[Samba] Problems connecting to samba 3.4.7 from subnets

Mikael Ekblom mekblom at karkulla.fi
Wed Aug 24 06:16:03 MDT 2011 

Hi,


We have encountered a strange problem recently. We are running Samba  
as a virtual server on VMware esxi 4.1.

The samba version is 3.4.7 and it is connected via one network  
interface eth0, which seems to have network connectivity as we are  
able to ping the other subnets.

We are residing on the subnet 192.168.100.0/24 and the rest of the  
offices are on the subnets 192.168.101.0/26, 192.168.101.240/28,  
192.168.101.208/40

We are all using the same ISP for our internal network and all the  
subnets are interconnected. We can ping all the gateways inside the  
network and the traffic to the outside world is flowing correctly and  
http, sftp and icmp ping etc is also working within our mpls-network.

I'm for example able to "Teamview" or rdp into any machine within our  
local network on all the subnets.

The samba server itself has no firewall activated. All the servers are  
behind a Watchguard firewall and a rule for SMB-traffic is active and  
has always worked before.

Samba has the role of a PDC with authentication via ldap. This works  
as expected and Samba works well with computer, groups and  
people-accounts in ldap.

When a user from another subnet uses RDP to rdp into one of our  
machines here on our subnet 192.168.100.0, then that person gets all  
the shares he/she has the right to view. Login scipts and everything  
works like a charm!

When the same user accesses a computer residing, to give an example,  
on the subnet 192.168.101, well, the the user can log in, but no  
shares will be visible besides the users own home folder and the  
netlogon scripts will time out and claim that kix32.exe is not a valid  
win32 application and also an access denied will be issued.

The machines within the subnet 192.168.100.0 give no such notice.It  
just works. I have double checked all the rights on the netlogon  
folder and the login script works. We have the sam machines (Win7) as  
in the rest of the offices.

You can join a machine to the domain from a subnet 192.168.101 also.  
All client machines has a WINS-server address associated with them,  
that points to our Samba PDC server.

I have set hots allow to allow all the machines from these subnets to  
connect to our Samba PDC. Users within our subnet 192.168.100.0 have  
experienced no troubles what so ever.

Smbstatus says that machines from the other subnets has a connection,  
but they get no mappings.

Our provider changes our internet connection a while back to a  
fiber-based 100Mb/s conection. It is routed via cisco 3400-device. I  
have checked everything here, but has found no obvious reasons to why  
this does not work. The ISP claims that they do not prohibit any  
traffic, but I'm starting to doubt that.

Some manuals say that Samba cannot work between subnets. Well, we have  
done just that for about two years now...:) Until it is suddenly not  
working anymore.

So, i Guess that our ISP-provider is blocking some traffic anyhow,  
though they claim the opposite.

Is there anything that I might be overlooking here? Or is it just that  
Samba 3.4.7 does not work well between subnets, regardless of  
WINS-settings?


  Regards,

         Mikael Ekblom










----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.

More information about the samba mailing list