Linux server registered as DC in WINS

[VEZF]

This is pretty odd.

We were doing some tests with a Linux server (with Samba)
by adding it to our Active Directory Domain. It turned out
that this server added itself to the "Domain Controller"
record in the WINS servers and many Windows 9x clients
were trying to logon with it.

Off course, we disconnected this server from the lan, and
these Windows 9x clients started to logon appropriately,
however the linux's IP address is still in the Domain
Controller record in WINS.

How can I remove this IP address from this record?
How can we prevent this behavior?
Is it related to some kind of vulnerability?

I'll appreciate your comments.

 

[Ace Fekay [MVP]]

In

This is pretty odd.

We were doing some tests with a Linux server (with Samba)
by adding it to our Active Directory Domain. It turned out
that this server added itself to the "Domain Controller"
record in the WINS servers and many Windows 9x clients
were trying to logon with it.

Off course, we disconnected this server from the lan, and
these Windows 9x clients started to logon appropriately,
however the linux's IP address is still in the Domain
Controller record in WINS.

How can I remove this IP address from this record?
How can we prevent this behavior?
Is it related to some kind of vulnerability?

I'll appreciate your comments.

Interesting. Its registering itself as the master browser for the domain
under the <00> GROUP, which the PDC emulator takes on this function. I would
suggest these settings below to stop it from participating with the browser
service. This is not the first time I've seen this. Samba likes to take over
and can cause problems in a corp environment.

https://listman.redhat.com/archives/phoebe-list/2003-February/msg01301.html
http://www.aei.ca/~pmatulis/pub/samba/samba4.html
http://lists.debian.org/debian-user/1999/02/msg03925.html

Here are some suggestions for your config to stop this:

[global]

local master = no
os level = 0
domain master = no
preferred master = no
domain logons = no
wins support = no
wins proxy = no
dns proxy = no

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.

 

[Lanwench [MVP - Exchange]]

Hi - you also have a reply to this post in another group. Please don't
multipost - if you need to post to multiple groups, it's best to crosspost
instead, by posting a single message to a handful of relevant groups
(separate the NG names with commas) so that everyone can follow the thread.
Thanks

See http://www.blakjak.demon.co.uk/mul_crss.htm

 

[Ace Fekay [MVP]]

In Lanwench [MVP - Exchange]

Hi - you also have a reply to this post in another group. Please don't
multipost - if you need to post to multiple groups, it's best to
crosspost instead, by posting a single message to a handful of
relevant groups (separate the NG names with commas) so that everyone
can follow the thread. Thanks

See http://www.blakjak.demon.co.uk/mul_crss.htm

Lanwench, where else was this posted? Same answers too?

Ace

 

[Lanwench [MVP - Exchange]]

In Lanwench [MVP - Exchange]

Hi - you also have a reply to this post in another group. Please
don't multipost - if you need to post to multiple groups, it's best
to crosspost instead, by posting a single message to a handful of
relevant groups (separate the NG names with commas) so that everyone
can follow the thread. Thanks

See http://www.blakjak.demon.co.uk/mul_crss.htm

Lanwench, where else was this posted? Same answers too?

Ace

I see you found it!

 

[Ace Fekay [MVP]]

In Lanwench [MVP - Exchange]

I see you found it!

Yes! I was bouncing around different groups and stubled upon it. Maybe in
the future if I see anymore multiposts, I'll cross post my responses...