[Samba] domain-based DFS ?

steve steve at steve-ss.com
Tue Jul 1 13:23:35 MDT 2014 

On Tue, 2014-07-01 at 20:22 +0200, Davor Vusir wrote:
> 2014-07-01 19:56 GMT+02:00 steve <steve at steve-ss.com>:
> > On Tue, 2014-07-01 at 19:41 +0200, Davor Vusir wrote:
> >> 2014-07-01 16:56 GMT+02:00 steve <steve at steve-ss.com>:
> >> > On Tue, 2014-07-01 at 16:32 +0200, L.P.H. van Belle wrote:
> >> >> well..
> >> >>
> >> >> I just did a test with this for steve also.
> >> >>
> >> >> same result.
> >> >>
> >> >> \\domain.name\sysvol and netlogon accessable no problems.
> >> >>
> >> >> \\domain.name\dfs   Access denied again? "Network path cannot be found...", 0x8xxxyy35?
> >> >>
> >> >> \\server1.domain.name\dfs  works, but someshare not.
> >> >> \\server1.domain.name\dfs\someshare
> >> >>
> >> >> my steps.
> >> >>
> >> >> mkdir -p /export/dfsroot
> >> >> chown root:root /export/dfsroot
> >> >> chmod 755 /export/dfsroot
> >> >> ln -s  'msdfs:mem1.internal.domain.tld\someshare' /export/dfsroot/someshare
> >> >>
> >> >> also tried : ln -s  'msdfs:mem1.internal.domain.tld\\someshare' /export/dfsroot/someshare
> >> >>
> >> >>
> >> >> smbclient //localhost/dfs  -U 'administrator'
> >> >> cd someshare
> >> >>
> >> >> tree connect failed: NT_STATUS_BAD_NETWORK_NAME
> >> >> Unable to follow dfs referral [\mem1.internal.domain.tld\]
> >> >> cd \somewhare\: NT_STATUS_BAD_NETWORK_NAME
> >> >>
> >> >> so far for me..
> >> >>
> >> >> found this one
> >> >> https://groups.google.com/forum/#!topic/linux.samba/mi4O5lHE8Vc
> >> >> so i think this is not fixed yet...
> >> >> there is a patch in this link, but since im on sernet im not trying the patch.
> >> >
> >> > Yeah, thanks Louis.
> >> > This is looking more and more like a time consuming, undocumented dead
> >> > end. I'm really tempted to drop it at this point and spend the time on a
> >> > proper cluster instead. I get the feeling that this was always going to
> >> > be second best, and it only works with windows clients anyway.
> >> > Cheers,
> >> > Steve
> >> >
> >>
> >> Steve, have you done any testing with smbclient? I noticed that you've
> >> got 'kerberos method = system keytab' in alteas smb.conf.
> >>
> >> smbclient -k -U administrator //hh3.site/dfs/users (-k for kerberos)
> >
> > Hi Davor
> > You can't test domain dfs with smbclient because it requires a cifs
> > mount. cifs will only work if you specify a specific server:
> >
> > smbclient -k -U Administrator //hh3.site/dfs
> > ads_krb5_mk_req: smb_krb5_get_credentials failed for cifs/hh3.site at SITE
> > (Server not found in Kerberos database)
> > cli_session_setup_kerberos: spnego_gen_krb5_negTokenInit failed: Server
> > not found in Kerberos database
> > session setup failed: NT_STATUS_UNSUCCESSFUL
> >
> > This of course presents no problem:
> > smbclient -k -U Administrator //hh16.hh3.site/dfs
> > Domain=[HH3] OS=[Windows 6.1] Server=[Samba 4.2.0pre1-GIT-55c279f]
> > smb: \>
> >
> > and we can go on to access the share on altea fine.
> > Cheers,
> > Steve
> >
> >
> 
> I think you´re wrong.
> 
> From member server vastraaros:
> admind at vastraaros:~$ smbclient //hem.vusir.se/files -U davor
> WARNING: The "idmap backend" option is deprecated
> WARNING: The "idmap uid" option is deprecated
> WARNING: The "idmap gid" option is deprecated
> Enter davor's password:
> Domain=[VUSIR] OS=[Unix] Server=[Samba 4.1.9]
> smb: \> pwd
> Current directory is \\hem.vusir.se\files\
> smb: \> ls
>   .                                   D        0  Mon Jun 30 20:18:22 2014
>   ..                                  D        0  Fri Jun 27 05:51:19 2014
>   home                                D        0  Fri Jun 27 19:26:33 2014
>   familjen                            D        0  Fri Jun 27 19:26:07 2014
>                 56212 blocks of size 1048576. 50192 blocks available
> smb: \> cd home\davor
> smb: \home\davor\> ls
>   .                                   D        0  Wed Apr 23 07:57:52 2014
>   ..                                  D        0  Thu Jun 26 22:29:37 2014
>   _aaa                                D        0  Sun Oct 20 10:16:27 2013
>   Links                              DR        0  Mon Jun 30 21:03:55 2014
>   AppData                             D        0  Wed Apr 23 16:15:30 2014
>   .bash_history                       H       50  Sun Mar 30 21:45:16 2014
>   .viminfo                            H     1745  Mon Apr  7 05:58:08 2014
>   Documents                          DR        0  Mon Jun 30 21:03:54 2014
>   Contacts                           DR        0  Mon Jun 30 21:03:54 2014
>   Desktop                            DR        0  Mon Jun 30 21:03:54 2014
>   Searches                           DR        0  Mon Jun 30 21:03:54 2014
>   Favorites                          DR        0  Mon Jun 30 21:03:54 2014
>                 50364 blocks of size 4194304. 27720 blocks available
> smb: \home\davor\> pwd
> Current directory is \\hem.vusir.se\files\home\davor\
> smb: \home\davor\> listconnect
> 0:      server=hem.vusir.se, share=files
> smb: \home\davor\>
> 
> Regards
> Davor

On our config it treats the domain as the name of the server! Anyway,
thanks for your time. We can't spend any longer with this as we are
looking for a solution.
Thanks again,
Steve

More information about the samba mailing list