[Samba] Problems connecting to samba 3.4.7 from subnets
mekblom at karkulla.fi
Wed Aug 24 06:16:03 MDT 2011
We have encountered a strange problem recently. We are running Samba
as a virtual server on VMware esxi 4.1.
The samba version is 3.4.7 and it is connected via one network
interface eth0, which seems to have network connectivity as we are
able to ping the other subnets.
We are residing on the subnet 192.168.100.0/24 and the rest of the
offices are on the subnets 192.168.101.0/26, 192.168.101.240/28,
We are all using the same ISP for our internal network and all the
subnets are interconnected. We can ping all the gateways inside the
network and the traffic to the outside world is flowing correctly and
http, sftp and icmp ping etc is also working within our mpls-network.
I'm for example able to "Teamview" or rdp into any machine within our
local network on all the subnets.
The samba server itself has no firewall activated. All the servers are
behind a Watchguard firewall and a rule for SMB-traffic is active and
has always worked before.
Samba has the role of a PDC with authentication via ldap. This works
as expected and Samba works well with computer, groups and
people-accounts in ldap.
When a user from another subnet uses RDP to rdp into one of our
machines here on our subnet 192.168.100.0, then that person gets all
the shares he/she has the right to view. Login scipts and everything
works like a charm!
When the same user accesses a computer residing, to give an example,
on the subnet 192.168.101, well, the the user can log in, but no
shares will be visible besides the users own home folder and the
netlogon scripts will time out and claim that kix32.exe is not a valid
win32 application and also an access denied will be issued.
The machines within the subnet 192.168.100.0 give no such notice.It
just works. I have double checked all the rights on the netlogon
folder and the login script works. We have the sam machines (Win7) as
in the rest of the offices.
You can join a machine to the domain from a subnet 192.168.101 also.
All client machines has a WINS-server address associated with them,
that points to our Samba PDC server.
I have set hots allow to allow all the machines from these subnets to
connect to our Samba PDC. Users within our subnet 192.168.100.0 have
experienced no troubles what so ever.
Smbstatus says that machines from the other subnets has a connection,
but they get no mappings.
Our provider changes our internet connection a while back to a
fiber-based 100Mb/s conection. It is routed via cisco 3400-device. I
have checked everything here, but has found no obvious reasons to why
this does not work. The ISP claims that they do not prohibit any
traffic, but I'm starting to doubt that.
Some manuals say that Samba cannot work between subnets. Well, we have
done just that for about two years now...:) Until it is suddenly not
So, i Guess that our ISP-provider is blocking some traffic anyhow,
though they claim the opposite.
Is there anything that I might be overlooking here? Or is it just that
Samba 3.4.7 does not work well between subnets, regardless of
This message was sent using IMP, the Internet Messaging Program.
More information about the samba