[Samba] Trusted domain problem (maybe networking)
Misty Stanley-Jones
misty at borkholder.com
Tue Dec 14 21:39:08 GMT 2004
Additional information embedded below:
On Tuesday 14 December 2004 15:30, Misty Stanley-Jones wrote:
> Hello,
>
> I have spent the afternoon learning how to configure my routers to allow
> directed-broadcast with an access list, so that I can allow two different
> domains on different subnets to trust each other. Now I can do a broadcast
> ping from either subnet to the other, and I can also do smbclient -L
> <remote_pdc> and get the shares, from one side. From the other side I
> cannot. Let me clarify here.
>
> PDC A is called CORPSRV, controls domain CORP, and has IP address
> 192.168.1.101
> PDC B is called FURNSRV, controls domain FURN, and has IP address
> 192.168.2.3
>
> From CORPSRV, I can broadcast ping to 192.168.2.255 (and 192.168.2.3
> answers) and I can successfully do "smbclient -L FURNSRV".
>
> From FURNSRV, I can broadcast ping to 192.168.1.255, but cannot do
> "smbclient -L CORPSRV". I get no errors on CORPSRV, but FURNSRV says the
> following: furnsrv:~ # smbclient -L CORPSRV
> Connection to CORPSRV failed
>
I forgot that smbclient looks at the DNS name, not the NETBIOS name. The DNS
name of CORPSRV is "oink.corp" for various reasons. Anyway smbclient -L
works for the DNS name. So the above problem is not actually a problem.
> Each PDC is acting as the WINS server for its subnet. Below are relevant
> portions of the smb.conf files:
>
> CORPSRV
> ---------------------
> wins support = yes
> domain logons = yes
> os level = 100
> preferred master = yes
> domain master = yes
> remote announce = 192.168.2.255/CORP
> remote browse sync = 192.168.2.255
>
> FURNSRV
> ---------------------
> wins support = Yes
> wins proxy = Yes
> os level = 100
> preferred master = yes
> domain master = yes
> local master = yes
> remote announce = 192.168.1.255/FURN
> remote browse sync = 192.168.1.255
> name resolve order = wins bcast host
>
> I can't really remember why I have all the settings on FURNSRV so I didn't
> add them all to CORPSRV just because they are there. It looks like from
> the docs that I should only have one "wins support = Yes" but I'm not sure
> if that's per subnet or not. Any advice would be appreciated.
Here is some output from net rpc trustdom commands:
CORPSRV:
oink:/data/samba/log # net rpc trustdom list
Password:
Trusted domains list:
none
Trusting domains list:
FURN
Unable to find a suitable server
domain controller is not responding
oink:/data/samba/log # net rpc trustdom establish FURN
[2004/12/14 16:37:34, 0] utils/net_rpc.c:rpc_trustdom_establish(4328)
Couldn't find domain controller for domain FURN
FURNSRV:
furnsrv:/usr/local/samba/var/userlog # net rpc trustdom list
Password:
Trusted domains list:
none
Trusting domains list:
CORP
Unable to find a suitable server
domain controller is not responding
furnsrv:/usr/local/samba/var/userlog # net rpc trustdom establish CORP
[2004/12/14 16:38:34, 0] utils/net_rpc.c:rpc_trustdom_establish(4328)
Couldn't find domain controller for domain CORP
So it does not seem to be a networking issue but more of a Samba configuration
issue, unless for some odd reason my routers need to also be told to route
NETBIOS commands. Do you think so?
Misty
>
> Thanks,
> Misty
More information about the samba
mailing list