cross-subnet authentication

Simo Sorce simo.sorce at polimi.it
Mon Jul 24 07:50:35 GMT 2000 

Iain Rae wrote:
> 
> Lars Kneschke wrote:
> >
> > Philip Ciufo wrote:
> > >
> > > I've been using samba for a while now as a PDC and now require to move
> > > several NT workstations into a new subnet, one that is different from the
> > > subnet the PDC resides in. I tried the move already and the workstation
> > > comes up with the error "a pdc for the domain could not be found". I
> > > placed an entry in the lmhosts file of the workstation and this made no
> > > difference.
> > >
> > > I ran samba with a higher log level, but have lost the logs. However, I
> > > did see a "rejecting dgram ..." message of sort in the nmbd log file. I
> > > can reproduce the error, so if anyone feels I really need the log file
> > > then I can post it.
> > >
> > > My issue here is really if anyone has had a samba PDC in A.B.C.any
> > > subnet and the workstation in A.B.D.any subnet and been able to get the
> > > workstation to authenticate? If so, was there anything special you had to
> > > do?
> > If you have Windows workstations in different subnets then the pdc you
> > need a wins server. It makes no difference if the pdc is a windows nt or
> > samba server. Samba acts as wins server, when you set the parameter
> > "wins support = yes" in the global section of your smb.conf.
> >
> > Why do you need a wins server?
> >
> > With out wins, the windows workstation finds it's pdc, sending
> > broadcasts. But a router normaly doesn't route broadcast. So no
> > workstation in another subnet then the pdc, will find the pdc.
> > If you are using a wins server, the client registers itself and his
> > function(pdc, domainmasterbrowser, local masterbrowser) at the wins
> > server. If the client searches his pdc, it will ask the wins server,
> > which gives him the ip address of the pdc.
> > You need to configure the windows workstation to use wins.
> >
> > Cu
> <nods> Lars is right, if you configure your samba as a wins server and
> point the NT PC's at it they will be able to see the PDC (you should be
> able to do cross subnet browsing as well), we have a couple of labs that
> run happily like this, if you need examples of the smb.conf files we use
> then e-mail me.
> 

Another option to check is also the "host allow =".
Be sure you permit your NT workstation to connect!
host allow may be blank but usually contains the IP numbers of the
machines allowed to connect.
ex: host allow = 127. 192.168.1. 10.0.0.2
    127. is the field that permit loopback connections (necessary)
    192.168.1. permit access from the whole 192.168.1 network
    10.0.0.2 permit access specifically from this address.

if you have a host allow option be sure your new network is listed.


-- 
Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano
E-mail: simo.sorce at polimi.it
Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451
-----------------------------------------------------------------
Be happy, use Linux!

More information about the samba-ntdom mailing list