[Samba] domain-based DFS ?
Daniel Müller
mueller at tropenklinik.de
Tue Jul 1 23:44:24 MDT 2014
HI,
it will not work with samba4 and smb3!? I have the same definition and I cannot reach my dfs with \\mydomain.name\dfsshare but... and that is the interesting thing from within my old samba3 nt style domain I can reach!! the same \\mydomain.nam\dfsshare without any issues. I can read and write to it...
I think this a awesome bug in samba4, because I can proof that within the beta versions it still was possible to reach
and act on \\mydomain.name\share without any errors.
EDV Daniel Müller
Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 Tübingen
Tel.: 07071/206-463, Fax: 07071/206-499
eMail: mueller at tropenklinik.de
Internet: www.tropenklinik.de
-----Ursprüngliche Nachricht-----
Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] Im Auftrag von steve
Gesendet: Dienstag, 1. Juli 2014 21:24
An: Davor Vusir
Cc: samba at lists.samba.org
Betreff: Re: [Samba] domain-based DFS ?
On Tue, 2014-07-01 at 20:22 +0200, Davor Vusir wrote:
> 2014-07-01 19:56 GMT+02:00 steve <steve at steve-ss.com>:
> > On Tue, 2014-07-01 at 19:41 +0200, Davor Vusir wrote:
> >> 2014-07-01 16:56 GMT+02:00 steve <steve at steve-ss.com>:
> >> > On Tue, 2014-07-01 at 16:32 +0200, L.P.H. van Belle wrote:
> >> >> well..
> >> >>
> >> >> I just did a test with this for steve also.
> >> >>
> >> >> same result.
> >> >>
> >> >> \\domain.name\sysvol and netlogon accessable no problems.
> >> >>
> >> >> \\domain.name\dfs Access denied again? "Network path cannot be found...", 0x8xxxyy35?
> >> >>
> >> >> \\server1.domain.name\dfs works, but someshare not.
> >> >> \\server1.domain.name\dfs\someshare
> >> >>
> >> >> my steps.
> >> >>
> >> >> mkdir -p /export/dfsroot
> >> >> chown root:root /export/dfsroot
> >> >> chmod 755 /export/dfsroot
> >> >> ln -s 'msdfs:mem1.internal.domain.tld\someshare'
> >> >> /export/dfsroot/someshare
> >> >>
> >> >> also tried : ln -s 'msdfs:mem1.internal.domain.tld\\someshare'
> >> >> /export/dfsroot/someshare
> >> >>
> >> >>
> >> >> smbclient //localhost/dfs -U 'administrator'
> >> >> cd someshare
> >> >>
> >> >> tree connect failed: NT_STATUS_BAD_NETWORK_NAME Unable to follow
> >> >> dfs referral [\mem1.internal.domain.tld\] cd \somewhare\:
> >> >> NT_STATUS_BAD_NETWORK_NAME
> >> >>
> >> >> so far for me..
> >> >>
> >> >> found this one
> >> >> https://groups.google.com/forum/#!topic/linux.samba/mi4O5lHE8Vc
> >> >> so i think this is not fixed yet...
> >> >> there is a patch in this link, but since im on sernet im not trying the patch.
> >> >
> >> > Yeah, thanks Louis.
> >> > This is looking more and more like a time consuming, undocumented
> >> > dead end. I'm really tempted to drop it at this point and spend
> >> > the time on a proper cluster instead. I get the feeling that this
> >> > was always going to be second best, and it only works with windows clients anyway.
> >> > Cheers,
> >> > Steve
> >> >
> >>
> >> Steve, have you done any testing with smbclient? I noticed that
> >> you've got 'kerberos method = system keytab' in alteas smb.conf.
> >>
> >> smbclient -k -U administrator //hh3.site/dfs/users (-k for
> >> kerberos)
> >
> > Hi Davor
> > You can't test domain dfs with smbclient because it requires a cifs
> > mount. cifs will only work if you specify a specific server:
> >
> > smbclient -k -U Administrator //hh3.site/dfs
> > ads_krb5_mk_req: smb_krb5_get_credentials failed for
> > cifs/hh3.site at SITE (Server not found in Kerberos database)
> > cli_session_setup_kerberos: spnego_gen_krb5_negTokenInit failed:
> > Server not found in Kerberos database session setup failed:
> > NT_STATUS_UNSUCCESSFUL
> >
> > This of course presents no problem:
> > smbclient -k -U Administrator //hh16.hh3.site/dfs Domain=[HH3]
> > OS=[Windows 6.1] Server=[Samba 4.2.0pre1-GIT-55c279f]
> > smb: \>
> >
> > and we can go on to access the share on altea fine.
> > Cheers,
> > Steve
> >
> >
>
> I think you´re wrong.
>
> From member server vastraaros:
> admind at vastraaros:~$ smbclient //hem.vusir.se/files -U davor
> WARNING: The "idmap backend" option is deprecated
> WARNING: The "idmap uid" option is deprecated
> WARNING: The "idmap gid" option is deprecated Enter davor's password:
> Domain=[VUSIR] OS=[Unix] Server=[Samba 4.1.9]
> smb: \> pwd
> Current directory is \\hem.vusir.se\files\
> smb: \> ls
> . D 0 Mon Jun 30 20:18:22 2014
> .. D 0 Fri Jun 27 05:51:19 2014
> home D 0 Fri Jun 27 19:26:33 2014
> familjen D 0 Fri Jun 27 19:26:07 2014
> 56212 blocks of size 1048576. 50192 blocks available
> smb: \> cd home\davor
> smb: \home\davor\> ls
> . D 0 Wed Apr 23 07:57:52 2014
> .. D 0 Thu Jun 26 22:29:37 2014
> _aaa D 0 Sun Oct 20 10:16:27 2013
> Links DR 0 Mon Jun 30 21:03:55 2014
> AppData D 0 Wed Apr 23 16:15:30 2014
> .bash_history H 50 Sun Mar 30 21:45:16 2014
> .viminfo H 1745 Mon Apr 7 05:58:08 2014
> Documents DR 0 Mon Jun 30 21:03:54 2014
> Contacts DR 0 Mon Jun 30 21:03:54 2014
> Desktop DR 0 Mon Jun 30 21:03:54 2014
> Searches DR 0 Mon Jun 30 21:03:54 2014
> Favorites DR 0 Mon Jun 30 21:03:54 2014
> 50364 blocks of size 4194304. 27720 blocks available
> smb: \home\davor\> pwd
> Current directory is \\hem.vusir.se\files\home\davor\
> smb: \home\davor\> listconnect
> 0: server=hem.vusir.se, share=files
> smb: \home\davor\>
>
> Regards
> Davor
On our config it treats the domain as the name of the server! Anyway, thanks for your time. We can't spend any longer with this as we are looking for a solution.
Thanks again,
Steve
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list