[Samba] Multiple Domains and Network Browsing

Jason Gray jgray at bardelanimation.com
Wed Dec 17 02:42:19 GMT 2003 

Hi all,

I have been working on a multi-domain network (2 of them) with one domain
being controlled by Samba/Openldap config and the other a standard Win2k AD.
I have had success getting all computers on the Samba domain to see the
Win2k controller via the Network browser but it does not seem to be working
the other way around.

My network config is split up into two separate VLANs using an extreme
switch (192.168.1.0 and 192.168.1.0).  They talk to each other through a
router, have gateways out to a firewall and then pass into the internet.

Both domains have WINS/DNS/DHCP running.  Each domain has each others
WINS/DNS in their config files.  Both DHCP servers have propagated each
others DNS/WINS to the various workstations (Each DHCP services only one
sub-net).

On workstations within the Win2k domain I can type in the desired
workstation and it does appear or I can search for it.  However, the Domain
container for the SAMBA group is missing on workstations within the Win2k
domain (hope that makes sense).

Below is a version of my smb.conf file:

        server string =
        workgroup = BOGUSGROUP
        netbios name = BOGUSNAME
        null passwords = yes
        passdb backend = ldapsam:ldap://localhost
        log level =1
        add user script = /usr/local/sbin/smbldap-useradd.pl -a -m %u
        add group script = /usr/local/sbin/smbldap-groupadd.pl -g %g
        add machine script = /usr/local/sbin/smbldap-useradd.pl -w %u
        logon path = \{}\{}%L\{}profiles\{}$user
        logon drive = H:
        logon home = \{}\{}%L\{}$user\{}.profiles
        domain logons = yes
        os level = 64
        preferred master =yes
        domain master =  yes
        ldap suffix = dc=group,dc=ca
        ldap machine suffix =
cn=Computers,ou=Systems,sambaDomainName=BOGUSGROUP,dc=group,dc=ca
        ldap user suffix =
cn=Users,ou=People,sambaDomainName=BOGUSGROUP,dc=group,dc=ca
#        ldap group suffix =
cn=Group,ou=Groups,sambaDomainName=BOGUSGROUP,dc=group,dc=ca
        ldap filter = (&(uid=%u)(objectclass=sambaSamAccount))
        ldap admin dn = "cn=Manager,dc=group,dc=ca"
        ldap ssl = no
        idmap uid = 10000-20000
        idmap gid = 10000-20000
        template homedir = /home/%D/%U
        template shell = /bin/bash
        winbind separator = +
        wins support = yes
        wins server = 192.168.2.17, 192.168.1.9
        wins proxy = yes
        dns proxy = yes
        admin users = administrator, root
        remote announce = 192.168.1.9/SAMBADOMAIN
        interfaces = 192.168.2.16/24 192.168.2.17/24

I thought that maybe the remote announce would work but it hasn't seemed to.
The problem is it is hard to tell which domain controller is at fault.  I
don't think that the Samba is the problem.  The WINS on the win2k box was
mangled until recently and the DNS is also flaky (hence the move over to
Samba).  But I have to keep both domains up for the next little while
(production environment) and then we will slowly migrate everyone over.

Any thoughts would be appreciated.

Jason

More information about the samba mailing list