[jcifs] Re: Exception when connecting to DFS share
Michael B Allen
miallen at ioplex.com
Fri Sep 14 17:59:18 GMT 2007
On Fri, 14 Sep 2007 16:34:20 +0000 (UTC)
Eric Mitchell <eric.mitchell at wellsfargo.com> wrote:
> > Hi Eric,
> > Find out which server hosts the DFS root and try to list it's shares
> > directly (e.g. ListFiles on smb://server100.our.domain.name.corp/).
> > > Is there anything else I can collect that may indicate where the issue
> > > Based on this configuration, I think everything should work.. but I just
> > > see what I'm missing.
> > I agree. It should work. Maybe there's still another DFS MO that I
> > haven't seen yet (e.g. clients are getting info using LDAP).
> > Mike
> Hi Mike, I have some interesting results...
> The DFS Root connection works to
That's not what I asked. What happends when you try ListFiles on
smb://fileservername.our.domain.corp/ where fileservername is the server
hosting the DFS root - is the DFS root share listed?
> And it is also retrieving the referrals correctly with this method.. for
> example: smb://fileservername.our.domain.corp/dfs_rootname/testdir1/
> successfully retrieves a file list where /testdir1 resides on
> smb://filserver2.our.domain.corp/testdir1/. However the dfs_root namespace is
> a domain based DFS namespace - and by using fileserver1.our.domain.corp - I
> would be loosing redundancy if fileserver1 is lost.
> >From my understanding, a domain based dfs has its namespace metadata stored in
> the active directory, and all of the domain controllers retrieve this metadata
> (via an AD lookup) and cache it to pass to client requests (when requesting
> smb://our.domain.corp/dfs_rootname/ for example)
> I could be wrong, but I don't think (and I hope there isn't) any ldap query
> expected between the client and the domain controllers.
> When the jcifs client calls on smb:/our.domain.corp/dfs_root/ it is expecting
> to receive a list of all domain controllers, then queries (via RPC$ perhaps?)
> the domain controllers for the /dfs_root referrals. Any ldap dependencies
> should only be between the DC's and the dfs_namespace stored in active
> directory - no?
> So right now I know that going to a fully qualified servername/dfs_root I do
> get the referals to other servers that are sharing within the same dfs
> namespace. But when going to the fully qualified domain name/dfs_root - I am
> getting connections to a large list of domain controllers, but not
> successfully proceeding beyond that point. Is this due to a difference in the
> referal information the client recieves between these two methods
> (server1.our.domain.corp vs our.domain.corp)?
You're thinking too much. Lets do a diagnosis first.
Michael B Allen
PHP Active Directory Kerberos SSO
More information about the jcifs