[Samba] Re: problems with DFS

Henrik Beckman henrik.list at gmail.com
Wed Aug 27 15:03:41 GMT 2008 

Seem to be netbios related, after some modifications it now works if server
is accessed through ip address instead of name.
I´m a bit lost now to why normal shares work with \\name\share but not dfs
shares, \\FQDN\share also fails.

\\name\share
0.000000  10.1.20.201 -> 10.1.9.34    SMB Session Setup AndX Request
  0.000024    10.1.9.34 -> 10.1.20.201  TCP microsoft-ds > sunlps-http [ACK]
Seq=1 Ack=1351 Win=11680 Len=0
  0.020134    10.1.9.34 -> 10.1.20.201  SMB Session Setup AndX Response,
Error: STATUS_LOGON_FAILURE
  0.023257  10.1.20.201 -> 10.1.9.34    SMB Session Setup AndX Request
  0.032060    10.1.9.34 -> 10.1.20.201  SMB Session Setup AndX Response,
Error: STATUS_LOGON_FAILURE
  0.216549  10.1.20.201 -> 10.1.9.34    SMB Trans2 Request, QUERY_PATH_INFO,
Query File Basic Info, Path: \it-service
  0.217890    10.1.9.34 -> 10.1.20.201  SMB Trans2 Response, QUERY_PATH_INFO
  0.218327  10.1.20.201 -> 10.1.9.34    SMB Trans2 Request, FIND_FIRST2,
Pattern: \it-service\*
  0.219023    10.1.9.34 -> 10.1.20.201  SMB Trans2 Response, FIND_FIRST2,
Error: STATUS_OBJECT_NAME_NOT_FOUND
  0.240259  10.1.20.201 -> 10.1.9.34    SMB Session Setup AndX Request
  0.256493    10.1.9.34 -> 10.1.20.201  SMB Session Setup AndX Response,
Error: STATUS_LOGON_FAILURE
  0.261364  10.1.20.201 -> 10.1.9.34    SMB Trans2 Request, QUERY_PATH_INFO,
Query File Basic Info, Path: \it-service
  0.262605    10.1.9.34 -> 10.1.20.201  SMB Trans2 Response, QUERY_PATH_INFO
  0.262962  10.1.20.201 -> 10.1.9.34    SMB NT Create AndX Request, Path:
\it-service
  0.263670    10.1.9.34 -> 10.1.20.201  SMB NT Create AndX Response, FID:
0x0000, Error: STATUS_OBJECT_NAME_NOT_FOUND
  0.264969  10.1.20.201 -> 10.1.9.34    SMB Session Setup AndX Request
  0.268266  10.1.20.201 -> 10.1.9.34    SMB NT Cancel Request
  0.268293    10.1.9.34 -> 10.1.20.201  TCP microsoft-ds > sunlps-http [ACK]
Seq=404 Ack=5869 Win=20250 Len=0
  0.276794    10.1.9.34 -> 10.1.20.201  SMB Session Setup AndX Response,
Error: STATUS_LOGON_FAILURE
  0.277419    10.1.9.34 -> 10.1.20.201  SMB NT Trans Response, <unknown>,
Error: STATUS_CANCELLED
  0.277587  10.1.20.201 -> 10.1.9.34    TCP sunlps-http > microsoft-ds [ACK]
Seq=5869 Ack=518 Win=63473 Len=0
  0.278332  10.1.20.201 -> 10.1.9.34    SMB Close Request, FID: 0x1bb7
  0.279072    10.1.9.34 -> 10.1.20.201  SMB Close Response
  0.462238  10.1.20.201 -> 10.1.9.34    TCP sunlps-http > microsoft-ds [ACK]
Seq=5914 Ack=557 Win=63434 Len=0


If accessed by ip address\share
  0.000000  10.1.20.201 -> 10.1.9.34    SMB Trans2 Request, QUERY_PATH_INFO,
Query File Basic Info, Path: \10.1.9.34\drift
  0.001200    10.1.9.34 -> 10.1.20.201  SMB Trans2 Response, QUERY_PATH_INFO
  0.001843  10.1.20.201 -> 10.1.9.34    SMB Trans2 Request, QUERY_FS_INFO,
Query FS Size Info
  0.002971    10.1.9.34 -> 10.1.20.201  SMB Trans2 Response, QUERY_FS_INFO
  0.003553  10.1.20.201 -> 10.1.9.34    SMB Trans2 Request, QUERY_PATH_INFO,
Query File Basic Info, Path: \10.1.9.34\drift\it-service
  0.004300    10.1.9.34 -> 10.1.20.201  SMB Trans2 Response,
QUERY_PATH_INFO, Error: STATUS_PATH_NOT_COVERED
  0.005632  10.1.20.201 -> 10.1.9.34    SMB Trans2 Request,
GET_DFS_REFERRAL, File: \10.1.9.34\drift\it-service\
  0.010468    10.1.9.34 -> 10.1.20.201  SMB Trans2 Response,
GET_DFS_REFERRAL
  0.183732  10.1.20.201 -> 10.1.9.34    TCP scp > microsoft-ds [ACK] Seq=453
Ack=484 Win=63597 Len=0
  3.136382  10.1.20.201 -> 10.1.9.34    SMB NT Cancel Request
  3.137094    10.1.9.34 -> 10.1.20.201  SMB NT Trans Response, <unknown>,
Error: STATUS_CANCELLED
  3.137466  10.1.20.201 -> 10.1.9.34    SMB Close Request, FID: 0x1bf3
  3.138298    10.1.9.34 -> 10.1.20.201  SMB Close Response
  3.356468  10.1.20.201 -> 10.1.9.34    TCP scp > microsoft-ds [ACK] Seq=538
Ack=598 Win=63483 Len=0


On Wed, Aug 27, 2008 at 9:27 AM, Henrik Beckman <henrik.list at gmail.com>wrote:

> Hi,
>
> We have been a samba shop since way back and have used DFS quit a lot the
> last years.
> When we went with security ads instead of domain our dfs died.
> We have tried 3.028(sun) in solaris wich we are leaving and 3.2.1 in linux,
> our migration target.
>
> For our 3.2.1 installation the config looks liket this and the problem
> manifests itself as a empty share.
>
> [Global]
> kernel oplocks = False
> oplocks = False
> level2 oplocks = False
> realm = SGU.SE
> workgroup = SGU
> netbios name = fs4
> server string = fs4
> security = ADS
> use kerberos keytab = true
> password server = ad1 ad2
> wins server = 10.1.9.10 10.1.9.9
> name resolve order = ads hosts wins bcast
>
> map to guest = Bad User
> disable netbios = No
> log level = 5
> client use spnego = Yes
> server signing = auto
> host msdfs = Yes
> #msdfs root = Yes
> ntlm auth = No
> lanman auth = no
>
> dos charset = ISO8859-1
> unix charset = ISO8859-1
>
> winbind trusted domains only = yes
>
> [drift-a]
>         msdfs root = Yes
>         path = /export/dfsroot
>         read only = no
>         guest ok = yes
>
> ls -l in /export/dfsroot
> drift-a -> msdfs:filer2\drift-a
>
> Domain servers are 2008 for, domainlevel is still 2003.
> We have all our users both in Unix LDAP and AD so we map username to
> username, no idmap ranges.
>
>
> HELP!
>
> /Henrik
>
>
>
>
>
>
>
>

More information about the samba mailing list