samba - Feb 2002 - One domain w/ multiple subnets. Do a "join" for each subnet?

We've got Samba 2.2.2 up and running fine on an RS/6000 (AIX) machine w/ NT
authentication.  We have one domain w/ multiple subnets, and need users on
these different subnets to have access to the shares on this machine.
We've tested from a different subnet than the one we originally ran
smbpasswd on, and it fails (prompting for the passwd to the share...when it
works fine from the original subnet).  I've seen the debug for smbpasswd
when it's issued and it DOES make reference to the subnet address that we
run it from.  

So my question is...do we need to run the join (smbpasswd) from a machine
that's on each different subnet that we want to hit the shares from???  I
didn't know if this is how it's done since all the subnets are on the
same
domain.  Thanks for any suggestions.






Darin DeCounter

Atex Assistant System Administrator
Las Vegas Review-Journal
702-387-5230
ddecounter@lvrj.com

Darin DeCounter wrote:
> We've got Samba 2.2.2 up and running fine on an RS/6000 (AIX) machine
w/ NT
> authentication.  We have one domain w/ multiple subnets, and need users on
> these different subnets to have access to the shares on this machine.
> We've tested from a different subnet than the one we originally ran
> smbpasswd on, and it fails (prompting for the passwd to the share...when it
> works fine from the original subnet).  I've seen the debug for
smbpasswd
> when it's issued and it DOES make reference to the subnet address that
we
> run it from.  
> 
> So my question is...do we need to run the join (smbpasswd) from a machine
> that's on each different subnet that we want to hit the shares from??? 
I
> didn't know if this is how it's done since all the subnets are on
the same
> domain.  Thanks for any suggestions.
> 
> 
> 
> 
> 
> 
> Darin DeCounter
> 
> Atex Assistant System Administrator
> Las Vegas Review-Journal
> 702-387-5230
> ddecounter@lvrj.com
> 
> 
> 
Darin,

It should not be happening if you have one ethernet card for each subnet 
on your RS6k. I assume you are configured as a RS6k with one eth card, 
conected to routers/gateways like Cisco that routes packets between the 
differents subnets.

If that is the case, you may not have the routers/gateways configured to 
pass netbeui/netbios thru. I believe the problem is that, because the 
protocols used for authentication on Win world are not routeable. Try 
sniffing packets with one sniffer at the subnet where the workstation is 
and another at the RS6k. Probably the packets are being sent by the 
workstation, but the router/gateway is blocking then and they are never 
getting to the server.

For cisco routers, you must have an internal command ran in order to 
permit passing those packets. I do not know about other routers.

May be there is a number of parameters that you can try on the smb.conf 
in order to set communication between the subnets. They are the "remote 
announce" and "remote browse sync". I believe the key is to know
for
sure wich machine is the Workgroup master browser on the subnet where 
your RS6k is not, and remote announce and synchronize should point from 
the Samba/RS6k to the master browser on the other subnet.

If you have a Linux there, you can set it up to be the master browser. 
If there is an NW Server or Workstation there, I believe you can try to 
hack some registry entries to make sure THAT machine will be the master 
browser.

Bye,
-- 
Fernando Maior
Infokeep Informatica Ltda
fmaior@bigfoot.com
+55+31 3282-7009