samba-users May 2010 archive
Main Archive Page > Month Archives  > samba-users archives
samba-users: [Samba] Problems using multiple Samba servers in a

[Samba] Problems using multiple Samba servers in a Win2003 AD domain

From: Mike Leone <turgon_at_nospam>
Date: Sun May 02 2010 - 20:07:35 GMT
To: Samba <samba@lists.samba.org>, Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>

I've been at this for days, and making no headway. It's very
discouraging. I have a Win2003 domain, that has the Services for Unix
extensions installed. I am trying to have multiple Samba servers as
domain members. (in my case, one desktop sharing files, and one laptop,
accessing the shares). And at the moment, it doesn't (fully) work.

Each Samba server can see shares from the other. Windows clients can see
and mount shares from each Samba server. Each Samba server can mount
shares from Windows clients on the domain. What they can't do ... is
mount shares from each other. I get

mount error(13): Permission denied

no matter what I try, I find various pages on how to do this, half of
which conflict with each other, or are outdated, none of which work.

I am using virtually the same smb.conf on both machines.

Domain name = DCRIB.LOCAL (short name DACRIB)
Win2003 DC = dim-win2300.dacrib.local
2 Ubuntu 9.10 members (Samba 3.4.0)
Desktop = workhorse (with various shares)
Laptop = Dual-Booter (which will access the shares on workhorse and
elsewhere)

So, can anyone point out what's wrong with these configs? Dual-Booter
can see the shares on workhorse, and workhorse can see the share on
Dual-Booter. Each can (and is) mounting shares from a WinXP machine. I
can get Kerberos tickets on each Samba server. Each Samba server can
mount a share from a WinXP desktop called "p4-desktop", altho I seem to
have to specify the username as "turgon@DACRIB" in the credentials; it
doesn't work any other way. I can't mount shares from the other Samba
regardless of how I specify the user, however.

testparm output - Dual-Booter:

[global]
        workgroup = DACRIB
        realm = DACRIB.LOCAL
        server string = %h server (Samba %v, Domain: %D, Server: %L - %R)
        security = ADS
        auth methods = winbind
        map to guest = Bad User
        obey pam restrictions = Yes
        password server = dim-win2300.DaCrib.local
        pam password change = Yes
        passwd program = /usr/bin/passwd %u
        passwd chat = *Enter\snew\s*\spassword:* %n\n
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
        unix password sync = Yes
        client NTLMv2 auth = Yes
        log level = 3
        syslog = 0
        log file = /var/log/samba/log.%m
        max log size = 1000
        server signing = auto
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        os level = 2
        local master = No
        domain master = No
        dns proxy = No
        eventlog list = Application, System, Security, SyslogLinux
        usershare allow guests = Yes
        panic action = /usr/share/samba/panic-action %d
        template shell = /bin/bash
        winbind separator = +
        winbind enum users = Yes
        winbind enum groups = Yes
        winbind nss info = rfc2307
        winbind refresh tickets = Yes
        idmap config DACRIB:range = 10000 - 20000
        idmap config DACRIB:backend = rid
        idmap config DACRIB:schema_mode = rfc2307
        hide dot files = No

[TestShare]
        path = /TestShare

testparm output - Dual-Booter:

[global]
        workgroup = DACRIB
        realm = DACRIB.LOCAL
        server string = %h server (Samba %v, Domain: %D, Server: %L - %R)
        security = ADS
        auth methods = winbind
        map to guest = Bad User
        obey pam restrictions = Yes
        password server = dim-win2300.DaCrib.local
        pam password change = Yes
        passwd program = /usr/bin/passwd %u
        passwd chat = *Enter\snew\s*\spassword:* %n\n
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
        unix password sync = Yes
        client NTLMv2 auth = Yes
        log level = 2
        syslog = 0
        log file = /var/log/samba/log.%m
        max log size = 1000
        server signing = auto
        os level = 2
        local master = No
        domain master = No
        dns proxy = No
        eventlog list = Application, System, Security, SyslogLinux
        usershare allow guests = Yes
        panic action = /usr/share/samba/panic-action %d
        template shell = /bin/bash
        winbind separator = +
        winbind enum users = Yes
        winbind enum groups = Yes
        winbind nss info = rfc2307
        winbind refresh tickets = Yes
        idmap config DACRIB:schema_mode = rfc2307
        idmap config DACRIB:range = 10000-20000
        idmap config DACRIB:backend = rid
        invalid users = root
        read only = No
        create mask = 0700
        directory mask = 0775
        hide dot files = No
        wide links = No

[printers]
        comment = All Printers
        path = /var/spool/samba
        printable = Yes
        browseable = No
        browsable = No

[print$]
        comment = Printer Drivers
        path = /var/lib/samba/printers

[OldHome]
        comment = The Old Home Folder
        path = /OldHome

Thanks for any help.

-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba