My environment in a nutshell is like this:
- I'm a member of a Windows AD domain environment that spans many different subnets.
- My client workstation (Windows XP) is part of this domain and resides on one subnet.
- The server I'm trying to get Samba working on (SLES 10) is part of the same domain but resides on a different subnet.
- I want to access shares on the SLES 10 box from my workstation.
After spending hours reading through documentation, I apparently still can't figure out exactly what I need to do to make this work.
Here is what does work:
1. I can ping the workstation from the SLES box, both by hostname and ip.
2. I can ping the SLES box from my workstation, both by hostname and ip.
3. netstat -an shows that the SLES box is listening on ports 139 and 445.
4. I can telnet from my workstation to the SLES box on ports 139 and 445.
5. Output from
smbclient -L coolserver (hostname obfuscated):
Code:
Anonymous login successful
Domain=[COOLDOMAIN] OS=[Unix] Server=[Samba 3.5.8-30.4-2516-SUSE-CODE10-x86_64]
Sharename Type Comment
--------- ---- -------
profiles Disk Network Profiles Service
users Disk All users
groups Disk All groups
print$ Disk Printer Drivers
patrol Disk Patrol share
IPC$ IPC IPC Service (Samba 3.5.8-30.4-2516-SUSE-CODE10-x86_64)
Anonymous login successful
Domain=[COOLDOMAIN] OS=[Unix] Server=[Samba 3.5.8-30.4-2516-SUSE-CODE10-x86_64]
Server Comment
--------- -------
COOLSERVER Samba 3.5.8-30.4-2516-SUSE-CODE10-x86_64
Workgroup Master
--------- -------
COOLDOMAIN COOLSERVER
6. Output from
smbclient //coolserver/coolshare:
Code:
Enter cooluser's password:
Domain=[COOLDOMAIN] OS=[Unix] Server=[Samba 3.5.8-30.4-2516-SUSE-CODE10-x86_64]
smb: \>
So, cross-subnet communication seems to be working in a general sense and I have verified that my share is present and accessible by my chosen user id.
Here's what doesn't work (from the workstation):
1. Output from
net view \\coolserver:
Code:
System error 64 has occurred.
The specified network name is no longer available.
2. Output from
net view \\coolserver\coolshare:
Code:
System error 5 has occurred.
Access is denied.
3. Same output as above if I try to connect via IP.
However, when I run any of the above commands from my workstation, I see the following in log.smbd on the SLES box:
Code:
coolworkstation (10.49.140.36) connect to service coolshare initially as user cooluser (uid=12171, gid=500) (pid 29039)
[2011/07/08 00:39:29.098422, 1] smbd/service.c:1251(close_cnum)
coolworkstation (10.49.140.36) closed connection to service coolshare
I'm not really sure how to interpret this because those are the exact same entries that get logged when I connect to the share locally, via the smbclient utility on the SLES box, which works fine... but from the Windows box I get the "Access is Denied" or "The specified network name is no longer available" errors.
I also occasionally see this in log.smbd:
Code:
[2011/07/08 01:01:19.858308, 1] smbd/server.c:240(cleanup_timeout_fn)
Cleaning up brl and lock database after unclean shutdown
[2011/07/08 01:01:33.828692, 0] printing/print_cups.c:108(cups_connect)
Unable to connect to CUPS server localhost:631 - Connection refused
[2011/07/08 01:01:33.832127, 1] smbd/server.c:282(remove_child_pid)
Could not find child 29781 -- ignoring
I don't know if that is relevant.
I created the Samba user via the smbpasswd utility and my smbusers file maps the system user directly to the Samba user, both of which have the same password.
Here is my smb.conf:
Code:
[global]
workgroup = COOLDOMAIN
netbios name = coolserver
domain master = no
preferred master = yes
local master = yes
wins support = no
wins server = 10.10.10.99
os level = 0
name resolve order = wins lmhosts hosts bcast
dns proxy = no
interfaces = eth0
security = user
encrypt passwords = yes
smb passwd file = /etc/samba/smbpasswd
passdb backend = smbpasswd
printing = cups
printcap name = cups
printcap cache time = 750
cups options = raw
map to guest = Bad User
include = /etc/samba/dhcp.conf
logon path = \\%L\profiles\.msprofile
logon home = \\%L\%U\.9xprofile
logon drive = P:
usershare allow guests = Yes
[homes]
comment = Home Directories
valid users = %S, %D%w%S
browseable = No
read only = No
inherit acls = Yes
[profiles]
comment = Network Profiles Service
path = %H
read only = No
store dos attributes = Yes
create mask = 0600
directory mask = 0700
[users]
comment = All users
path = /home
read only = No
inherit acls = Yes
veto files = /aquota.user/groups/shares/
[groups]
comment = All groups
path = /home/groups
read only = No
inherit acls = Yes
[printers]
comment = All Printers
path = /var/tmp
printable = Yes
create mask = 0600
browseable = No
[print$]
comment = Printer Drivers
path = /var/lib/samba/drivers
write list = @ntadmin root
force group = ntadmin
create mask = 0664
directory mask = 0775
[coolshare]
comment = cool share
path = /cool/path
users = cooluser cooluser2
hosts allow = 10.10.10.10 20.20.20.20
read only = No
browseable = Yes
My workstation and the SLES box are both pointing to the same WINS server, which services the entire domain (which is also one of the DC's and one of the DNS servers).
I'm really not sure what's going on. I'm guessing it probably has something to do with the subnet boundaries or the WINS configuration or something along those lines.
I just don't understand because the smb daemon seems to be logging "successful" sessions from my workstation... but then the session just insta-closes.
Thanks for any help.
