[Samba] Mounting samba volume by IP fails trust in AD

Walt Park waltbulk at gmail.com
Wed Mar 30 10:35:03 MDT 2011

Well.. all my samba boxes are behaving the same way.
When joined to the AD, they work when addressed by name, but
fail trust with the AD when addressed by IP. AD is controlled
by windows 2003, not by samba. I'm pretty sure if I made a samba
PDC, I could get this to work, but I can't because that's not our
architecture here.

I have a mixture of a couple different versions on both
solaris and linux, and they all seem to behave the same.

All the samba boxes use the same wins, which is the  PDC.
They also use a mix of DNS, for a couple of internal reasons,
but for name/ip in regards to the AD, they will get the same
responses because of the way delegation is setup among name servers.

The AD does not run it's own name space and defers to the bind
clusters for dns.

The krb5.conf does point to the AD, as samba is the only thing
on these boxes that use kerberos.

name resolve order is not explicitly set, so defaults to
lmhosts host wins bcast

Anyway, the samba servers are not seeing the connection attempt when
they get the trust failure error. The AD seems to be rejecting the
connection attempt and not directing the connection to the samba box.

When I use a FQDN, I see the connection attempt, and it works fine. It's
only when I use IP.

We have a security scanner that is failing because it is using IP since
that's how it's network discovery works, which is what I'm trying to

More information about the samba mailing list