[Samba] Mounting samba volume by IP fails trust in AD

Walt Park waltbulk at gmail.com
Wed Mar 30 08:42:33 MDT 2011


I've got some samba servers (3.0.33-3.29.el5_6.2, on redhat 5) that join a
windows 2003 AD.

When mounting the volume from a windows workstation, if I use
it fails saying "The trust relationship between this workstation and the
primary domain failed'"

If I mount with \\fully.qualified.name it works just fine. Forward and
reverse DNS match, and
\\ip.address.here works for a microsoft box but not any of the samba boxes.

When I check the smbd.log, I never see the failed connections at the samba
box, only the ones
that worked with FQDN, which to me suggests the failure happens because AD
isn't passing the
connection to samba, which my AD admins say is because something in samba
isn't working like
windows, so the AD doesn't pass the request to the samba box because it
doesn't look right to AD.

my smbd.conf is :
# Global parameters
        workgroup = MYDOMAIN
        security = ADS
        realm = MY.DOMAIN
        load printers = No
        printing = bsd
        preferred master = No
        domain master = No
        local master = no
        os level = 0
        wins server = xxx.xxx.xxx.xxx
        ldap ssl = no
        browseable = yes
        restrict anonymous = yes
        guest account = nobody
        invalid users = nobody
        encrypt passwords = yes

        comment = Home Directories
        writeable = Yes
        browseable = No

Any idea why IP mount fails trust with 2003 AD but Name would be ok?
Is this a microsoft-ism to hate on samba, or am I missing something in my

Does this fail for everyone or just me?

test: start>run:  \\ip.of.samba.box
       start>run:  \\dns.name.of.box

if you have browse, it should show the available shares.

More information about the samba mailing list