Re: [SLE] Samba help: Machine account
tim@pipandtim.com wrote:
On Mon, 2003-04-28 at 13:11, John Scott wrote:
Does anyone actually have XP/2000 boxes making trust connections with a samba pdc?
Yes - Windows 2000 (x2)
I encountered the same error message - a search of MSFT site revealed that this was due to the machine not being able to find a relevant DNS entry.
A DNS entry for what? Itself? The PDC? Or the PDC looking for an entry for the connecting machine? I don't use DNS for internal network resolution. I use the hosts/lmhosts files so I don't understand how DNS would apply. Any theories?
However... at the time the Samba PDC was behind a firewall - when i stopped the firewall completely (PDC was not attached to the internet) the machines were able to join the domain no problem.
The PDC is running SuSEFirewall2. The XP machines are running Zone Alarm. I have opened ports 137-139 for internal hosts. As far as I know, that's all I need. Are you suggesting I try shutting down the firewall on the PDC? Shutting Zone Alarm didn't help. That makes sense though since configured ZA to view my internal network as a trusted zone.
My guess (and that is what it is) is ,judging from the talk about Zone Alarm and opening some ports is that this is where your problem lies.
I'm told that for machine trusts to work you need port 139. Perhaps there is some configuring to be done in Windows for the authentication method? Anyone know? John
On 04/30/2003 08:29 AM, John Scott wrote:
The PDC is running SuSEFirewall2. The XP machines are running Zone Alarm. I have opened ports 137-139 for internal hosts. As far as I know, that's all I need. Are you suggesting I try shutting down the firewall on the PDC? Shutting Zone Alarm didn't help. That makes sense though since configured ZA to view my internal network as a trusted zone.
John, when I was trying to get 2.2.8a working, I noticed in the documentation that samba (now?) also uses 445 tcp, so that would be udp 137, 138 and tcp 159, 445. I can't say whether this will fix your problem. I am presently running samba 2.2.5 (see separate thread for my question/problem w/ newer versions), and have one user using XP pro on our network with NO problems. Since his XP seems to release its dhcp lease every time, I had to give it a fixed address, so it is not using DNS but hosts and lmhosts. HTH. -- Joe Morris New Tribes Mission Email Address: Joe_Morris@ntm.org Web Address: http://www.mydestiny.net/~joe_morris Registered Linux user 231871 God said, I AM that I AM. I say, by the grace of God, I am what I am.
On 04/30/2003 08:57 AM, Joe Morris (NTM) wrote:
On 04/30/2003 08:29 AM, John Scott wrote:
The PDC is running SuSEFirewall2. The XP machines are running Zone Alarm. I have opened ports 137-139 for internal hosts. As far as I know, that's all I need. Are you suggesting I try shutting down the firewall on the PDC? Shutting Zone Alarm didn't help. That makes sense though since configured ZA to view my internal network as a trusted zone.
John, when I was trying to get 2.2.8a working, I noticed in the documentation that samba (now?) also uses 445 tcp, so that would be udp 137, 138 and tcp 159, 445. I can't say whether this will fix your
Typo should be 139 ^^ -- Joe Morris New Tribes Mission Email Address: Joe_Morris@ntm.org Web Address: http://www.mydestiny.net/~joe_morris Registered Linux user 231871 God said, I AM that I AM. I say, by the grace of God, I am what I am.
Joe_Morris@ntm.org wrote:
John, when I was trying to get 2.2.8a working, I noticed in the documentation that samba (now?) also uses 445 tcp, so that would be udp 137, 138 and tcp 159, 445. I can't say whether this will fix your Typo should be 139
^^
No problem Joe. I caught that. Thanks. Anyway, I opened port 445 to no avail. As of now everything works except I get an error if I try to put the domain name in the domain box in the login dialog on XP. XP says a machine account was not found but I know that is not correct.. If I don't touch the domain field, everything works. I'm just trying to get normal functionality but I guess that just won't work. I'll guess I'll move on to something else now and revisit this when samba 3.0 comes out. Thanks again for your help. John
On Wed, 2003-04-30 at 00:29, John Scott wrote:
A DNS entry for what? Itself? The PDC? Or the PDC looking for an entry for the connecting machine? I don't use DNS for internal network resolution. I use the hosts/lmhosts files so I don't understand how DNS would apply. Any theories?
Well the error message you quoted said that either the domain could not be contacted or no machine account could be found - since you have managed to add the machine to the domain that would imply that there is a machine account; it would also imply that when you did add the machine to the domain the Pc could find the domain, so have you changed the firewall setup since you added the machine to the domain? When i had the error message and looked it up on the MSFT site is said that this was caused by a missing DNS entry. I was not using DNS either. But what it shows is that there is a name resolution problem - either hosts/lmhosts or on the WINS server if you have one
Are you suggesting I try shutting down the firewall on the PDC?
Yes - it is a matter of finding out where the problem really lies - if you shut down the firewall on the PDC and you can log on to the domain then the problem is with the firewall configuration. If this does not help then the problem lies elsewhere.
Shutting Zone Alarm didn't help. That makes sense though since configured ZA to view my internal network as a trusted zone.
Fine, then the problem is not with the ZA firewall.
-- Tim <tim@pipandtim.com>
participants (3)
-
Joe Morris (NTM) -
John Scott -
Tim