Snap server in Samba PDC domain

Andrew Bartlett abartlet at pcug.org.au
Wed Nov 28 01:23:05 GMT 2001 

Firstly, don't past HTML to the list...  It makes it harder for people
to answer you...

>     This sounds curiously like the problem that I have right now. I have an NT 4.0 PDC. Samba 2.2.1a is the WINS server. Everything seems to be OK.
>     I use Retrospect Tape Backup (and also have tried Backup Exec to perform tape backups. Backup Exec can not map a drive.) Retrospect will "on again/off again" be able to see
>     mapped drives, but will "lose" the connection after about an hour or so and not be able to reestablish it until I go into Network Neighborhood.

I think the problem here is the use of what Samba calls
'security=server'.  The problem is that the appliance simply uses a 'man
in the middle' approach.  Unfortunetly becouse the appliance did not
genearte the challange, it cannot process the reply, it must pass it
back to the PDC.  But if the PDC 'goes away' in the meantime, you can't
do anything but drop the connection.  You certianly cannot offer any
more authentications.  

These devices are insecure, and broken.

In any case, there may well be a bug in our timeout processing - I've
seen some evidence that we simply ignore the keepalive packets, and I'll
need to look into it a bit futher at some stage.  (If sombody beats me
to it, all the better).

Hope this at least gives you a start on where the problem is.  If
anybody feels up to it, I'm sure its a pretty simple fix.

Andrew Bartlett
  
>     I have looked at the "socket options" SO_KEEPALIVE and the parameter "dead time" in the smb.conf and have tried various values. None seem to correct the problem.
>  
>     I have not found a solution.
> 
>       -----Original Message-----
>       From: samba-admin at lists.samba.org [mailto:samba-admin at lists.samba.org]On Behalf Of Martin Austin
>       Sent: Tuesday, November 27, 2001 5:24 AM
>       To: samba at lists.samba.org
>       Subject: Snap server in Samba PDC domain
> 
>       I've trawled the Archives for assistance with this problem, but all the threads I've found petter out without a solution being posted.
> 
>       We have a Samba 2.2.1a server as a PDC for our network of NT4 and 98 machines. They all get along fine. We have roaming profiles established so people
>       can move around. All no problem. We have a Quantum Snap 2000 server that has all our working directories, which until this week was in a separate
>       workgroup (as the 98 machines accepted both, and the NT machines seemed to be able to tolerate it).
> 
>       About a week ago the NT machines stopped being able to see the workgroup that the Snap server was in, so we migrated it to the domain. Now everyone is
>       happy, except the one NT machine that performs our backups of the Snap. It can see the Snap through Network Neighborhood, but after a while (I guess a
>       few hours but I'm at a loss as to how to prove this) it 'loses' the ability to actually access the folders that the Snap exports. Clicking on a folder in Explorer
>       gives a 'File or folder moved or deleted' dialog.
> 
>       I can't find any errors reported in the Samba logs. The Snap only gives a warning when trying to access user/groups from the Samba PDC ('Failed to connect
>       to IPC$ on domain controller').
> 
>       If I log out and log back in the folders become visible again (but I'm not dedicated enough to be around in the middle of the night when the backup kicks off).
> 
>       Our Samba server is our WINS server. We have a separate DNS server. We have encrypted passwords enabled. We don't do DHCP. The Snap OS is 3.1.x.
>       The Snap reports to be a Lanman 3.1 server clicking on the 'Properties' under Network Neighborhood.
> 
>       Has anyone any suggestions? Is there a TTL in Samba that needs to be increased, and if so, how? Has anyone else ever integrated a Snap into a Samba
>       controlled network?
> 
>       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 
>       Martin Austin                       martin(at)fsc.co.uk 
>       Formal Software Construction Ltd    +44 (0)29 2064 6084 (direct & voice mail) 
>       CBTC                                +44 (0)29 2064 6080 (main office) 
>       Senghenydd Road                     +44 (0)29 2064 7009 (fax) 
>       Cardiff, CF24 4AY, UK  
> 
>       The views of the author may not necessarily constitute the views of
>       Formal Software Construction Limited. Nothing in this email shall bind
>       Formal Software Construction Limited in any contract or obligation.

-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net

More information about the samba mailing list