[Samba] Trusted domain problem (maybe networking)

Misty Stanley-Jones misty at borkholder.com
Tue Dec 14 21:39:08 GMT 2004


Additional information embedded below:

On Tuesday 14 December 2004 15:30, Misty Stanley-Jones wrote:
> Hello,
>
> I have spent the afternoon learning how to configure my routers to allow
> directed-broadcast with an access list, so that I can allow two different
> domains on different subnets to trust each other.  Now I can do a broadcast
> ping from either subnet to the other, and I can also do smbclient -L
> <remote_pdc> and get the shares, from one side.  From the other side I
> cannot.  Let me  clarify here.
>
> PDC A is called CORPSRV, controls domain CORP, and has IP address
> 192.168.1.101
> PDC B is called FURNSRV, controls domain FURN, and has IP address
> 192.168.2.3
>
> From CORPSRV, I can broadcast ping to 192.168.2.255 (and 192.168.2.3
> answers) and I can successfully do "smbclient -L FURNSRV".
>
> From FURNSRV, I can broadcast ping to 192.168.1.255, but cannot do
> "smbclient -L CORPSRV".  I get no errors on CORPSRV, but FURNSRV says the
> following: furnsrv:~ # smbclient -L CORPSRV
> Connection to CORPSRV failed
>

I forgot that smbclient looks at the DNS name, not the NETBIOS name.  The DNS 
name of CORPSRV is "oink.corp" for various reasons.  Anyway smbclient -L 
works for the DNS name.  So the above problem is not actually a problem.


> Each PDC is acting as the WINS server for its subnet.    Below are relevant
> portions of the smb.conf files:
>
> CORPSRV
> ---------------------
> wins support = yes
> domain logons = yes
> os level = 100
> preferred master = yes
> domain master = yes
> remote announce = 192.168.2.255/CORP
> remote browse sync = 192.168.2.255
>
> FURNSRV
> ---------------------
> wins support = Yes
> wins proxy = Yes
> os level = 100
> preferred master = yes
> domain master = yes
> local master = yes
> remote announce = 192.168.1.255/FURN
> remote browse sync = 192.168.1.255
> name resolve order = wins bcast host
>
> I can't really remember why I have all the settings on FURNSRV so I didn't
> add them all to CORPSRV just because they are there.  It looks like from
> the docs that I should only have one "wins support = Yes" but I'm not sure
> if that's per subnet or not.  Any advice would be appreciated.

Here is some output from net rpc trustdom commands:
CORPSRV:
oink:/data/samba/log # net rpc trustdom list
Password:
Trusted domains list:
none

Trusting domains list:
FURN
Unable to find a suitable server
domain controller is not responding

oink:/data/samba/log # net rpc trustdom establish FURN
[2004/12/14 16:37:34, 0] utils/net_rpc.c:rpc_trustdom_establish(4328)
  Couldn't find domain controller for domain FURN

FURNSRV:
furnsrv:/usr/local/samba/var/userlog # net rpc trustdom list
Password:
Trusted domains list:
none

Trusting domains list:
CORP
Unable to find a suitable server
domain controller is not responding
furnsrv:/usr/local/samba/var/userlog # net rpc trustdom establish CORP
[2004/12/14 16:38:34, 0] utils/net_rpc.c:rpc_trustdom_establish(4328)
  Couldn't find domain controller for domain CORP

So it does not seem to be a networking issue but more of a Samba configuration 
issue, unless for some odd reason my routers need to also be told to route 
NETBIOS commands.  Do you think so?

Misty

>
> Thanks,
> Misty


More information about the samba mailing list