Linux server registered as DC in WINS

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

This is pretty odd.

We were doing some tests with a Linux server (with Samba)
by adding it to our Active Directory Domain. It turned out
that this server added itself to the "Domain Controller"
record in the WINS servers and many Windows 9x clients
were trying to logon with it.

Off course, we disconnected this server from the lan, and
these Windows 9x clients started to logon appropriately,
however the linux's IP address is still in the Domain
Controller record in WINS.

How can I remove this IP address from this record?
How can we prevent this behavior?
Is it related to some kind of vulnerability?

I'll appreciate your comments.

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:788c01c47686$e4a04360$a301280a@phx.gbl,
VEZF <anonymous@discussions.microsoft.com> asked for help and I offered my
suggestions below:
> This is pretty odd.
>
> We were doing some tests with a Linux server (with Samba)
> by adding it to our Active Directory Domain. It turned out
> that this server added itself to the "Domain Controller"
> record in the WINS servers and many Windows 9x clients
> were trying to logon with it.
>
> Off course, we disconnected this server from the lan, and
> these Windows 9x clients started to logon appropriately,
> however the linux's IP address is still in the Domain
> Controller record in WINS.
>
> How can I remove this IP address from this record?
> How can we prevent this behavior?
> Is it related to some kind of vulnerability?
>
> I'll appreciate your comments.

Interesting. Its registering itself as the master browser for the domain
under the <00> GROUP, which the PDC emulator takes on this function. I would
suggest these settings below to stop it from participating with the browser
service. This is not the first time I've seen this. Samba likes to take over
and can cause problems in a corp environment.

https://listman.redhat.com/archives/phoebe-list/2003-February/msg01301.html
http://www.aei.ca/~pmatulis/pub/samba/samba4.html
http://lists.debian.org/debian-user/1999/02/msg03925.html

Here are some suggestions for your config to stop this:

[global]
> local master = no
> os level = 0
> domain master = no
> preferred master = no
> domain logons = no
> wins support = no
> wins proxy = no
> dns proxy = no

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.
--
=================================

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

Hi - you also have a reply to this post in another group. Please don't
multipost - if you need to post to multiple groups, it's best to crosspost
instead, by posting a single message to a handful of relevant groups
(separate the NG names with commas) so that everyone can follow the thread.
Thanks

See http://www.blakjak.demon.co.uk/mul_crss.htm

VEZF wrote:
> This is pretty odd.
>
> We were doing some tests with a Linux server (with Samba)
> by adding it to our Active Directory Domain. It turned out
> that this server added itself to the "Domain Controller"
> record in the WINS servers and many Windows 9x clients
> were trying to logon with it.
>
> Off course, we disconnected this server from the lan, and
> these Windows 9x clients started to logon appropriately,
> however the linux's IP address is still in the Domain
> Controller record in WINS.
>
> How can I remove this IP address from this record?
> How can we prevent this behavior?
> Is it related to some kind of vulnerability?
>
> I'll appreciate your comments.

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:%23lRsVawdEHA.2812@tk2msftngp13.phx.gbl,
Lanwench [MVP - Exchange]
<lanwench@heybuddy.donotsendme.unsolicitedmail.atyahoo.com> asked for help
and I offered my suggestions below:
> Hi - you also have a reply to this post in another group. Please don't
> multipost - if you need to post to multiple groups, it's best to
> crosspost instead, by posting a single message to a handful of
> relevant groups (separate the NG names with commas) so that everyone
> can follow the thread. Thanks
>
> See http://www.blakjak.demon.co.uk/mul_crss.htm
>

Lanwench, where else was this posted? Same answers too?

Ace

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

Ace Fekay [MVP] wrote:
> In news:%23lRsVawdEHA.2812@tk2msftngp13.phx.gbl,
> Lanwench [MVP - Exchange]
> <lanwench@heybuddy.donotsendme.unsolicitedmail.atyahoo.com> asked for
> help and I offered my suggestions below:
>> Hi - you also have a reply to this post in another group. Please
>> don't multipost - if you need to post to multiple groups, it's best
>> to crosspost instead, by posting a single message to a handful of
>> relevant groups (separate the NG names with commas) so that everyone
>> can follow the thread. Thanks
>>
>> See http://www.blakjak.demon.co.uk/mul_crss.htm
>>
>
> Lanwench, where else was this posted? Same answers too?
>
> Ace

I see you found it!

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:%23jArtv2dEHA.1644@tk2msftngp13.phx.gbl,
Lanwench [MVP - Exchange]
<lanwench@heybuddy.donotsendme.unsolicitedmail.atyahoo.com> asked for help
and I offered my suggestions below:
>
> I see you found it!

Yes! I was bouncing around different groups and stubled upon it. Maybe in
the future if I see anymore multiposts, I'll cross post my responses...