[jcifs] Re: Exception when connecting to DFS share

Michael B Allen miallen at ioplex.com
Fri Sep 14 17:59:18 GMT 2007

On Fri, 14 Sep 2007 16:34:20 +0000 (UTC)
Eric Mitchell <eric.mitchell at wellsfargo.com> wrote:

> > Hi Eric,
> > 
> > Find out which server hosts the DFS root and try to list it's shares
> > directly (e.g. ListFiles on smb://server100.our.domain.name.corp/).
> > 
> > > Is there anything else I can collect that may indicate where the issue 
> lies?
> > > Based on this configuration, I think everything should work.. but I just 
> can't 
> > > see what I'm missing.
> > 
> > I agree. It should work. Maybe there's still another DFS MO that I
> > haven't seen yet (e.g. clients are getting info using LDAP).
> > 
> > Mike
> > 
> Hi Mike, I have some interesting results...
> The DFS Root connection works to 
> smb://fileservername.our.domain.corp/dfs_rootname/

That's not what I asked. What happends when you try ListFiles on
smb://fileservername.our.domain.corp/ where fileservername is the server
hosting the DFS root - is the DFS root share listed?

> And it is also retrieving the referrals correctly with this method.. for 
> example: smb://fileservername.our.domain.corp/dfs_rootname/testdir1/ 
> successfully retrieves a file list where /testdir1 resides on 
> smb://filserver2.our.domain.corp/testdir1/. However the dfs_root namespace is 
> a domain based DFS namespace - and by using fileserver1.our.domain.corp - I 
> would be loosing redundancy if fileserver1 is lost.
> >From my understanding, a domain based dfs has its namespace metadata stored in 
> the active directory, and all of the domain controllers retrieve this metadata 
> (via an AD lookup) and cache it to pass to client requests (when requesting 
> smb://our.domain.corp/dfs_rootname/ for example)
> I could be wrong, but I don't think (and I hope there isn't) any ldap query 
> expected between the client and the domain controllers. 
> When the jcifs client calls on smb:/our.domain.corp/dfs_root/ it is expecting 
> to receive a list of all domain controllers, then queries (via RPC$ perhaps?) 
> the domain controllers for the /dfs_root referrals.  Any ldap dependencies 
> should only be between the DC's and the dfs_namespace stored in active 
> directory - no?
> So right now I know that going to a fully qualified servername/dfs_root I do 
> get the referals to other servers that are sharing within the same dfs 
> namespace. But when going to the fully qualified domain name/dfs_root - I am 
> getting connections to a large list of domain controllers, but not 
> successfully proceeding beyond that point. Is this due to a difference in the 
> referal information the client recieves between these two methods 
> (server1.our.domain.corp vs our.domain.corp)? 

You're thinking too much. Lets do a diagnosis first.


Michael B Allen
PHP Active Directory Kerberos SSO

More information about the jcifs mailing list