[Samba] domain-based DFS ?

Davor Vusir davortvusir at gmail.com
Tue Jul 1 12:22:59 MDT 2014 

2014-07-01 19:56 GMT+02:00 steve <steve at steve-ss.com>:
> On Tue, 2014-07-01 at 19:41 +0200, Davor Vusir wrote:
>> 2014-07-01 16:56 GMT+02:00 steve <steve at steve-ss.com>:
>> > On Tue, 2014-07-01 at 16:32 +0200, L.P.H. van Belle wrote:
>> >> well..
>> >>
>> >> I just did a test with this for steve also.
>> >>
>> >> same result.
>> >>
>> >> \\domain.name\sysvol and netlogon accessable no problems.
>> >>
>> >> \\domain.name\dfs   Access denied again? "Network path cannot be found...", 0x8xxxyy35?
>> >>
>> >> \\server1.domain.name\dfs  works, but someshare not.
>> >> \\server1.domain.name\dfs\someshare
>> >>
>> >> my steps.
>> >>
>> >> mkdir -p /export/dfsroot
>> >> chown root:root /export/dfsroot
>> >> chmod 755 /export/dfsroot
>> >> ln -s  'msdfs:mem1.internal.domain.tld\someshare' /export/dfsroot/someshare
>> >>
>> >> also tried : ln -s  'msdfs:mem1.internal.domain.tld\\someshare' /export/dfsroot/someshare
>> >>
>> >>
>> >> smbclient //localhost/dfs  -U 'administrator'
>> >> cd someshare
>> >>
>> >> tree connect failed: NT_STATUS_BAD_NETWORK_NAME
>> >> Unable to follow dfs referral [\mem1.internal.domain.tld\]
>> >> cd \somewhare\: NT_STATUS_BAD_NETWORK_NAME
>> >>
>> >> so far for me..
>> >>
>> >> found this one
>> >> https://groups.google.com/forum/#!topic/linux.samba/mi4O5lHE8Vc
>> >> so i think this is not fixed yet...
>> >> there is a patch in this link, but since im on sernet im not trying the patch.
>> >
>> > Yeah, thanks Louis.
>> > This is looking more and more like a time consuming, undocumented dead
>> > end. I'm really tempted to drop it at this point and spend the time on a
>> > proper cluster instead. I get the feeling that this was always going to
>> > be second best, and it only works with windows clients anyway.
>> > Cheers,
>> > Steve
>> >
>>
>> Steve, have you done any testing with smbclient? I noticed that you've
>> got 'kerberos method = system keytab' in alteas smb.conf.
>>
>> smbclient -k -U administrator //hh3.site/dfs/users (-k for kerberos)
>
> Hi Davor
> You can't test domain dfs with smbclient because it requires a cifs
> mount. cifs will only work if you specify a specific server:
>
> smbclient -k -U Administrator //hh3.site/dfs
> ads_krb5_mk_req: smb_krb5_get_credentials failed for cifs/hh3.site at SITE
> (Server not found in Kerberos database)
> cli_session_setup_kerberos: spnego_gen_krb5_negTokenInit failed: Server
> not found in Kerberos database
> session setup failed: NT_STATUS_UNSUCCESSFUL
>
> This of course presents no problem:
> smbclient -k -U Administrator //hh16.hh3.site/dfs
> Domain=[HH3] OS=[Windows 6.1] Server=[Samba 4.2.0pre1-GIT-55c279f]
> smb: \>
>
> and we can go on to access the share on altea fine.
> Cheers,
> Steve
>
>

I think you´re wrong.

>From member server vastraaros:
admind at vastraaros:~$ smbclient //hem.vusir.se/files -U davor
WARNING: The "idmap backend" option is deprecated
WARNING: The "idmap uid" option is deprecated
WARNING: The "idmap gid" option is deprecated
Enter davor's password:
Domain=[VUSIR] OS=[Unix] Server=[Samba 4.1.9]
smb: \> pwd
Current directory is \\hem.vusir.se\files\
smb: \> ls
  .                                   D        0  Mon Jun 30 20:18:22 2014
  ..                                  D        0  Fri Jun 27 05:51:19 2014
  home                                D        0  Fri Jun 27 19:26:33 2014
  familjen                            D        0  Fri Jun 27 19:26:07 2014
                56212 blocks of size 1048576. 50192 blocks available
smb: \> cd home\davor
smb: \home\davor\> ls
  .                                   D        0  Wed Apr 23 07:57:52 2014
  ..                                  D        0  Thu Jun 26 22:29:37 2014
  _aaa                                D        0  Sun Oct 20 10:16:27 2013
  Links                              DR        0  Mon Jun 30 21:03:55 2014
  AppData                             D        0  Wed Apr 23 16:15:30 2014
  .bash_history                       H       50  Sun Mar 30 21:45:16 2014
  .viminfo                            H     1745  Mon Apr  7 05:58:08 2014
  Documents                          DR        0  Mon Jun 30 21:03:54 2014
  Contacts                           DR        0  Mon Jun 30 21:03:54 2014
  Desktop                            DR        0  Mon Jun 30 21:03:54 2014
  Searches                           DR        0  Mon Jun 30 21:03:54 2014
  Favorites                          DR        0  Mon Jun 30 21:03:54 2014
                50364 blocks of size 4194304. 27720 blocks available
smb: \home\davor\> pwd
Current directory is \\hem.vusir.se\files\home\davor\
smb: \home\davor\> listconnect
0:      server=hem.vusir.se, share=files
smb: \home\davor\>

Regards
Davor

More information about the samba mailing list