22:54 - Thursday, 24 April 2014

Linux AD Workstations Not Populated In Domain Master Browser

We have a mixed environment with a Windows 2008 Server as a DC and Linux/Windows/OS X workstations/servers joined to the domain. The problem is the joins (domain memberships) are OK, browsing works, PAM authentication on Linux based on winbind works but some (not all) Linux computers are not showing in the master computer browser for the domain.

All of our Linux servers/ workstations are running CentOS 5.8/RHEL 5.8/ CentOS 6 or RHEL 6. This is the nbtstat output of a Linux server that works:

C:Usersrchhetri>nbtstat -a xlxudtLocal Area Connection:Node IpAddress: [] Scope Id: []NetBIOS Remote Machine Name Table   Name               Type         Status---------------------------------------------xLXUDT        UNIQUE      RegisteredxLXUDT        UNIQUE      RegisteredxLXUDT        UNIQUE      RegisteredDOMAIN           GROUP       RegisteredDOMAIN           GROUP       RegisteredMAC Address = 00-00-00-00-00-00C:Usersrchhetri>net view \XlxudtShared resources at \xlxudtRHE MainframeShare name  Type  Used as  Comment-------------------------------------------------------------------------------Data        Disk           DataData2       Disk           Data2Data3       Disk           Data3HOLD        Disk  Z:       Holdpldfiles    Disk           pldfilesud72        Disk           ud72vertex      Disk           vertexThe command completed successfully.

And this is for a server that does not populate the computer master browser:

C:Usersrchhetri>nbtstat -a xlx0Local Area Connection:Node IpAddress: [] Scope Id: []    Host not found.C:Usersrchhetri>net view \xlx0Shared resources at \xlx0Samba Server Version 3.5.10-114.el6Share name  Type  Used as  Comment-------------------------------------------------------------------------------homes       Disk           Home Directoriespublic      Disk           Public Stuffrchhetri    Disk           Home Directoriesxfer        Disk           All UsersThe command completed successfully.

The samba configurations for both servers are same. We are also running a wins server in the DC. From our samba clients, this is for the one that works:

smbclient -L localhost -U rchhetriPassword: Domain=[x] OS=[Unix] Server=[Samba 3.0.33-3.39.el5_8]    Sharename       Type      Comment    ---------       ----      -------    Data            Disk      Data    Data2           Disk      Data2    Data3           Disk      Data3    HOLD            Disk      Hold    ud72            Disk      ud72    pldfiles        Disk      pldfiles    vertex          Disk      vertex    IPC$            IPC       IPC Service (RHE Mainframe)Domain=[x] OS=[Unix] Server=[Samba 3.0.33-3.39.el5_8]    Server               Comment    ---------            -------    xDC1              COPS    xLXUDT            RHE Mainframe    Workgroup            Master    ---------            -------    x                 xDC1

And the one that does not work:

smbclient -L localhost -U rchhetriEnter rchhetri's password: Domain=[x] OS=[Unix] Server=[Samba 3.5.10-114.el6]    Sharename       Type      Comment    ---------       ----      -------    homes           Disk      Home Directories    xfer            Disk      All Users    public          Disk      Public Stuff    IPC$            IPC       IPC Service (Samba Server Version 3.5.10-114.el6)    rchhetri        Disk      Home DirectoriesDomain=[x] OS=[Unix] Server=[Samba 3.5.10-114.el6]    Server               Comment    ---------            -------    Workgroup            Master    ---------            -------

Our samba configs are same but the samba versions above are different (3.0 and 3.5). We have another Samba 3.5 domain member that works perfectly.

Steps that I have done:

  1. Confirmed that both forward and reverse zones in the DNS of the
    domain are populated.
  2. Even added static wins entries to see if it
  3. Rejoined all domain members with this problem to the domain
  4. net ads dns register for all domain members with problems.

What should I do next to solve this netbios problem?

Do you have any logs showing problems or errors with the member servers running Samba 3.0.33? Is this problem, by chance, occurring only on the older version or are both version exhibiting this behavior?

I know there are known issues with how older versions of Samba handle authentication with Windows Server 2008 up to version 3.3 We’ve had issues with that exact version of Samba (3.0.33) and our solution was to simply upgrade to 3.5. In our case, we would lose domain joins, or, just like you describe, the member server would not populate.

Errors we saw were “NT Missing Parameter,” and “NT ACCESS DENIED” errors.