[Samba] domain-based DFS ?

L.P.H. van Belle belle at bazuin.nl
Thu Jul 3 03:38:21 MDT 2014 

some extra info. 

I applied  Microsoft Fixit 50409. 
Domain based dfs still not working. 
turned of IPV6, still not working. 

run the following in window 7 pc. :
dfsutil /pktinfo

5 entries...
Entry: \dc1\dfs\someshare
ShortEntry: \dc1\dfs\someshare
Expires in 0 seconds
UseCount: 0 Type:0x1 ( DFS )
   0:[\rtd-mem1.internal.domain.tld\someshare] AccessStatus: 0 ( ACTIVE )

Entry: \internal.domain.tld\dfs
ShortEntry: \internal.domain.tld\dfs
Expires in 0 seconds
UseCount: 0 Type:0x10 ( OUTSIDE_MY_DOM )
   0:[\internal.domain.tld\dfs]

Entry: \internal.domain.tld\netlogon
ShortEntry: \internal.domain.tld\netlogon
Expires in 179 seconds
UseCount: 0 Type:0x1 ( DFS )
   0:[\dc1.internal.domain.tld\netlogon] AccessStatus: 0 ( ACTIVE TARGETSET)
   1:[\dc2.internal.domain.tld\netlogon]

Entry: \internal.domain.tld\sysvol
ShortEntry: \internal.domain.tld\sysvol
Expires in 133 seconds
UseCount: 0 Type:0x1 ( DFS )
   0:[\dc1.internal.domain.tld\sysvol] AccessStatus: 0 ( ACTIVE TARGETSET )
   1:[\dc2.internal.domain.tld\sysvol]

Entry: \dc1\dfs
ShortEntry: \dc1\dfs
Expires in 0 seconds
UseCount: 0 Type:0x81 ( REFERRAL_SVC DFS )
   0:[\dc1\dfs] AccessStatus: 0 ( ACTIVE )


Im wondering why the domain base dfs is outside the domain? 

anyone? 

Greetz, 

Louis



>-----Oorspronkelijk bericht-----
>Van: belle at bazuin.nl [mailto:samba-bounces at lists.samba.org] 
>Namens L.P.H. van Belle
>Verzonden: donderdag 3 juli 2014 11:06
>Aan: samba at lists.samba.org
>Onderwerp: Re: [Samba] domain-based DFS ?
>
>Thanks Davor... 
>
>you found at least one problem, adding the interfaces and bind 
>options fixed at least 1 thing. 
>
>No changes on the windows 7 pc.
>
>in smb.conf i added 
>
>        interfaces = 127.0.0.1 192.168.1.1/24
>        bind interfaces only = yes
>
>( Ubuntu users dont use eth or lo, this is buggy  ) 
>
>added 
>[dfs]
>        comment = DFS Root Share
>        path = /export/dfsroot
>        browsable = yes
>        msdfs root = yes
>        read only = no
>
>
>now my test :
>
>smbclient //localhost/dfs  -U 'DOMAIN\administrator'
>cd someshare
>
>works
>
>windows7 pc to \\servername\dfs\someshare 
>works
>
>... 
>now working on the domain based dfs 
>
>
>Greetz, 
>
>Louis
>
>
>
>>-----Oorspronkelijk bericht-----
>>Van: davortvusir at gmail.com 
>>[mailto:samba-bounces at lists.samba.org] Namens Davor Vusir
>>Verzonden: donderdag 3 juli 2014 9:54
>>Aan: steve
>>CC: samba at lists.samba.org
>>Onderwerp: Re: [Samba] domain-based DFS ?
>>
>>2014-07-02 14:40 GMT+02:00 Davor Vusir <davortvusir at gmail.com>:
>>>
>>> Den 1 jul 2014 16:56 skrev "steve" <steve at steve-ss.com>:
>>>
>>>
>>>>
>>>> On Tue, 2014-07-01 at 16:32 +0200, L.P.H. van Belle wrote:
>>>> > well..
>>>> >
>>>> > I just did a test with this for steve also.
>>>> >
>>>> > same result.
>>>> >
>>>> > \\domain.name\sysvol and netlogon accessable no problems.
>>>> >
>>>> > \\domain.name\dfs   Access denied again? "Network path cannot be
>>>> > found...", 0x8xxxyy35?
>>>> >
>>>> > \\server1.domain.name\dfs  works, but someshare not.
>>>> > \\server1.domain.name\dfs\someshare
>>>> >
>>>> > my steps.
>>>> >
>>>> > mkdir -p /export/dfsroot
>>>> > chown root:root /export/dfsroot
>>>> > chmod 755 /export/dfsroot
>>>> > ln -s  'msdfs:mem1.internal.domain.tld\someshare'
>>>> > /export/dfsroot/someshare
>>>> >
>>>> > also tried : ln -s  'msdfs:mem1.internal.domain.tld\\someshare'
>>>> > /export/dfsroot/someshare
>>>> >
>>>> >
>>>> > smbclient //localhost/dfs  -U 'administrator'
>>>> > cd someshare
>>>> >
>>>> > tree connect failed: NT_STATUS_BAD_NETWORK_NAME
>>>> > Unable to follow dfs referral [\mem1.internal.domain.tld\]
>>>> > cd \somewhare\: NT_STATUS_BAD_NETWORK_NAME
>>>> >
>>>> > so far for me..
>>>> >
>>>> > found this one
>>>> > https://groups.google.com/forum/#!topic/linux.samba/mi4O5lHE8Vc
>>>> > so i think this is not fixed yet...
>>>> > there is a patch in this link, but since im on sernet im 
>>not trying the
>>>> > patch.
>>>>
>>>> Yeah, thanks Louis.
>>>> This is looking more and more like a time consuming, 
>>undocumented dead
>>>> end. I'm really tempted to drop it at this point and spend 
>>the time on a
>>>> proper cluster instead. I get the feeling that this was 
>>always going to
>>>> be second best, and it only works with windows clients anyway.
>>>> Cheers,
>>>> Steve
>>>>
>>>>
>>> Is it an IPv6 issue? I know Windows XP does not speak IPv6 
>>out-of-the-box.
>>> But...
>>>
>>> I have turned off IPv6 on the AD DC. And installed Microsoft 
>>Fixit 50409 on
>>> my Win 7.
>>>
>>> Regards
>>> Davor
>>>
>>Back again! :)
>>First of all, I refuse to believe that I'm the only one that got
>>domain-based DFS to work.
>>
>>I want to share some final thoughts in this matter.
>>
>>This link, 
>>https://wiki.samba.org/index.php/WIP/Beginner_HowTo_-_SOHO_busi
>>ness_server,
>>is a transcript of how I installed and configured Samba. To make
>>domain-based DFS work I simply put 'host msdfs = yes' to the global
>>section, added the required share definition, created the links,
>>restarted Samba end rebooted the Windows client.
>>
>>If you take a few minutes and read the wiki page, you'll see a section
>>about turning off IPv6 on the host. This might be what differs in my
>>and your setup. And what makes the difference.
>>
>>My thoughts:
>>The host is IPv6 capable. Samba understands and responds to requests
>>over both IPv4 and IPv6. An IPv4-only host, like Windows XP or Windows
>>7 with Microsoft Fixit 50409 installed, sends a request. Samba, or the
>>DFS-module, recieves it and processess it but as the host is IPv6
>>capable, Samba, or the DFS-module, returns an answer over a valid
>>adapter. May it be IPv4 or IPv6. Is the IPv6 adapter prioritized? For
>>Samba, or the DFS-module, it doesn't seem to matter. If samba, or the
>>DFS-module, just makes the check 'if ValidAdapter == true send
>>response;' it might just be sent over IPv6 and there is no one on the
>>other end to recieve the message. Or if the DFS code doesn't support
>>IPv6, it simply drops it.
>>
>>Would 'bind interfaces only',
>>http://www.samba.org/samba/docs/man/manpages-3/smb.conf.5.html#
>>BINDINTERFACESONLY,
>>be a better alternative to turning off IPv6 on the host? In
>>co-operation with 'interfaces',
>>http://www.samba.org/samba/docs/man/manpages-3/smb.conf.5.html#
>>INTERFACES?
>>
>>Regards
>>Davor
>>-- 
>>To unsubscribe from this list go to the following URL and read the
>>instructions:  https://lists.samba.org/mailman/options/samba
>>
>>
>
>-- 
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba
>
>

More information about the samba mailing list