[Samba] cross subnet browsing/domain logon problem

John Twyman j.twyman at es.usyd.edu.au
Wed Mar 5 03:58:19 GMT 2003

Dear all,

I'm having great difficulty getting cross-subnet domain logon & browsing to 
work and have nearly reached the end of my sanity trying to figure out 
what's wrong. Here's my setup and what's happening (apologies if it is 

Subnet A
One Samba PDC with encrypted passwords.
One samba file server

Subnet B
One Samba file server (serverB) that is the *local master* for subnet B 
with encrypted passwords and security=domain.

I have added serverB to the domain by successfully running smbpasswd -j 
DOMAIN -r PDC -U admin%adminpasswd

I can run smbclient //serverB/homes from Subnet A with success.
I can get Windows 9x machines in Subnet A to successfully mount 
//serverB/homes via a startup script executed during logon.
I can get a WinXP machine in Subnet B to authenticate against the PDC 
however no startup script is executed.
I can run smbclient -L localhost from serverB with success, although no 
Master is specified for the workgroup DOMAIN. Also, the homes share does 
not appear in the list of available shares, just a public share, a printer 
share & IPC$ & ADMIN$

I canNOT get a Win 9x machine in Subnet B to find the PDC for domain logon 
authentication, despite it being specified as the WINS server in its 
networking config.
I canNOT run smbclient //serverB/homes from serverB itself, nor smbclient 
-L //serverB. Here's what I get:

Got a positive name query response from PDC_IP ( serverB IP )
session request to serverB failed (Not listening for calling name)
Got a positive name query response from PDC_IP ( serverB IP )
session request to *SMBSERVER failed (Not listening for calling name)

Looking through the nmbd daemon log files on serverB I find the following:

Samba name server serverB is now a local master browser for workgroup DOMAIN
   Unable to find the Domain Master Browser name DOMAIN<1b> for the 
workgroup DOMAIN.
   Unable to sync browse lists in this workgroup.

Running nmblookup -MT DOMAIN also fails, stating "name_query failed to find 
name DOMAIN#1d"

I have the IP address of the PDC specified in serverB's remote browse sync 
directive in smb.conf
Conversely, the IP address of serverB is specified in the PDC's remote 
browse sync directive.

serverB is RedHat 7.3 running the samba 2.2.7-1.7.3 rpm
PDC is RedHat 8.0 running the samba 2.2.7-2 rpm

There are no firewalls or Access Control Lists in place on the router that 
might stop packets from travelling between the subnets.
Below I've included the relevant directives from the PDC smb.conf and the 
serverB smb.conf file:

PDC smb.conf


workgroup = DOMAIN
security = user
encrypt passwords = yes
smb passwd file = /path/to/smbpasswd
remote browse sync = a.b.c.d (ip of serverB)
remote announce = a.b.c.255 (broadcast address for Subnet B)
local master = yes
domain master = yes
preferred master = yes
domain logons = yes
logon drive = U:
wins support = yes
wins proxy = yes

serverB smb.conf


workgroup = DOMAIN
security = domain
password server = PDC_Name (I've also tried specifying the IP address of 
the PDC here too)
encrypt passwords = yes
smb passwd file = /path/to/smbpasswd (commenting this line out has made no 
difference either)
remote browse sync = a.b.e.f (ip of PDC)
remote announce = a.b.e.255 (broadcast address for Subnet A)
local master = yes
domain master = no
preferred master = yes
wins server = a.b.e.f (ip of PDC)
name resolve order = wins lmhosts host bcast (the PDC is listed in the lmhosts)


Any help would truly be appreciated.

Many thanks,

john twyman
school of geosciences
university of sydney
m: +61 401 992 836
e: j.twyman at es.usyd.edu.au

More information about the samba mailing list