samba - Feb 2006 - About join domain in different subnet.

Hi all:

I have a question about join domain.
If my samba server and domain controller are in different subnet (such as
192.168.1.x and 192.168.2.x), two conditions happened:
ADS domain
1. if I use domain name, then join fail.
2. if I use IP address of domain controller, join success.
However, in both cases I can't retrieve domain users/groups.
Is it necessary for samba sever and domain controller in the same subnet in
order to get domain users/list list?
Can NT domain in different subnet?

Thanks in advance.

Latrell.From craigwhite at azapple.com  Thu Feb  9 06:38:20 2006
From: craigwhite at azapple.com (Craig White)
Date: Thu Feb  9 06:38:45 2006
Subject: [Samba] domain user + local admin group
In-Reply-To: <61413.203.53.197.6.1139466425.squirrel@203.53.197.6>
References: <61413.203.53.197.6.1139466425.squirrel@203.53.197.6>
Message-ID: <1139467100.621.116.camel@lin-workstation.azapple.com>

On Thu, 2006-02-09 at 17:27 +1100, Greg Andrews wrote:
> Howdy All,
> 
> My samba server has decided to throw a hissy fit and its quite distressing
> ( not hair tearing out yet but will be soon ). Samba Version 3.02
> 
> To give domain users admin rights to their local machine I have in the
> past simply made domain users part of the local admin group. Perhaps not
> the most elegant solution , but it works.
> 
> I today installed two more machines ( XP sp2 )onto the network and the
> machines joined the domain without any grief, and when you look at users
> and groups on the local machines the admin group has domain admins and the
> users group has domain users ( this done automatically by samba ) however
> if I try to add the domain users group to the local administrators group ,
> which I have done on the other 60 machines on the network, the machine
> simply hangs and says it cant do it.
> Looking at "top" on the server  there is an smbd process which is
spawned
> ( and doesn't stop ) which is utilising 99.9% of the server cpu . This
is
> a bad thing :(
> 
> I have read the how-to and have gone back over previous emails on the
> subject and am none the wiser.
> 
> I should add that I am far from an expert, and am trying to establish what
> has changed on the system which would cause this behaviour. So far the
> only thing I can see that I have done is to change the root password at
> the linux level ( I then changed the samba root password in desperation to
> the same thing with  /etc/samba/smbpasswd root and entered the same
> password.
> 
> Unfortunately no joy.
> 
> using redhat9 and samba 3.02
> I am reluctant to experiment much as this is a "live" system .
> Any and all help or ideas are appreciated
----
doesn't strike me as having anything whatsoever to do with
passwords...sounds more like a problem with group mapping...

why don't you try posting up - or checking out for yourself...

# net groupmap list

# samba getlocalsid

and see if the SID portion prior to RID's are all in alignment...sounds
like something changed or the "Domain Users" SID isn't correct.

Craig

Someone else on the list may correct me, but I think the problem is  
that the computer joining the domain is discovering the domain  
controller by broadcast -- and broadcasts don't cross the router.

I suppose this might help you understand what you are dealing with:
http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/ 
NetworkBrowsing.html

Somewhere in the network control panel, you can tell your windows  
workstation to use WINS first for name resolution, and if the remote  
samba is also acting as a wins server, that is the one you will want  
to use to discover the controller for your domain.

Or perhaps you can customize the workstation's LMHOSTS file, prior to  
making the attempt to join the domain.


On Feb 8, 2006, at 9:24 PM, Latrell wrote:
> Hi all:
>
> I have a question about join domain.
> If my samba server and domain controller are in different subnet  
> (such as 192.168.1.x and 192.168.2.x), two conditions happened:
> ADS domain
> 1. if I use domain name, then join fail.
> 2. if I use IP address of domain controller, join success.
> However, in both cases I can't retrieve domain users/groups.
> Is it necessary for samba sever and domain controller in the same  
> subnet in order to get domain users/list list?
> Can NT domain in different subnet?
>
> Thanks in advance.
>
> Latrell.
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>
>