[Samba] Problems using multiple Samba servers in a Win2003 AD domain

Mike Leone turgon at mike-leone.com
Sun May 2 14:07:35 MDT 2010


I've been at this for days, and making no headway. It's very
discouraging. I have a Win2003 domain, that has the Services for Unix
extensions installed. I am trying to have multiple Samba servers as
domain members. (in my case, one desktop sharing files, and one laptop,
accessing the shares). And at the moment, it doesn't (fully) work.

Each Samba server can see shares from the other. Windows clients can see
and mount shares from each Samba server. Each Samba server can mount
shares from Windows clients on the domain. What they can't do ... is
mount shares from each other. I get

mount error(13): Permission denied

no matter what I try, I find various pages on how to do this, half of
which conflict with each other, or are outdated, none of which work.

I am using virtually the same smb.conf on both machines.

Domain name = DCRIB.LOCAL (short name DACRIB)
Win2003 DC = dim-win2300.dacrib.local
2 Ubuntu 9.10 members (Samba 3.4.0)
Desktop = workhorse (with various shares)
Laptop = Dual-Booter (which will access the shares on workhorse and
elsewhere)

So, can anyone point out what's wrong with these configs? Dual-Booter
can see the shares on workhorse, and workhorse can see the share on
Dual-Booter. Each can (and is) mounting shares from a WinXP machine. I
can get Kerberos tickets on each Samba server. Each Samba server can
mount a share from a WinXP desktop called "p4-desktop", altho I seem to
have to specify the username as "turgon at DACRIB" in the credentials; it
doesn't work any other way. I can't mount shares from the other Samba
regardless of how I specify the user, however.

testparm output - Dual-Booter:


[global]
	workgroup = DACRIB
	realm = DACRIB.LOCAL
	server string = %h server (Samba %v, Domain: %D, Server: %L - %R)
	security = ADS
	auth methods = winbind
	map to guest = Bad User
	obey pam restrictions = Yes
	password server = dim-win2300.DaCrib.local
	pam password change = Yes
	passwd program = /usr/bin/passwd %u
	passwd chat = *Enter\snew\s*\spassword:* %n\n
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
	unix password sync = Yes
	client NTLMv2 auth = Yes
	log level = 3
	syslog = 0
	log file = /var/log/samba/log.%m
	max log size = 1000
	server signing = auto
	socket options = TCP_NODELAY  SO_RCVBUF=8192 SO_SNDBUF=8192
	os level = 2
	local master = No
	domain master = No
	dns proxy = No
	eventlog list = Application, System, Security, SyslogLinux
	usershare allow guests = Yes
	panic action = /usr/share/samba/panic-action %d
	template shell = /bin/bash
	winbind separator = +
	winbind enum users = Yes
	winbind enum groups = Yes
	winbind nss info = rfc2307
	winbind refresh tickets = Yes
	idmap config DACRIB:range = 10000 - 20000
	idmap config DACRIB:backend = rid
	idmap config DACRIB:schema_mode = rfc2307
	hide dot files = No

[TestShare]
	path = /TestShare

testparm output - Dual-Booter:

[global]
	workgroup = DACRIB
	realm = DACRIB.LOCAL
	server string = %h server (Samba %v, Domain: %D, Server: %L - %R)
	security = ADS
	auth methods = winbind
	map to guest = Bad User
	obey pam restrictions = Yes
	password server = dim-win2300.DaCrib.local
	pam password change = Yes
	passwd program = /usr/bin/passwd %u
	passwd chat = *Enter\snew\s*\spassword:* %n\n
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
	unix password sync = Yes
	client NTLMv2 auth = Yes
	log level = 2
	syslog = 0
	log file = /var/log/samba/log.%m
	max log size = 1000
	server signing = auto
	os level = 2
	local master = No
	domain master = No
	dns proxy = No
	eventlog list = Application, System, Security, SyslogLinux
	usershare allow guests = Yes
	panic action = /usr/share/samba/panic-action %d
	template shell = /bin/bash
	winbind separator = +
	winbind enum users = Yes
	winbind enum groups = Yes
	winbind nss info = rfc2307
	winbind refresh tickets = Yes
	idmap config DACRIB:schema_mode = rfc2307
	idmap config DACRIB:range = 10000-20000
	idmap config DACRIB:backend = rid
	invalid users = root
	read only = No
	create mask = 0700
	directory mask = 0775
	hide dot files = No
	wide links = No

[printers]
	comment = All Printers
	path = /var/spool/samba
	printable = Yes
	browseable = No
	browsable = No

[print$]
	comment = Printer Drivers
	path = /var/lib/samba/printers


[OldHome]
	comment = The Old Home Folder
	path = /OldHome

Thanks for any help.




More information about the samba mailing list