[Samba] Mounting samba volume by IP fails trust in AD

Gaiseric Vandal gaiseric.vandal at gmail.com
Wed Mar 30 09:22:54 MDT 2011

I have run into issues where by IP it worked, but not by name (this was 
with one particular samba server, with VPN clients, with WINS and 
Netbios not enabled over VPN.)   So it does seem possible that the 
server handles requests based on name and IP differently.

Are all machines (samba, win 2003, clients) pointing to the same WINS 
Are all machines pointing to the same DNS server?
Is the AD DC the WINS and DNS server?

Does the AD domain name space match the DNS domain name space?

Does the samba server krb5.conf have entries for the AD DC?  (Not sure 
if this is really necessary.)

In smb.conf, what is "name resolve order" set to?

On 03/30/2011 10:42 AM, Walt Park wrote:
> Hi.
> I've got some samba servers (3.0.33-3.29.el5_6.2, on redhat 5) that join a
> windows 2003 AD.
> When mounting the volume from a windows workstation, if I use
> \\ip.address.here
> it fails saying "The trust relationship between this workstation and the
> primary domain failed'"
> If I mount with \\fully.qualified.name it works just fine. Forward and
> reverse DNS match, and
> \\ip.address.here works for a microsoft box but not any of the samba boxes.
> When I check the smbd.log, I never see the failed connections at the samba
> box, only the ones
> that worked with FQDN, which to me suggests the failure happens because AD
> isn't passing the
> connection to samba, which my AD admins say is because something in samba
> isn't working like
> windows, so the AD doesn't pass the request to the samba box because it
> doesn't look right to AD.
> my smbd.conf is :
> --------------------
> # Global parameters
> [global]
>          workgroup = MYDOMAIN
>          security = ADS
>          realm = MY.DOMAIN
>          load printers = No
>          printing = bsd
>          preferred master = No
>          domain master = No
>          local master = no
>          os level = 0
>          wins server = xxx.xxx.xxx.xxx
>          ldap ssl = no
>          browseable = yes
>          restrict anonymous = yes
>          guest account = nobody
>          invalid users = nobody
>          encrypt passwords = yes
> [homes]
>          comment = Home Directories
>          writeable = Yes
>          browseable = No
> ---------------------------
> Any idea why IP mount fails trust with 2003 AD but Name would be ok?
> Is this a microsoft-ism to hate on samba, or am I missing something in my
> config?
> Does this fail for everyone or just me?
> test: start>run:  \\ip.of.samba.box
>         start>run:  \\dns.name.of.box
> if you have browse, it should show the available shares.

More information about the samba mailing list