[Samba] domain-based DFS ?
Davor Vusir
davortvusir at gmail.com
Wed Jul 2 01:32:02 MDT 2014
2014-07-02 9:28 GMT+02:00 Davor Vusir <davortvusir at gmail.com>:
> 2014-07-02 7:44 GMT+02:00 Daniel Müller <mueller at tropenklinik.de>:
>> HI,
>> it will not work with samba4 and smb3!? I have the same definition and I cannot reach my dfs with \\mydomain.name\dfsshare but... and that is the interesting thing from within my old samba3 nt style domain I can reach!! the same \\mydomain.nam\dfsshare without any issues. I can read and write to it...
>> I think this a awesome bug in samba4, because I can proof that within the beta versions it still was possible to reach
>> and act on \\mydomain.name\share without any errors.
>>
>>
>> EDV Daniel Müller
>>
>> Leitung EDV
>> Tropenklinik Paul-Lechler-Krankenhaus
>> Paul-Lechler-Str. 24
>> 72076 Tübingen
>> Tel.: 07071/206-463, Fax: 07071/206-499
>> eMail: mueller at tropenklinik.de
>> Internet: www.tropenklinik.de
>>
>>
>>
>>
>> -----Ursprüngliche Nachricht-----
>> Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] Im Auftrag von steve
>> Gesendet: Dienstag, 1. Juli 2014 21:24
>> An: Davor Vusir
>> Cc: samba at lists.samba.org
>> Betreff: Re: [Samba] domain-based DFS ?
>>
>> On Tue, 2014-07-01 at 20:22 +0200, Davor Vusir wrote:
>>> 2014-07-01 19:56 GMT+02:00 steve <steve at steve-ss.com>:
>>> > On Tue, 2014-07-01 at 19:41 +0200, Davor Vusir wrote:
>>> >> 2014-07-01 16:56 GMT+02:00 steve <steve at steve-ss.com>:
>>> >> > On Tue, 2014-07-01 at 16:32 +0200, L.P.H. van Belle wrote:
>>> >> >> well..
>>> >> >>
>>> >> >> I just did a test with this for steve also.
>>> >> >>
>>> >> >> same result.
>>> >> >>
>>> >> >> \\domain.name\sysvol and netlogon accessable no problems.
>>> >> >>
>>> >> >> \\domain.name\dfs Access denied again? "Network path cannot be found...", 0x8xxxyy35?
>>> >> >>
>>> >> >> \\server1.domain.name\dfs works, but someshare not.
>>> >> >> \\server1.domain.name\dfs\someshare
>>> >> >>
>>> >> >> my steps.
>>> >> >>
>>> >> >> mkdir -p /export/dfsroot
>>> >> >> chown root:root /export/dfsroot
>>> >> >> chmod 755 /export/dfsroot
>>> >> >> ln -s 'msdfs:mem1.internal.domain.tld\someshare'
>>> >> >> /export/dfsroot/someshare
>>> >> >>
>>> >> >> also tried : ln -s 'msdfs:mem1.internal.domain.tld\\someshare'
>>> >> >> /export/dfsroot/someshare
>>> >> >>
>>> >> >>
>>> >> >> smbclient //localhost/dfs -U 'administrator'
>>> >> >> cd someshare
>>> >> >>
>>> >> >> tree connect failed: NT_STATUS_BAD_NETWORK_NAME Unable to follow
>>> >> >> dfs referral [\mem1.internal.domain.tld\] cd \somewhare\:
>>> >> >> NT_STATUS_BAD_NETWORK_NAME
>>> >> >>
>>> >> >> so far for me..
>>> >> >>
>>> >> >> found this one
>>> >> >> https://groups.google.com/forum/#!topic/linux.samba/mi4O5lHE8Vc
>>> >> >> so i think this is not fixed yet...
>>> >> >> there is a patch in this link, but since im on sernet im not trying the patch.
>>> >> >
>>> >> > Yeah, thanks Louis.
>>> >> > This is looking more and more like a time consuming, undocumented
>>> >> > dead end. I'm really tempted to drop it at this point and spend
>>> >> > the time on a proper cluster instead. I get the feeling that this
>>> >> > was always going to be second best, and it only works with windows clients anyway.
>>> >> > Cheers,
>>> >> > Steve
>>> >> >
>>> >>
>>> >> Steve, have you done any testing with smbclient? I noticed that
>>> >> you've got 'kerberos method = system keytab' in alteas smb.conf.
>>> >>
>>> >> smbclient -k -U administrator //hh3.site/dfs/users (-k for
>>> >> kerberos)
>>> >
>>> > Hi Davor
>>> > You can't test domain dfs with smbclient because it requires a cifs
>>> > mount. cifs will only work if you specify a specific server:
>>> >
>>> > smbclient -k -U Administrator //hh3.site/dfs
>>> > ads_krb5_mk_req: smb_krb5_get_credentials failed for
>>> > cifs/hh3.site at SITE (Server not found in Kerberos database)
>>> > cli_session_setup_kerberos: spnego_gen_krb5_negTokenInit failed:
>>> > Server not found in Kerberos database session setup failed:
>>> > NT_STATUS_UNSUCCESSFUL
>>> >
>>> > This of course presents no problem:
>>> > smbclient -k -U Administrator //hh16.hh3.site/dfs Domain=[HH3]
>>> > OS=[Windows 6.1] Server=[Samba 4.2.0pre1-GIT-55c279f]
>>> > smb: \>
>>> >
>>> > and we can go on to access the share on altea fine.
>>> > Cheers,
>>> > Steve
>>> >
>>> >
>>>
>>> I think you´re wrong.
>>>
>>> From member server vastraaros:
>>> admind at vastraaros:~$ smbclient //hem.vusir.se/files -U davor
>>> WARNING: The "idmap backend" option is deprecated
>>> WARNING: The "idmap uid" option is deprecated
>>> WARNING: The "idmap gid" option is deprecated Enter davor's password:
>>> Domain=[VUSIR] OS=[Unix] Server=[Samba 4.1.9]
>>> smb: \> pwd
>>> Current directory is \\hem.vusir.se\files\
>>> smb: \> ls
>>> . D 0 Mon Jun 30 20:18:22 2014
>>> .. D 0 Fri Jun 27 05:51:19 2014
>>> home D 0 Fri Jun 27 19:26:33 2014
>>> familjen D 0 Fri Jun 27 19:26:07 2014
>>> 56212 blocks of size 1048576. 50192 blocks available
>>> smb: \> cd home\davor
>>> smb: \home\davor\> ls
>>> . D 0 Wed Apr 23 07:57:52 2014
>>> .. D 0 Thu Jun 26 22:29:37 2014
>>> _aaa D 0 Sun Oct 20 10:16:27 2013
>>> Links DR 0 Mon Jun 30 21:03:55 2014
>>> AppData D 0 Wed Apr 23 16:15:30 2014
>>> .bash_history H 50 Sun Mar 30 21:45:16 2014
>>> .viminfo H 1745 Mon Apr 7 05:58:08 2014
>>> Documents DR 0 Mon Jun 30 21:03:54 2014
>>> Contacts DR 0 Mon Jun 30 21:03:54 2014
>>> Desktop DR 0 Mon Jun 30 21:03:54 2014
>>> Searches DR 0 Mon Jun 30 21:03:54 2014
>>> Favorites DR 0 Mon Jun 30 21:03:54 2014
>>> 50364 blocks of size 4194304. 27720 blocks available
>>> smb: \home\davor\> pwd
>>> Current directory is \\hem.vusir.se\files\home\davor\
>>> smb: \home\davor\> listconnect
>>> 0: server=hem.vusir.se, share=files
>>> smb: \home\davor\>
>>>
>>> Regards
>>> Davor
>>
>> On our config it treats the domain as the name of the server! Anyway, thanks for your time. We can't spend any longer with this as we are looking for a solution.
>> Thanks again,
>> Steve
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>>
>
> Added uid, uidnumber and gidNumber to every account and group.
> Resulted in access denied to \\vusir.local\dfs\share and home
> directory.
>
> Commented 'idmap_ldb:use rfc2307 = yes'. No change.
>
> Removed uid, uidNumber and gidNumber from relevant accounts and access
> groups. No change.
>
relevant accounts should read test account.
> Removed uid, uidNumber and gidNumber from all accounts and access
> Groups. No change.
>
> Reactivated 'idmap_ldb:use rfc2307 = yes'. No change.
>
> A couple of restarts of the Windows 7 client, AD DC restarts and a
> server reboot. Back in business.
>
> Regards
> Davor
More information about the samba
mailing list