[PLUG] Problems using multiple Samba servers in a Win2003 AD domain

Mike Leone on 2 May 2010 13:07:55 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[PLUG] Problems using multiple Samba servers in a Win2003 AD domain

From: Mike Leone <turgon@mike-leone.com>

To: Samba <samba@lists.samba.org>, Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>

Subject: [PLUG] Problems using multiple Samba servers in a Win2003 AD domain

Date: Sun, 02 May 2010 16:07:35 -0400

Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>

Sender: plug-bounces@lists.phillylinux.org

User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.9pre) Gecko/20100217 Shredder/3.0.3pre

I've been at this for days, and making no headway. It's very discouraging. I have a Win2003 domain, that has the Services for Unix extensions installed. I am trying to have multiple Samba servers as domain members. (in my case, one desktop sharing files, and one laptop, accessing the shares). And at the moment, it doesn't (fully) work. Each Samba server can see shares from the other. Windows clients can see and mount shares from each Samba server. Each Samba server can mount shares from Windows clients on the domain. What they can't do ... is mount shares from each other. I get mount error(13): Permission denied no matter what I try, I find various pages on how to do this, half of which conflict with each other, or are outdated, none of which work. I am using virtually the same smb.conf on both machines. Domain name = DCRIB.LOCAL (short name DACRIB) Win2003 DC = dim-win2300.dacrib.local 2 Ubuntu 9.10 members (Samba 3.4.0) Desktop = workhorse (with various shares) Laptop = Dual-Booter (which will access the shares on workhorse and elsewhere) So, can anyone point out what's wrong with these configs? Dual-Booter can see the shares on workhorse, and workhorse can see the share on Dual-Booter. Each can (and is) mounting shares from a WinXP machine. I can get Kerberos tickets on each Samba server. Each Samba server can mount a share from a WinXP desktop called "p4-desktop", altho I seem to have to specify the username as "turgon@DACRIB" in the credentials; it doesn't work any other way. I can't mount shares from the other Samba regardless of how I specify the user, however. testparm output - Dual-Booter: [global] workgroup = DACRIB realm = DACRIB.LOCAL server string = %h server (Samba %v, Domain: %D, Server: %L - %R) security = ADS auth methods = winbind map to guest = Bad User obey pam restrictions = Yes password server = dim-win2300.DaCrib.local pam password change = Yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . unix password sync = Yes client NTLMv2 auth = Yes log level = 3 syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 server signing = auto socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 os level = 2 local master = No domain master = No dns proxy = No eventlog list = Application, System, Security, SyslogLinux usershare allow guests = Yes panic action = /usr/share/samba/panic-action %d template shell = /bin/bash winbind separator = + winbind enum users = Yes winbind enum groups = Yes winbind nss info = rfc2307 winbind refresh tickets = Yes idmap config DACRIB:range = 10000 - 20000 idmap config DACRIB:backend = rid idmap config DACRIB:schema_mode = rfc2307 hide dot files = No [TestShare] path = /TestShare testparm output - Dual-Booter: [global] workgroup = DACRIB realm = DACRIB.LOCAL server string = %h server (Samba %v, Domain: %D, Server: %L - %R) security = ADS auth methods = winbind map to guest = Bad User obey pam restrictions = Yes password server = dim-win2300.DaCrib.local pam password change = Yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . unix password sync = Yes client NTLMv2 auth = Yes log level = 2 syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 server signing = auto os level = 2 local master = No domain master = No dns proxy = No eventlog list = Application, System, Security, SyslogLinux usershare allow guests = Yes panic action = /usr/share/samba/panic-action %d template shell = /bin/bash winbind separator = + winbind enum users = Yes winbind enum groups = Yes winbind nss info = rfc2307 winbind refresh tickets = Yes idmap config DACRIB:schema_mode = rfc2307 idmap config DACRIB:range = 10000-20000 idmap config DACRIB:backend = rid invalid users = root read only = No create mask = 0700 directory mask = 0775 hide dot files = No wide links = No [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No browsable = No [print$] comment = Printer Drivers path = /var/lib/samba/printers [OldHome] comment = The Old Home Folder path = /OldHome Thanks for any help. ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:

Re: [PLUG] Problems using multiple Samba servers in a Win2003 AD domain
From: "Eric at Lucii.org" <eric@lucii.org>

Next by Date: Re: [PLUG] Problems using multiple Samba servers in a Win2003 AD domain

Next by thread: Re: [PLUG] Problems using multiple Samba servers in a Win2003 AD domain

Index(es):

Date

Thread