Joining a Samba Domain/Workgroup from a remote Network

Popolytho · 10-29-2010, 05:31 AM

Hi guys,

Here is the scenario:

I have an OpenSuSe Server configured with DNS, Samba (PDC + WINS), LDAP, Squid

All this is in a hybrid scenario with other OpenSuse acting as clients and some Windows 7 also as clients.

Everything works perfect. Both systems are able to join and authenticate in the Samba server very smoothly.

My problem is that in my workspace I have several different subnets/VLANS.

So I have another OpenSuSe client here that needs to join the domain and authenticate with the samba server, but he just can´t find it via the Windows Domain Membership setup screen (where I usually configure the others).

The server can pe pinged, and it does resolv local domain names. It seems the problem is that I have no place to configure a PDC/WINS server in Linux Client. It only asks me for the domain to join, and then it doesn´t find it (I´m guessing this happens because it can´t receive the broadcasts from the server network).

Is there any way to declare the Samba/PDC/WINS server on the client side?

Let me know if you need more details or info.

Thanks in advance,

Mytho

feinbein · 10-30-2010, 05:56 AM

Try adding:

name resolve order = lmhosts host wins bcast

in smb.conf

It could also be a problem with binding samba to a certain network or interface.

Popolytho · 11-02-2010, 04:04 AM

Quote:

Originally Posted by feinbein

Try adding:

name resolve order = lmhosts host wins bcast

in smb.conf

It could also be a problem with binding samba to a certain network or interface.

Hello,

Thanks for your input. I have tried the resolve order and it didn´t work. What I really need is a way to bind the samba to a certain network, as you´ve said.

How can I do this? I have searched for quite a while now and no cake so far...

Thanks

feinbein · 11-03-2010, 11:19 AM

can you post your smb.conf?

Popolytho · 11-03-2010, 11:28 AM

Quote:

Originally Posted by feinbein

can you post your smb.conf?

I suppose you mean the client´s smb.conf, right?

Code:

# cat /etc/samba/smb.conf
# smb.conf is the main Samba configuration file. You find a full commented
# version at /usr/share/doc/packages/samba/examples/smb.conf.SUSE if the
# samba-doc package is installed.
# Date: 2010-09-15
[global]
        workgroup = WORKGROUP
        wins server = 172.22.110.100
        name resolve order = wins bcast host lmhosts
        passdb backend = tdbsam
        printing = cups
        printcap name = cups
        printcap cache time = 750
        cups options = raw
        map to guest = Bad User
        include = /etc/samba/dhcp.conf
        logon path = \\%L\profiles\.msprofile
        logon home = \\%L\%U\.9xprofile
        logon drive = P:
        usershare allow guests = Yes
[homes]
        comment = Home Directories
        valid users = %S, %D%w%S
        browseable = No
        read only = No
        inherit acls = Yes
[profiles]
        comment = Network Profiles Service
        path = %H
        read only = No
        store dos attributes = Yes
        create mask = 0600
        directory mask = 0700
[users]
        comment = All users
        path = /home
        read only = No
        inherit acls = Yes
        veto files = /aquota.user/groups/shares/
[groups]
        comment = All groups
        path = /home/groups
        read only = No
        inherit acls = Yes
[printers]
        comment = All Printers
        path = /var/tmp
        printable = Yes
        create mask = 0600
        browseable = No
[print$]
        comment = Printer Drivers
        path = /var/lib/samba/drivers
        write list = @ntadmin root
        force group = ntadmin
        create mask = 0664
        directory mask = 0775

I have reinstalled the client (opensuse 11.3) and am trying from a clean start. I added the "wins server" option and the "name resolve order", but still no success...

the domain that I need it to join is teste.local, but I was hoping to set it using the tool Windows Domain Membership, that is why I didn´t set it up directly in the smb.conf (hopefully when it works, it will change it by itself)

Open to suggestions.

Thanks in advance

feinbein · 11-04-2010, 01:18 AM

The binding would happen in smb.conf on the server, also you have the 'hosts allow'-directive, e.g.

Code:

interfaces = localhost 192.168.1.1/24

hosts allow = localhost, 172.16

It's also worth checking if netbios-packets are maybe filtered on your router.

Popolytho · 11-04-2010, 04:44 AM

Quote:

Originally Posted by feinbein

The binding would happen in smb.conf on the server, also you have the 'hosts allow'-directive, e.g.

Code:

interfaces = localhost 192.168.1.1/24

hosts allow = localhost, 172.16

It's also worth checking if netbios-packets are maybe filtered on your router.

For now and for testing purposes, I am using hosts allow = ALL

and it hasn´t worked yet, unfortunately.
The server only has one interface, but I could try that as well...

The router filter all kinds of broadcasts, that is why I need a solution that skips broadcasts.

If I actively execute an "smbclient -L //server -U user, it will work perfect, but I must specify the server. I need some kind of global variable that specifies the server in the system so that when the pc boots, it will make direct requests to it instead of sending broadcasts asking who is the samba server.

Cheers

feinbein · 11-04-2010, 04:55 PM

Would it not be easier to tell the router to not filter netbios?

Popolytho · 11-05-2010, 04:36 AM

Quote:

Originally Posted by feinbein

Would it not be easier to tell the router to not filter netbios?

It truly would, but I can´t, due to company policy. I´m not allowed to make any changes to the routers for this project. And in theory, Samba supports subnetting, I just can´t seem to make it work atm.

Thanks

feinbein · 11-05-2010, 10:55 AM

Quote:

Originally Posted by Popolytho

If I actively execute an "smbclient -L //server -U user, it will work perfect, but I must specify the server.

Cheers

You could setup domain-membership from within the samba servers vlan and then move the machines over to the other afterwards.
Or get a nic for every vlan.

Popolytho · 11-05-2010, 11:16 AM

Quote:

Originally Posted by feinbein

You could setup domain-membership from within the samba servers vlan and then move the machines over to the other afterwards

After that, all logins made in the remote network would be treated as offline, with no sync.

I was able to join the domain now using "net rpc join" from the remote network, now I just need to setup the system to use that in the authentication panel during login.

I guess this must be done in the PAM files, right?