[Samba] Mounting samba volume by IP fails trust in AD
Gaiseric Vandal
gaiseric.vandal at gmail.com
Wed Mar 30 10:47:07 MDT 2011
Do you have "PTR" entries in DNS for all the servers?
On 03/30/2011 12:35 PM, Walt Park wrote:
> Well.. all my samba boxes are behaving the same way.
> When joined to the AD, they work when addressed by name, but
> fail trust with the AD when addressed by IP. AD is controlled
> by windows 2003, not by samba. I'm pretty sure if I made a samba
> PDC, I could get this to work, but I can't because that's not our
> architecture here.
>
> I have a mixture of a couple different versions on both
> solaris and linux, and they all seem to behave the same.
>
> All the samba boxes use the same wins, which is the PDC.
> They also use a mix of DNS, for a couple of internal reasons,
> but for name/ip in regards to the AD, they will get the same
> responses because of the way delegation is setup among name servers.
>
> The AD does not run it's own name space and defers to the bind
> clusters for dns.
>
> The krb5.conf does point to the AD, as samba is the only thing
> on these boxes that use kerberos.
>
> name resolve order is not explicitly set, so defaults to
> lmhosts host wins bcast
>
> Anyway, the samba servers are not seeing the connection attempt when
> they get the trust failure error. The AD seems to be rejecting the
> connection attempt and not directing the connection to the samba box.
>
> When I use a FQDN, I see the connection attempt, and it works fine. It's
> only when I use IP.
>
> We have a security scanner that is failing because it is using IP since
> that's how it's network discovery works, which is what I'm trying to
> fix.
>
More information about the samba
mailing list