SAMBA again

Aaron Grewell AGrewell
Tue Nov 29 12:58:48 PST 2005 

> The whole name system here is odd. They use a NAT. Machines that are
> externally available are not available internally by their externally
> known address. This means that they have a local DNS that tells where
> these machines are. So, I manage my own DNS for the opq.se domain, which
> is these days behind their NAT. (We were bought out a bit back.)
> Externally, the opq.se DNS works as expected. Internally, I have to tell
> the IT guy what addresses are in my DNS so he can add them to the local
> name system using their internal addresses. I would have thought that
> the NAT would have handled this directly. But, that is not how it is
> done.
> 

Ah, OK.  Here's the thing: are all the local machines behind the same
NAT?  NetBIOS packets and NAT do not play nice at all.  WINS packets
carry their address in both the body and the header, so they cannot be
translated without a special protocol handler.  If your WINS server is
on the other side of the NAT from your Linux box you may as well write
off WINS resolution altogether.  It's DNS or nothing at that point.

> One additional question: I have asked the IT guy here for a 'machine
> account' in the active directory. He is looking in to it. The SAMBA docs
> are a bit sketchy on this, but is the very act of the admin logging in
> from my machine what it takes to create the machine account? The docs
> mention many steps, but I think the assume that I know the relationship
> between them. When it come to the MS part, this is a bad assumption.
> 

There's two ways a machine can be added to the domain:
1) From the requesting computer.  This is part of what 'net ads join'
does.  It will create a machine account as part of the process, but you
need special permissions in order for this to work.

2) From the domain.  This should be easier, since the admin will create
the machine account so you don't need special permissions.  Your 'net
ads join' command should work using your normal NT user account without
the need for the Windows admin to give additional permissions.

To test your connection to the domain, use 'net ads testjoin' once 'net
ads join' has completed.

More information about the Linux-users mailing list