[Samba] multi-homed samba PDC and NetApp filers
Carl G. Riches
cgr at u.washington.edu
Sun May 16 20:23:49 MDT 2010
On Fri, 14 May 2010, John H Terpstra wrote:
> On 05/14/2010 07:14 PM, Carl G. Riches wrote:
>> We are having a problem getting a NetApp filer to re-join a samba
>> domain after a move to a new network. The filer worked fine with
>> samba before the move. Apologies in advance for the long missive.
>>
>> I've tried the following:
>>
>> - re-running the CIFS setup program on the filer
>> - removing the problem filer's samba account, replacing it, and
>> re-running the setup program on the filer
>> - creating a new machine account on the samba server and re-
>> running the setup program on the filer
>>
>> None of these worked. I also looked through a number of mailing
>> list postings about NetApp filers and samba but didn't find any-
>> thing to help.
>>
>> Has anyone gone through this before and provide insight into
>> this problem?
>
> Do you happen to specify in your /etc/samba/smb.conf file:
> interfaces = "list of interfaces"
> bind interfaces only = Yes
>
> If so, remove them, then retry the domain join. After successfully
> joining you ca re-enable these parameters.
>
> Please let me know if that is the solution.
>
That's part of the solution. The NetApp filer now shows up in Windows PC
browse lists, but we still can't get a PC (or the samba server itself) to
mount a CIFS file share from the filer. Does anyone have a suggestion for
what to try next? Here's what I've done so far:
I commented out these lines in /etc/samba/smb.conf:
; interfaces = 127.0.0.1 10.142.36.94/27 10.142.36.192/26 10.142.36.125/27
; bind interfaces only = yes
and restarted samba, then restarted CIFS on the NetApp filer. Tcpdump on
the samba server now looks like this:
18:45:57.189347 IP gcc-fs1.in.gcc.biostat.washington.edu.netbios-ns > mead.in.gcc.biostat.washington.edu.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; UNICAST
18:45:57.189425 IP mead.in.gcc.biostat.washington.edu.netbios-ns > gcc-fs1.in.gcc.biostat.washington.edu.netbios-ns: NBT UDP PACKET(137): QUERY; POSITIVE; RESPONSE; UNICAST
18:45:59.137275 IP gcc-fs1.in.gcc.biostat.washington.edu.netbios-ns > mead.in.gcc.biostat.washington.edu.netbios-ns: NBT UDP PACKET(137): REGISTRATION; REQUEST; UNICAST
18:45:59.137390 IP mead.in.gcc.biostat.washington.edu.netbios-ns > gcc-fs1.in.gcc.biostat.washington.edu.netbios-ns: NBT UDP PACKET(137): REGISTRATION; POSITIVE; RESPONSE; UNICAST
These message are on the filer's console:
Sun May 16 18:46:29 PDT [auth.dc.DCPasswdChange.failed:error]: AUTH: The
filer's attempt to change the shared password with filer's domain
controller failed with status 0xc000005e: Scheduled automatic password
change failed. The filer will retry in 1 hour.
At this point the filer shows up in a Windows PC's browse list.
An attempt to mount a share from the filer on the samba server using this
command:
mount -t cifs //10.208.235.134/geneva_fc /mnt -o username=cgr,domain=UWT-15
fails with this message:
mount error 5 = Input/output error
Refer to the mount.cifs(8) manual page (e.g.man mount.cifs)
and these lines show up in /var/log/debug:
May 16 18:49:49 mead kernel: Status code returned 0xc000005e NT_STATUS_NO_LOGON_SERVERS
May 16 18:49:49 mead kernel: CIFS VFS: Send error in SessSetup = -5
May 16 18:49:49 mead kernel: CIFS VFS: cifs_mount failed w/return code = -5
An attempt to map the above share to a drive (Z:) on a Windows PC fails
with the message:
The mapped network drive could not be created because the following
error has occurred:
There are currently no logon servers available to service the logon
request.
These messages appeared on the filer's console during the drive mapping
request:
Sun May 16 19:01:19 PDT [auth.dc.trace.DCConnection.statusMsg:info]: AUTH: TraceDC- Starting DC address discovery for UWT-15.
Sun May 16 19:01:19 PDT [auth.dc.trace.DCConnection.statusMsg:info]: AUTH: TraceDC- Found no DC addresses using generic DNS query.
Sun May 16 19:01:19 PDT [auth.dc.trace.DCConnection.statusMsg:info]: AUTH: TraceDC- Starting WINS queries.
Sun May 16 19:01:22 PDT [auth.dc.trace.DCConnection.statusMsg:info]: AUTH: TraceDC- Found no BDC addresses through WINS.
Sun May 16 19:01:25 PDT [auth.dc.trace.DCConnection.statusMsg:info]: AUTH: TraceDC- Found no PDC addresses through WINS.
Sun May 16 19:01:25 PDT [auth.dc.trace.DCConnection.statusMsg:info]: AUTH: TraceDC- DC address discovery for UWT-15 complete. 0 unique addresses found.
The WINS server has been defined:
options.cifs.wins_servers=10.142.36.94
which is the samba server. We have this line in the /etc/samba/smb.conf
file:
wins support = yes
An attempt to browse to the filer fail with this message:
\\gcc-fs1 is not accessible. You might not have permission to use this
network resource. Contact the administrator of this server to find out
if you have access permissions.
The network path was not found.
Both of these worked before moving them from one subnet to a new one.
When I re-enable the "interfaces" and "bind interfaces" lines in
/etc/samba/smb.conf the filer drops out of the Windows browse lists and
this message comes up on the filer's console:
gcc-fs1*> Sun May 16 19:12:07 PDT [nbt.WINS.registrationTimeout:info]: NBT: No WINS server are responding. The filer will continue to try to register with WINS.
I had to remove the "interfaces" and "bind interfaces" lines from
/etc/samba/smb.conf and restart CIFS on the filer to get the filer listed
in Windows browse lists again.
Commenting out the "hosts allow" line in /etc/samba/smb.conf doesn't seem
to affect the behavior of samba with respect to the filer.
What next?
Thanks,
Carl
>
>
>> We have the following:
>>
>> samba server:
>> Red Hat Enterprise Linux 5.3
>> kernel 2.6.18 i868
>> samba 3.0.33
>> multiple network interfaces: 10.142.36.64/27
>> 10.142.36.96/27
>> 10.142.36.192/26
>>
>> NetApp filer #1:
>> NetApp Release 7.2.4L1
>> connected through VPN to samba server network 10.142.36.192/26
>>
>> NetApp filer #2:
>> NetApp Release 7.3.1.1
>> connected through VPN to samba server network 10.142.36.64/27
>>
>> Each filer can ping the samba server. CIFS connections from each
>> filer are registered by the samba server and are logged in the file:
>> 0.0.0.0.log
>>
>> Each of the filers moved to a new network. Filer #1 rejoined the
>> domain but filer #2 can't.
>>
>> A tcpdump of the unsuccessful transaction is:
>> 10:42:38.137963 IP gcc-fs1.netbios-ns > mead.netbios-ns: NBT UDP
>> PACKET(137): MULTIHOMED REGISTRATION; REQUEST; UNICAST
>> 10:42:38.138165 IP mead.netbios-ns > gcc-fs1.netbios-ns: NBT UDP
>> PACKET(137): WACK; POSITIVE; RESPONSE; UNICAST
>> 10:42:58.270693 IP mead.netbios-ns > gcc-fs1.netbios-ns: NBT UDP
>> PACKET(137): REGISTRATION; NEGATIVE; RESPONSE; UNICAST
>> 10:44:11.627124 IP gcc-fs1.netbios-ns > mead.netbios-ns: NBT UDP
>> PACKET(137): MULTIHOMED REGISTRATION; REQUEST; UNICAST
>> 10:44:11.627292 IP mead.netbios-ns > gcc-fs1.netbios-ns: NBT UDP
>> PACKET(137): WACK; POSITIVE; RESPONSE; UNICAST
>> 10:44:32.309202 IP mead.netbios-ns > gcc-fs1.netbios-ns: NBT UDP
>> PACKET(137): REGISTRATION; NEGATIVE; RESPONSE; UNICAST
>> 10:45:45.665702 IP gcc-fs1.netbios-ns > mead.netbios-ns: NBT UDP
>> PACKET(137): MULTIHOMED REGISTRATION; REQUEST; UNICAST
>> 10:45:45.665803 IP mead.netbios-ns > gcc-fs1.netbios-ns: NBT UDP
>> PACKET(137): WACK; POSITIVE; RESPONSE; UNICAST
>> 10:46:06.312676 IP mead.netbios-ns > gcc-fs1.netbios-ns: NBT UDP
>> PACKET(137): REGISTRATION; NEGATIVE; RESPONSE; UNICAST
>>
>> Part of the samba log 0.0.0.0.log related to filer #2 is:
>>
>> [2010/05/14 16:54:52, 3]
>> nmbd/nmbd_winsserver.c:wins_process_name_registration_request(1138)
>> wins_process_name_registration_request: Group name registration for
>> name UWT-15<00> IP 10.208.235.134
>> [2010/05/14 16:54:52, 3]
>> nmbd/nmbd_winsserver.c:wins_process_name_registration_request(1222)
>> wins_process_name_registration_request: Adding IP 255.255.255.255 to
>> group name UWT-15<00>.
>> [2010/05/14 16:54:52, 4] nmbd/nmbd_packets.c:reply_netbios_packet(940)
>> reply_netbios_packet: sending a reply of packet type: wins_reg
>> UWT-15<00> to ip 10.208.235.134 for id 39786
>> [2010/05/14 16:54:52, 4] libsmb/nmblib.c:debug_nmb_packet(112)
>> nmb packet from 10.208.235.134(137) header: id=39786
>> opcode=Registration(5) response=Yes
>> header: flags: bcast=No rec_avail=Yes rec_des=Yes trunc=No
>> auth=Yes
>> header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0
>> answers: nmb_name=UWT-15<00> rr_type=32 rr_class=1 ttl=345600
>> answers 0 char ...... hex E0000AD0EB86
>> [2010/05/14 16:54:52, 5] libsmb/nmblib.c:send_udp(779)
>> Sending a packet of len 62 to (10.208.235.134) on port 137
>>
>>
>> Thanks,
>> Carl
>>
>>
>
>
More information about the samba
mailing list