07-06-2010
It's not listing from all the domains. It IS trying to reach the other controllers. The problem is that there's no route to some of the servers and others there's no route back to the machine. Doing a tcpdump yields the following
From my samba machine in the DMZ to, and back from, the local AD server:
Quote:
10:45:01.170297 IP 10.xxx.xx.34.44697 > 10.xxx.x.70.389: tcp 0
10:45:01.170434 IP 10.xxx.x.70.389 > 10.xxx.xx.34.44697: tcp 1188
To other AD servers with insufficient routing:
Quote:
10:47:00.154323 IP 10.xxx.xx.34 > 10.xx.xxx.128 tcp 99
10:47:10.462745 IP 10.xxx.xx.34 > 10.x.xx.223 tcp 99
There are 5 or so more remote AD servers from other domains that never come back for due to routing. During the time that it's attempting to query or connect with these servers file listings and such "hang" until the the local machine gives up.
Using the
allow trusted domains = no parameter DOES limit the connection attempts to once every half an hour or so. Before that, it would try almost every time a directory listing or anything else that needed to tie a user name to an UID was attempted. It's not the fix, but it SURE helped.
The routing is something that will not be fixed. The other domains need not access nor communicate with our DMZ.
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
I am trying to set samba up to join my windows 2000 domain and I am having troubles
If anyone if familiar with this help would be greatly appreciated
I issue the following command
# ./smbpasswd -j DOMAIN -r DOMAINCONTROLER
And the following gets returned
load_client_codepage: filename... (4 Replies)
Discussion started by: gennaro
4 Replies
2. UNIX for Advanced & Expert Users
I have a samba server and a raid SAN which is actually running samba. Neither one lets me access anything on the samba unix side. I really do not know where to look anymore. there are no errors. When I try to connect to the samba server I get prompted with login and password repeatedly.
Frank (4 Replies)
Discussion started by: frankkahle
4 Replies
3. AIX
Hello,
I've created new DNS servers and changed all of the clients /etc/resolv.conf to point to them, but when I check the old DNS logs, I see that the clients are still querying it. Does anybody know why?
thanks, (2 Replies)
Discussion started by: ctcuser
2 Replies
4. Red Hat
Hi all,
I'm having some problems with joining an active directory domain as a member. My Linux servers using the same configuration across the board are all joining as domain controllers, which is bad.
I am running Samba 3.0.25b-0.4E.6 on all of my RHEL servers.
Here is my global... (1 Reply)
Discussion started by: Bert
1 Replies
5. Solaris
Hello to everybody from Argentina.
I need to stop samba because i need to fsck a filesystem
How can i do this?
I presume that the version is higher than 3.0.
/usr/sfw/sbin/smbd -D This is the out of ps -ef | grep smbd.
Thank you very much for your time i am a litle lost.
The... (4 Replies)
Discussion started by: enkei17
4 Replies
6. Homework & Coursework Questions
Use and complete the template provided. The entire template must be completed. If you don't, your post may be deleted!
1. The problem statement, all variables and given/known data:
I have a barebones XP Pro SP2 with no firewall.
CentOS 5.xx running a Samba 3.xx Domain (PDC)
The XP machine... (2 Replies)
Discussion started by: pogipants
2 Replies
7. UNIX for Dummies Questions & Answers
Hello people i have a samba and they changed domain controller from a windows 2003 to a windows 2008, there is a problem with the version of samba maybe incompatibilities i dont know what show me this
domain_client_validate: unable to validate password for user xxxx in domain xxxx to Domain... (0 Replies)
Discussion started by: enkei17
0 Replies
8. Debian
Hello,,,
We have an existing(working) MS PDC in our office.
I have already installed SAMBA with LDAP Authentication on a TEST machine (on same LAN).
But, am unable to join a WinXP machine to this domain.
in smb.conf i have:
WORKGROUP = mydomain
and tried to join the XP machine to... (0 Replies)
Discussion started by: coolatt
0 Replies
9. Windows & DOS: Issues & Discussions
Hello,
I have apparently lost all domain admin privledges in Samba. I have had several problems ever since I installed the 1/31 Solaris patch cluster. I had to roll out one Samba update (146363-01), which denied all logons network access. However, this particular problem seems to have begun... (0 Replies)
Discussion started by: stringman
0 Replies
10. UNIX for Dummies Questions & Answers
Hi all,
You may have seen my recent topic, where I asked for help getting some samba shares to work on our network.
Now that these are working, I move on to the next hurdle!
We have a few externally hosted (Windows Server 2008 R2) web servers which are not on our domain, but can still... (0 Replies)
Discussion started by: mgreen81
0 Replies
LEARN ABOUT MINIX
resolver
RESOLVER(5) File Formats Manual RESOLVER(5)
NAME
resolver - resolver configuration file
SYNOPSIS
/etc/resolv.conf
DESCRIPTION
The resolver is a set of routines in the C library (resolv(3)) that provide access to the Internet Domain Name System. The resolver con-
figuration file contains information that is read by the resolver routines the first time they are invoked by a process. The file is
designed to be human readable and contains a list of keywords with values that provide various types of resolver information.
On a normally configured system this file should not be necessary. The only name server to be queried will be on the local machine, the
domain name is determined from the host name, and the domain search path is constructed from the domain name.
The different configuration options are:
nameserver
Internet address (in dot notation) of a name server that the resolver should query. Up to MAXNS (currently 3) name servers may be
listed, one per keyword. If there are multiple servers, the resolver library queries them in the order listed. If no nameserver
entries are present, the default is to use the name server on the local machine. (The algorithm used is to try a name server, and
if the query times out, try the next, until out of name servers, then repeat trying all the name servers until a maximum number of
retries are made).
domain Local domain name. Most queries for names within this domain can use short names relative to the local domain. If no domain entry
is present, the domain is determined from the local host name returned by gethostname(2); the domain part is taken to be everything
after the first `.'. Finally, if the host name does not contain a domain part, the root domain is assumed.
search Search list for host-name lookup. The search list is normally determined from the local domain name; by default, it begins with the
local domain name, then successive parent domains that have at least two components in their names. This may be changed by listing
the desired domain search path following the search keyword with spaces or tabs separating the names. Most resolver queries will be
attempted using each component of the search path in turn until a match is found. Note that this process may be slow and will gen-
erate a lot of network traffic if the servers for the listed domains are not local, and that queries will time out if no server is
available for one of the domains.
The search list is currently limited to six domains with a total of 256 characters.
The domain and search keywords are mutually exclusive. If more than one instance of these keywords is present, the last instance will
override.
The keyword and value must appear on a single line, and the keyword (e.g. nameserver) must start the line. The value follows the keyword,
separated by white space.
FILES
/etc/resolv.conf
SEE ALSO
gethostbyname(3N), resolver(3), hostname(7), named(8)
Name Server Operations Guide for BIND
4th Berkeley Distribution December 14, 1989 RESOLVER(5)