[Samba] domain-based DFS ?

L.P.H. van Belle belle at bazuin.nl
Tue Jul 1 08:32:55 MDT 2014 

well.. 

I just did a test with this for steve also. 

same result. 

\\domain.name\sysvol and netlogon accessable no problems. 

\\domain.name\dfs   Access denied again? "Network path cannot be found...", 0x8xxxyy35? 

\\server1.domain.name\dfs  works, but someshare not. 
\\server1.domain.name\dfs\someshare 

my steps. 

mkdir -p /export/dfsroot
chown root:root /export/dfsroot
chmod 755 /export/dfsroot
ln -s  'msdfs:mem1.internal.domain.tld\someshare' /export/dfsroot/someshare 

also tried : ln -s  'msdfs:mem1.internal.domain.tld\\someshare' /export/dfsroot/someshare 


smbclient //localhost/dfs  -U 'administrator' 
cd someshare

tree connect failed: NT_STATUS_BAD_NETWORK_NAME
Unable to follow dfs referral [\mem1.internal.domain.tld\]
cd \somewhare\: NT_STATUS_BAD_NETWORK_NAME

so far for me.. 

found this one
https://groups.google.com/forum/#!topic/linux.samba/mi4O5lHE8Vc 
so i think this is not fixed yet... 
there is a patch in this link, but since im on sernet im not trying the patch. 


Louis

>-----Oorspronkelijk bericht-----
>Van: rowlandpenny at googlemail.com 
>[mailto:samba-bounces at lists.samba.org] Namens Rowland Penny
>Verzonden: dinsdag 1 juli 2014 16:03
>Aan: samba at lists.samba.org
>Onderwerp: Re: [Samba] domain-based DFS ?
>
>On 01/07/14 15:00, steve wrote:
>> On Tue, 2014-07-01 at 15:34 +0200, Davor Vusir wrote:
>>> 2014-07-01 14:41 GMT+02:00 steve <steve at steve-ss.com>:
>>>> On Tue, 2014-07-01 at 05:27 +0200, Davor Vusir wrote:
>>>>> 2014-06-30 19:48 GMT+02:00 steve <steve at steve-ss.com>:
>>>>>> On Mon, 2014-06-30 at 19:19 +0200, Davor Vusir wrote:
>>>>>>> 2014-06-30 17:08 GMT+02:00 steve <steve at steve-ss.com>:
>>>>>>>> On Mon, 2014-06-30 at 14:57 +0200, steve wrote:
>>>>>>>>> On Mon, 2014-06-30 at 14:51 +0200, steve wrote:
>>>>>>>>>> On Mon, 2014-06-30 at 13:24 +0200, L.P.H. van Belle wrote:
>>>>>>>>>>>>>> To the [global] section on the AD DC I added
>>>>>>>>>>>>>> host msdfs = yes <- the trick?
>>>>>>>>>>> No, not in my oppinion.
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> These are the defaults on a DC:
>>>>>>>>>>> samba-tool testparm -vv | grep dfs
>>>>>>>>>>>          host msdfs = Yes
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> and member server:
>>>>>>>>>>> testparm -vv | grep dfs
>>>>>>>>>>>          host msdfs = No
>>>>>>>>>>>          msdfs root = No
>>>>>>>>>>>          msdfs proxy =
>>>>>>>>>>>
>>>>>>>>>> Hi it's this:
>>>>>>>>>> host msdfs = Yes
>>>>>>>>>> vfs objects = dfs_samba4 # plus whatever else you need
>>>>>>>>>> msdfs root = Yes
>>>>>>>>>>
>>>>>>>>>> HTH
>>>>>>>>>> Steve
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>> Oh, and the root has to be on the DC:(
>>>>>>>>>
>>>>>>>>>
>>>>>>>> Hi
>>>>>>>> Nah, false alarm.
>>>>>>>> DC:
>>>>>>>> [global]
>>>>>>>>          workgroup = HH3
>>>>>>>>          realm = HH3.SITE
>>>>>>>>          netbios name = HH16
>>>>>>>>          server role = active directory domain controller
>>>>>>>>          server services = s3fs, rpc, nbt, wrepl, 
>ldap, cldap, kdc,
>>>>>>>> drepl, winbind, ntp_signd, kcc, dnsupdate
>>>>>>>>          host msdfs = Yes
>>>>>>>>          vfs objects = dfs_samba4, acl_xattr
>>>>>>>>
>>>>>>>> [netlogon]
>>>>>>>>          path = 
>/usr/local/samba/var/locks/sysvol/hh3.site/scripts
>>>>>>>>          read only = No
>>>>>>>>
>>>>>>>> [sysvol]
>>>>>>>>          path = /usr/local/samba/var/locks/sysvol
>>>>>>>>          read only = No
>>>>>>>>
>>>>>>>> [dfs]
>>>>>>>>          path = /home/dfsroot
>>>>>>>>          read only = No
>>>>>>>>          msdfs root = Yes
>>>>>>>>          vfs objects = acl_xattr
>>>>>>>>
>>>>>>>> hh16:/home/dfsroot # ls -l
>>>>>>>> total 0
>>>>>>>> lrwxrwxrwx 1 root root 17 Jun 30 16:45 users -> 
>msdfs:altea\users
>>>>>>>>
>>>>>>>> The fileserver, altea is up and we can navigate to:
>>>>>>>> \\altea\users
>>>>>>>>
>>>>>>>> however:
>>>>>>>> \\hh3.site\dfs
>>>>>>>> and
>>>>>>>> \\hh3.site\dfs\users
>>>>>>>>
>>>>>>>> Gives us the infamous '...you may not have permission 
>to access...'
>>>>>>>> popup.
>>>>>>>>
>>>>>>> Did you restart the Windows client?
>>>>>> Yes.
>>>>>> \\hh16.hh3.site\dfs\users
>>>>>> works fine (hh16 is the DC with the dfs root) I get a 
>security tab and a
>>>>>> DFS tab.
>>>>>>
>>>>>> \\hh3.site\dfs
>>>>>> Nothing: access denied
>>>>>>
>>>>>> \\hh3.site
>>>>>> shows the dfs folder which gives me a DFS tab but no 
>security tab.
>>>>>>
>>>>>> I've tried giving Administrator access to /home/dfsroot 
>as fs level (our
>>>>>> Administrator has uid:gid in AD) but still nada. I've 
>tried giving
>>>>>> Administrator access to the same using the security tab 
>as above. Nada.
>>>>>>
>>>>>> Not giving up just yet.
>>>>>> Any thoughts as you go through the day most welcome. I 
>get the feeling
>>>>>> that not many have been this way before.
>>>>>> Cheers,
>>>>>> Steve
>>>>>>
>>>>>>>> Is this the acl stuff Davor was mentioning?
>>>>>>>> Thanks,
>>>>>>>> Steve
>>>>>>>>
>>>>>>>>
>>>>> A vague memory from one posting aeons ago just came to mind. If
>>>>> changes are made to the [global] section, Samba has to 
>restarted to
>>>>> activate the changes. Did you restart samba?
>>>> Hi
>>>> OK
>>>> I removed all the non default vfs objects, to leave this on the DC,
>>>> hh16.hh3.site
>>>> s
>>>> [global]
>>>>          workgroup = HH3
>>>>          realm = HH3.SITE
>>>>          netbios name = HH16
>>>>          server role = active directory domain controller
>>>>          server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
>>>> drepl, winbind, ntp_signd, kcc, dnsupdate
>>>>          host msdfs = Yes
>>>>
>>>> [netlogon]
>>>>          path = /usr/local/samba/var/locks/sysvol/hh3.site/scripts
>>>>          read only = No
>>>>
>>>> [sysvol]
>>>>          path = /usr/local/samba/var/locks/sysvol
>>>>          read only = No
>>>>
>>>> [dfs]
>>>>          path = /home/dfsroot
>>>>          read only = No
>>>>          msdfs root = Yes
>>>>
>>>> Here is the dfs link:
>>>>
>>>> steve at hh16:/home/dfsroot> ls -l
>>>> total 0
>>>> lrwxrwxrwx 1 root root 17 Jun 30 16:45 users -> msdfs:altea\users
>>>>
>>> I used fqdn: ln -s msdfs:altea.hh3.site\\users users
>>>
>>>> Here is the fileserver, altea.hh3.site
>>>> [global]
>>>> workgroup = HH3
>>>> realm = HH3.SITE
>>>> security = ADS
>>>> kerberos method = system keytab
>>>>
>>>> [users]
>>>> path = /home/users
>>>> read only = No
>>>>
>>>> Restart samba DC then file server the a xp client.
>>>> We can browse to \\altea\users
>>>> but not to \\hh3.site\dfs\users
>>>>
>>> What is the error? Access denied again? "Network path cannot be
>>> found...", 0x8xxxyy35?
>> \\hh3.site\dfs is not accessible. You might not have permission...The
>> network name cannot be found.
>>
>>> Can you browse to \\hh3.sit\netlogon and \\hh3.site\sysvol?
>> Yes.
>>
>>>> Here are the windows sceenshots.
>>>> 1. \\hh3.site
>>>> https://db.tt/3ksfq7qV
>>>>
>>>> 2. \\hh16.hh3.site
>>>> https://db.tt/9C8xtFnT
>>>>
>>>> Conclusion: server dfs works, domain dfs doesn't. But do 
>please tell us
>>>> we're wrong. Is there anything in our config we've missed?
>>>>
>>>> Thanks,
>>>> Steve
>>>>
>>>>
>>
>Er, I don't know if this will help, but have a look here:
>http://markparris.co.uk/2010/03/19/configure-dfs-namepaces-to-u
se-fully-qualified-domain-names-its-not-the-default/
>
>Just something I chanced on
>
>HTH
>
>Rowland
>
>-- 
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba
>
>

More information about the samba mailing list