[Samba] XP Clients, Netbios aliases and msdfs

Barry, Christopher cbarry at infiniconsys.com
Sun Apr 11 03:43:52 GMT 2004

Greetings list,
	I've looked high and low, and cannot find an instance of this
particular situation, and thought I might try leveraging the power of
the collective hive mind of the user community to solve this problem.

	My setup is likely not at all common. I've created a bunch of
netbios aliases on a single linux box. Each alias has the same name as a
particular windows group, like hr and documentation, and software and
engineering. I have a script that syncronizes my Windows and nis domains
for users and groups, with a samba valid user list for each server based
upon their group. I use a logon script that parses a users particular
windows groups, and maps like named aliased \\servers\shares to their
assigned drives. Each aliased server is the root of an individual msdfs
tree. This allows me to totally abstract the locations of data,
effectively hiding from, and freeing the user from wondering where their
stuff is. My samba auth scheme is domain, and I'm running 3.0.2a.

	As an example, if I'm in the software and documentation groups,
I automagically map two drives: I map \\software\software to my S:
drive, and \\documentation\documentation to my M: drive.
Under the software share I give access to cvs located on one machine,
dev tools on another, and other things from other machines needed by
software folks, etc. Same for the documentation. All stuff needed by a
particular group is hanging under a single drive named for the group.
This simplifies the life of users, and organizes the data they need in a
single tree.

	For Win2k this works as advertised. For XP however, it would
appear that it tries to individually understand each alias as an
individual box, and when it's SID does not jive with the real hostname,
it disallows access. I've narrowed the problem down to an alias thing.
An interesting clue is that XP resolves the server string message for
the aliases, while Win2k does not. My feeling is a methodology needs to
be developed to give each alias it's own SID or a separate secrets.tdb.
Maybe the functionality could be added to the net command to trick the
windows domain into thinking that the alias is a real separate machine.

	Has anyone tried this configuration and gotten it to work? And
if so, how have you resolved it?

Christopher Barry
Manager of Information Systems
InfiniCon Systems

More information about the samba mailing list