >http://hr.uoregon.edu/davidrl/DIAGNOSIS.txt, except:- > >test 8: On the PC type the command "net view \\BIGSERVER" > >Specifically, I am only able to complete this test by using the IP Addr >of the samba server in place of its name. Likewise for test 9 that >follows. > >Recapping, I *am* able to serve share dirs to *NIX clients as well as >the Win2K boxes, with the caveat that for the Windows boxes, I have to >use the IP Addr of the samba server. This is not an issue for other >(*NIX) client hosts. > >Needless to say, I am not as yet able to have the Win2K boxes join the >domain as described in Chapter 9. (How to Configure Samba 2.2 as a >Primary Domain Controller - 9.4.3. Joining the Client to the Domain.4.3. >Joining the Client to the Domain). I still get the MS error when I click >"OK" after entering the domain as defined in smb.conf. > >Hope this presents somewhat a clearer description of the current status >here. Do get back to if you would require more information in assisting >me in resolving this. =46rom you description of the problem it's looks like that win2k box can't make resolving of names to ip address. That's why I accent to firewall because according to you logs ipfw block port 137, which is used to=20 resolve NetBIOS names to IP address. I make a little test and block port 137 on my PDC (Samba 2.2.4 on NetBSD) and results are the same as yours. If that is true (blocking of netbios-ns port) you PDC can't register as domain controler, and workstations when is joined to domain can't find who is PDC for this domain. What are you firewall rules? What's show "nbtstat -A YOU_SAMBA_SERVER" and "nbtstat -c" on win2k box? =20 > >Thanks > >On Sat, 2002-10-26 at 22:26, D. Penev wrote: >> On Mon, Oct 21, 2002 at 07:33:58PM +0100, Stacey Roberts wrote: >> >Subject: IPFW Rules for samba PDC? [WAS: samba PDC for WIN2K clients?] >> >From: Stacey Roberts <stacey@Demon.vickiandstacey.com> >> >To: Andrew Boothman <andrew@cream.org> >> >Cc: sroberts@dsl.pipex.com, >> > FreeBSD Questions <freebsd-questions@FreeBSD.ORG> >> >Date: 21 Oct 2002 19:33:58 +0100 >> > >> >Hello, >> > I'd appreciate some help from anyone who's got samba 2.2.6 running >> >on FreeBSD as a PDC for Win2K client wkstations, please. >> > >> >I'm trying to following the SAMBA How-To at: >> >http://samba.epfl.ch/samba/docs/Samba-HOWTO-Collection.html#AEN60 >> >but fail at the smbclient -L <PDC host> stage: >> > >> ># smbclient -L -N Demon >> >added interface ip=3D192.168.1.8 bcast=3D192.168.1.255 nmask=3D255.255.= 255.0 >> >Packet send failed to 192.168.1.255(137) ERRNO=3DPermission denied >> >Connection to -N failed >> >#=20 >> > >> >I get these entries in /var/log/security: >> >Oct 21 19:31:08 Demon /kernel: ipfw: 910 Deny UDP <My IP>:2308 >> ><net.255>:137 out via sis0 >>=20 >> You firewall blocks packets to port 137 (netbios-ns). That's >> why you can access samba server with ip address and not by name. >>=20 >> >=20 >> >Please help me out here. >> > >> >Stacey >> > >> >On Mon, 2002-10-21 at 02:32, Andrew Boothman wrote: >> >> Stacey Roberts wrote: >> >> > Hello,=20 >> >> > I've got 2 WIN2K Pro workstations on my home lan that I'd like= to >> >> > enable network logon for. I've been banging my head against a wall = for >> >> > the last four hours trying to get this sorted, but to no avail.=20 >> >> >=20 >> >> > I keep getting the same error when trying to enter the Domain name = into >> >> > the "WORKGROUP" field in Win2K network properties:=20 >> >> >=20 >> >> > "The following error occured validating the name "my_domainname", T= his >> >> > condition may be caused by a DNS lookup problem. For more informati= on >> >> > about troubleshooting common DNS lookup problems see the following >> >> > Microsoft blah., blah.., blah..,=20 >> >> >=20 >> >> > The specified domain either does not exist or could not be contacte= d". >> >>=20 >> >> Have you added machine accounts to the FreeBSD box for the client box= es? >> >>=20 >> >> You need machine accounts that look like clientname$ (dollar sign at= =20 >> >> end) added both as local accounts and then again with smbpasswd passi= ng=20 >> >> whatever the appropriate switch is to create a machine account. >> >>=20 >> >> I have a FreeBSD box here acting as a PDC so we should be able to fin= d=20 >> >> the problem. >> >>=20 >> >> Andrew. >> >>=20 >> >>=20 >> >> To Unsubscribe: send mail to majordomo@FreeBSD.org >> >> with "unsubscribe freebsd-questions" in the body of the message >> >--=20 >> >Stacey Roberts >> >B.Sc (HONS) Computer Science >> > >> >Web: www.vickiandstacey.com >> > >>=20 >>=20 >>=20 >> --=20 >> Regards, >> D. Penev >>=20 >> To Unsubscribe: send mail to majordomo@FreeBSD.org >> with "unsubscribe freebsd-questions" in the body of the message >--=20 >Stacey Roberts >B.Sc (HONS) Computer Science > >Web: www.vickiandstacey.com > --=20 Regards, D. Penev To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021027071532.GA263>