Univention Bugzilla – Bug 40378
Windows client join via netbios workgroup name fails in UCS 4.1
Last modified: 2016-10-06 12:36:26 CEST
Windows client join via netbios workgroup name fails in UCS 4.1. So join to DOMAIN fails but join to domain.local works. The client error message is pretty generic: "Der angegebene Netzwerkname ist nicht mehr erreichbar" ("The network name cannot be found"). A tcpdump shows that the client receives no answer to its SAM LOGON request from the DC. At samba/debug/level=10 the logs show that the \MAILSLOT\NET\NETLOGON is received by nmbd, but that seems to be the dead end. In UCS 4.0-4 this still works and the logs show that the nmbd performs a typical netlogon LDAP search against the local SAM rootDSE. Somehow this doesn't happen in UCS 4.1-0.
Created attachment 7394 [details] univention-samba-debug-20141126162601.pcap This is basically what happens in UCS 4.0-4: ===================== log.nmbd ===================== [2014/11/26 16:26:23.491690, 4, pid=9882, effective(0, 0), real(0, 0)] ../source3/nmbd/nmbd_packets.c:1295(process_dgram) process_dgram: datagram from WIN7PRO2<00> to AR40I1<1c> IP 10.200.8.232 for \MAILSLOT\NET\NETLOGON of type 18 len=63 [2014/11/26 16:26:23.492470, 1, pid=9882, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) &request: struct nbt_netlogon_packet command : LOGON_SAM_LOGON_REQUEST (18) req : union nbt_netlogon_request(case 18) logon: struct NETLOGON_SAM_LOGON_REQUEST request_count : 0x0000 (0) computer_name : 'WIN7PRO2' user_name : '' mailslot_name : '\MAILSLOT\NET\GETDC174' acct_control : 0x00000000 (0) sid_size : 0x00000000 (0) _pad : DATA_BLOB length=0 sid : S-0-0 nt_version : 0x0000000b (11) 1: NETLOGON_NT_VERSION_1 1: NETLOGON_NT_VERSION_5 0: NETLOGON_NT_VERSION_5EX 1: NETLOGON_NT_VERSION_5EX_WITH_IP 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL 0: NETLOGON_NT_VERSION_PDC 0: NETLOGON_NT_VERSION_IP 0: NETLOGON_NT_VERSION_LOCAL 0: NETLOGON_NT_VERSION_GC lmnt_token : 0xffff (65535) lm20_token : 0xffff (65535) ===================== log.samba ===================== [2014/11/26 16:26:23.493511, 10, pid=9989, effective(0, 0), real(0, 0), class=ldb] ../lib/ldb-samba/ldb_wrap.c:72(ldb_wrap_debug) ldb: ldb_trace_request: SEARCH dn: <rootDSE> scope: base expr: (&(NtVer=\0B\00\00\00)(Host=WIN7PRO2)(AAC=\00\00\00\00)) attr: NetLogon control: <NONE> [and some more..] ====================== log.nmbd ===================== [2014/11/26 16:26:23.532318, 1, pid=9882, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX command : LOGON_SAM_LOGON_RESPONSE_EX (23) sbz : 0x0000 (0) server_type : 0x000003fd (1021) 1: NBT_SERVER_PDC 1: NBT_SERVER_GC 1: NBT_SERVER_LDAP 1: NBT_SERVER_DS 1: NBT_SERVER_KDC 1: NBT_SERVER_TIMESERV 1: NBT_SERVER_CLOSEST 1: NBT_SERVER_WRITABLE 1: NBT_SERVER_GOOD_TIMESERV 0: NBT_SERVER_NDNC 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 0: NBT_SERVER_FULL_SECRET_DOMAIN_6 0: NBT_SERVER_ADS_WEB_SERVICE 0: NBT_SERVER_HAS_DNS_NAME 0: NBT_SERVER_IS_DEFAULT_NC 0: NBT_SERVER_FOREST_ROOT domain_uuid : 3395e01f-996b-4b9c-8905-e0e3d825ca1d forest : 'ar40i1.qa' dns_domain : 'ar40i1.qa' pdc_dns_name : 'master50.ar40i1.qa' domain_name : 'AR40I1' pdc_name : 'MASTER50' user_name : '' server_site : 'Default-First-Site-Name' client_site : 'Default-First-Site-Name' sockaddr_size : 0x10 (16) sockaddr: struct nbt_sockaddr sockaddr_family : 0x00000002 (2) pdc_ip : 10.200.8.50 remaining : DATA_BLOB length=8 [0000] 00 00 00 00 00 00 00 00 ........ next_closest_site : NULL nt_version : 0x0000000d (13) 1: NETLOGON_NT_VERSION_1 0: NETLOGON_NT_VERSION_5 1: NETLOGON_NT_VERSION_5EX 1: NETLOGON_NT_VERSION_5EX_WITH_IP 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL 0: NETLOGON_NT_VERSION_PDC 0: NETLOGON_NT_VERSION_IP 0: NETLOGON_NT_VERSION_LOCAL 0: NETLOGON_NT_VERSION_GC lmnt_token : 0xffff (65535) lm20_token : 0xffff (65535) [2014/11/26 16:26:23.532651, 4, pid=9882, effective(0, 0), real(0, 0)] ../source3/nmbd/nmbd_packets.c:2129(send_mailslot) send_mailslot: Sending to mailslot \MAILSLOT\NET\GETDC174 from MASTER50<00> IP 10.200.8.50 to WIN7PRO2<00> IP 10.200.8.232 The attached tcpdump shows the corresponding network trace of the successful join. In contrast: In UCS 4.1-0 there is no corresponding activity in log.samba. I also tried with samba/interfaces/bindonly=yes samba/interfaces=eth0.
Does it still occur?
Just checked, works. I guess the docker interface might have interfered in 4.0.
In 4.1..