[Samba] domain-based DFS ?

steve steve at steve-ss.com
Tue Jul 1 11:56:28 MDT 2014 

On Tue, 2014-07-01 at 19:41 +0200, Davor Vusir wrote:
> 2014-07-01 16:56 GMT+02:00 steve <steve at steve-ss.com>:
> > On Tue, 2014-07-01 at 16:32 +0200, L.P.H. van Belle wrote:
> >> well..
> >>
> >> I just did a test with this for steve also.
> >>
> >> same result.
> >>
> >> \\domain.name\sysvol and netlogon accessable no problems.
> >>
> >> \\domain.name\dfs   Access denied again? "Network path cannot be found...", 0x8xxxyy35?
> >>
> >> \\server1.domain.name\dfs  works, but someshare not.
> >> \\server1.domain.name\dfs\someshare
> >>
> >> my steps.
> >>
> >> mkdir -p /export/dfsroot
> >> chown root:root /export/dfsroot
> >> chmod 755 /export/dfsroot
> >> ln -s  'msdfs:mem1.internal.domain.tld\someshare' /export/dfsroot/someshare
> >>
> >> also tried : ln -s  'msdfs:mem1.internal.domain.tld\\someshare' /export/dfsroot/someshare
> >>
> >>
> >> smbclient //localhost/dfs  -U 'administrator'
> >> cd someshare
> >>
> >> tree connect failed: NT_STATUS_BAD_NETWORK_NAME
> >> Unable to follow dfs referral [\mem1.internal.domain.tld\]
> >> cd \somewhare\: NT_STATUS_BAD_NETWORK_NAME
> >>
> >> so far for me..
> >>
> >> found this one
> >> https://groups.google.com/forum/#!topic/linux.samba/mi4O5lHE8Vc
> >> so i think this is not fixed yet...
> >> there is a patch in this link, but since im on sernet im not trying the patch.
> >
> > Yeah, thanks Louis.
> > This is looking more and more like a time consuming, undocumented dead
> > end. I'm really tempted to drop it at this point and spend the time on a
> > proper cluster instead. I get the feeling that this was always going to
> > be second best, and it only works with windows clients anyway.
> > Cheers,
> > Steve
> >
> 
> Steve, have you done any testing with smbclient? I noticed that you've
> got 'kerberos method = system keytab' in alteas smb.conf.
> 
> smbclient -k -U administrator //hh3.site/dfs/users (-k for kerberos)

Hi Davor
You can't test domain dfs with smbclient because it requires a cifs
mount. cifs will only work if you specify a specific server:

smbclient -k -U Administrator //hh3.site/dfs
ads_krb5_mk_req: smb_krb5_get_credentials failed for cifs/hh3.site at SITE
(Server not found in Kerberos database)
cli_session_setup_kerberos: spnego_gen_krb5_negTokenInit failed: Server
not found in Kerberos database
session setup failed: NT_STATUS_UNSUCCESSFUL

This of course presents no problem:
smbclient -k -U Administrator //hh16.hh3.site/dfs
Domain=[HH3] OS=[Windows 6.1] Server=[Samba 4.2.0pre1-GIT-55c279f]
smb: \> 

and we can go on to access the share on altea fine.
Cheers,
Steve

More information about the samba mailing list