[Samba] Debian Lenny 5.04 and DMS in Windows 2000 Native Domain + Forest with Samba 3.2.5

Thu Mar 3 12:31:26 MST 2011

Hello All,

I have been struggling with this for a long, long time.  I came here
looking for answers.  So, I have a VM running Debian Lenny.  I install
the apt package samba, which installs 3.2.5.  I work in a large
university with an extensive Active Directory environment, both forest
and domain running in Win2k native mode.  There is a NetApp filer which
houses all our admin files, scripts, and installers.  Nothing really
special.  The computer, FILESERVER, is in the child domain of the
forest, whose root domain is DOMAIN.FOREST.UNIVERSITY.TLD.  The root 
domain is FOREST.UNIVERSITY.TLD.  Now, can I mount this without joining 
the domain?  I have tried reading the documentation, and I think this is
telling me no.

> Use of raw SMB over TCP/IP (No NetBIOS layer) can be done only with Active Directory domains. Samba is not an Active Directory domain controller: ergo, it is not possible to run Samba as a domain controller and at the same time not use NetBIOS. Where Samba is used as an Active Directory domain member server (DMS) it is possible to configure Samba to not use NetBIOS over TCP/IP. A Samba DMS can integrate fully into an Active Directory domain, however, if NetBIOS over TCP/IP is disabled, it is necessary to manually create appropriate DNS entries for the Samba DMS because they will not be automatically generated either by Samba, or by the ADS environment.  [0]

So if I do not need to join this Debian VM to the domain, what is the 
proper config and/or command structure?  I have toyed with "disable 
netbios = yes" and "security = ads", but it still does now work well.

When I run smbclient, I can pull up a connection just fine, browse 
files, and even upload.

> smbclient -L  \\\\fileserver.domain.forest.university.tld\\PubShare0 -W DOMAIN.FOREST.UNIVERSITY.TLD -U my_ad_account

However, mounting it never, ever works.  It mentions NBT being disabled 
when getting a share list, among all the shares listed.

> Domain=[DOMAIN] OS=[Windows 5.0] Server=[Windows 2000 LAN Manager]
> 
> 	Sharename       Type      Comment
> 	---------       ----      -------
> 	IPC$            IPC       Remote IPC
> 	ETC$            Disk      Remote Administration
> 	C$              Disk      Remote Administration
> 	Data$           Disk      
> 	PubShare0       Disk      
> 	PubShare1       Disk      
> 	PubShare2       Disk      
> 	PubShare3       Disk      
> 	PubShare5       Disk      
> 	PubShare5       Disk      
> Connection to fileserver.domain.forest.university.tld failed (Error NT_STATUS_CONNECTION_REFUSED)
> NetBIOS over TCP disabled -- no workgroup available

When I mount, I envitably get an IO error.

> BACC-UTIL-VM:/home/me# whoami
> root
> BACC-UTIL-VM:/home/me# smbmount //fileserver.domain.forest.university.tld/PubShare0 /mnt/fileserver/pubshare0/ --verbose -o domain=DOMAIN.FOREST.UNIVERSITY.TLD,user=my_ad_account
> Password: 
> 
> mount.cifs kernel mount options: unc=//fileserver.domain.forest.university.tld\share,ip=10.XXX.XX.XX,ver=1,domain=GEORGETOWN.MEI.GEORGETOWN.EDU,user=ajs67,pass=********mount error 5 = Input/output error
> Refer to the mount.cifs(8) manual page (e.g.man mount.cifs)
> BACC-UTIL-VM:/home/me# 

Why is this?  Will it go away if and when I join the domain?  The IP 
address is accurate and their are proper DNS entries.  None of the 
variations I try work.  As someone clued me in on IRC, NBT is probably 
the culprit here, so I want to better understand the underlying 
principle, and then figure out the correct config for the future.  Sorry 
for the outrageously long email, but I love my Linux and hate my 
Windows.  This will make my transition much, much easier.

Best,
_AJS

[0]http://samba.org/samba/docs/man/Samba-HOWTO-Collection/NetworkBrowsing.html#id2580798