samba-users August 2010 archive
Main Archive Page > Month Archives  > samba-users archives
samba-users: [Samba] Samba weirdness over different subnets

[Samba] Samba weirdness over different subnets

From: David Noriega <tsk133_at_nospam>
Date: Fri Aug 27 2010 - 19:04:33 GMT
To: samba@lists.samba.org

I've had the following setup working for years now. Subnet A contains
linux/windows workstations along with the PDC+LDAP. Subnet B contains
a BDC+LDAP and a domain member on the file server that windows users
connect too.

Whats new is I'm setting up a new domain member in Subnet B. It has
joined the domain and net getdomainsid works. From machines in Subnet
B I can run smbclient -L and have it correctly authenticate against
the local BDC and return a list of shares.

The problem is when I try to do the same from Subnet A. From my ubuntu
box, smblclient will simply sit there indefinitely, while from windows
it will wait for a while before it returns an error about the network
name no longer being available. From the server's point of view,
nothing is happening. I have to turn up the log level to 3 to see the
following:

[2010/08/27 13:35:42, 3] smbd/oplock.c:init_oplocks(863)
  init_oplocks: initializing messages.
[2010/08/27 13:35:42, 3] smbd/oplock_linux.c:linux_init_kernel_oplocks(234)
  Linux kernel oplocks enabled
[2010/08/27 13:35:42, 3] smbd/process.c:process_smb(1083)
  Transaction 0 of length 194
[2010/08/27 13:35:42, 3] smbd/process.c:switch_message(932)
  switch message SMBnegprot (pid 28515) conn 0x0
[2010/08/27 13:35:42, 3] smbd/sec_ctx.c:set_sec_ctx(241)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/08/27 13:35:42, 3] smbd/negprot.c:reply_negprot(505)
  Requested protocol [PC NETWORK PROGRAM 1.0]
[2010/08/27 13:35:42, 3] smbd/negprot.c:reply_negprot(505)
  Requested protocol [MICROSOFT NETWORKS 1.03]
[2010/08/27 13:35:42, 3] smbd/negprot.c:reply_negprot(505)
  Requested protocol [MICROSOFT NETWORKS 3.0]
[2010/08/27 13:35:42, 3] smbd/negprot.c:reply_negprot(505)
  Requested protocol [LANMAN1.0]
[2010/08/27 13:35:42, 3] smbd/negprot.c:reply_negprot(505)
  Requested protocol [LM1.2X002]
[2010/08/27 13:35:42, 3] smbd/negprot.c:reply_negprot(505)
  Requested protocol [DOS LANMAN2.1]
[2010/08/27 13:35:42, 3] smbd/negprot.c:reply_negprot(505)
  Requested protocol [LANMAN2.1]
[2010/08/27 13:35:42, 3] smbd/negprot.c:reply_negprot(505)
  Requested protocol [Samba]
[2010/08/27 13:35:42, 3] smbd/negprot.c:reply_nt1(364)
  using SPNEGO
[2010/08/27 13:35:42, 3] smbd/negprot.c:reply_negprot(606)
  Selected protocol NT LANMAN 1.0

Here it will wait for sometime before printing out the rest.

[2010/08/27 13:36:42, 3] smbd/sec_ctx.c:set_sec_ctx(241)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/08/27 13:37:42, 3] smbd/sec_ctx.c:set_sec_ctx(241)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/08/27 13:37:42, 2] smbd/process.c:timeout_processing(1390)
  Closing idle connection
[2010/08/27 13:37:42, 3] smbd/sec_ctx.c:set_sec_ctx(241)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/08/27 13:37:42, 3] smbd/connection.c:yield_connection(69)
  Yielding connection to
[2010/08/27 13:37:42, 3] smbd/server.c:exit_server_common(768)
  Server exit (normal exit)

smb.conf

[Global]
        workgroup = XXX.XXX.XXX
        server string = XXXX %v
        security = domain
        password server = XXXX, XXXX
        loglevel = 3
        syslog = 0
        interfaces = eth0
        bind interfaces only = yes

[homes]
               read only = No
        valid users = %S
        comment = %U Home Directory
        path = /home/%U
        browseable = no

[Public]
        path = /groups/Public
        browseable = yes
        writeable = yes
        create mask = 0777
        directory mask = 0777
        force group = "Domain Users"
        public = yes

I have no clue, any ideas?

David

PS: One thing that has never worked is resolving a netbios name that
isnt in the same subnet. It only works for machines in the same
subnet. I do have remote announce and remote browser sync on in the
BDC in Subnet B, but all that does is show those remote servers when
ever I do network browsing, but when I try to connect, i cant. I
always have to give its full dns hostname.
-- Personally, I liked the university. They gave us money and facilities, we didn't have to produce anything! You've never been out of college! You don't know what it's like out there! I've worked in the private sector. They expect results. -Ray Ghostbusters -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba