UNIX for Dummies Questions & Answers

Ok so this is sort of a unix question. I am frequently logging into customers boxes and our product integrates with Active directory.

I deal with a great deal of people who have no business being admins but are and they don't know squat about their network or their DC's. So a recurring problem I deal with is my box trying to connect to IP's in their domain A record that are NOT valid DC's at all.

Can anyone think of any kind of test I could do to determine if an IP address is actually a Domain controller? Right now basically all I do is ping each IP that comes up and see if they respond. If they don't then I question their validity. But that isn't really all that accurate. As any server may respond to a ping and not be a DC. Or they may have ping turned off some thing.

I don't really need any details about the DC I just need to know if it is one or not.

nmap would give you which ports the host was listening on. A domain controller is going to be listening on 53, 88, 135, 389 at least. You can get a better list of ports by googling. You might look for a network fingerprinting tool to make it easier.

I'll have to see what I can do with that. I was hoping to only use basic commands in unix and or samba.

---------- Post updated at 05:47 PM ---------- Previous update was at 05:28 PM ----------

Well nmap is out, its not installed so that means its not an option.

---------- Post updated at 07:36 PM ---------- Previous update was at 05:47 PM ----------

well what i've done so far is i've used wbinfo -I to resolve the name of the server.

While this doesnt' tell me for certain if something is a DC it usually is a goo dindicator.

If I can't ping an IP addrress and that address has no name associated with it then its probably not a Dc.

---------- Post updated 04-23-10 at 12:11 PM ---------- Previous update was 04-22-10 at 07:36 PM ----------

Ok i'm overthinking this last step I'm sure and I'm driving myself crazy. I've figured out how to test for valid DC and I have two lists of IPs. One that has possible valid DC's and one that has what they "say" are DC's but may not be. Soooo...

I have 2 text files both contain lists of IP's.

What I need to do is compare the two files and output 2 new files.

File 1 = IP's the two files have in common
File 2 = IP's file 1 has that file2 does not

I can get this information using comm but I can't figure out how to get that to output data to files, it does me no good displayed. Also looked at diff but I'm not seeing how I can do it with that either.

Suggestions?

---------- Post updated at 02:59 PM ---------- Previous update was at 12:11 PM ----------

Well it looks like I had a couple of stray charachters in the files that were screwing it up. Once I cleaned up the files and remove the blank lines and presorted them. The COMM command worked fine for showing me the difference between the two files.

if i recall, most DC's have a netlogon share, used for login scripts. You can just \\machine_in_question and see if it comes up..

however this may only work if the machine is a part of the domain... i'd assume netlogon isn't shareable by everyone... so I guess that might not work for you.

however, going on one of the earlier posts about ports.. there's always trusty telnet <machine> port_to_suspect

if it listens, it responds, if not.. move on.

Well I wound up doing a bunch of things...

1 - it looks at smb.conf to pull the domain name
2 - takes that name and resolves it to the IP's in A record then attempts to ping each IP in there
3 - Takes each IP and does wbinfo -I to see if it has a netbios name record
4 - Does a dig against each IP to check for a kerberos SRV record

Then basically does a bunch of cross compares with all the files generated to tell me which IPs can be reached and which cant. Plus which IPs are in the A record but have no Kerberos record. etc etc.

Thus far it works pretty well.