L.S., I''m having difficulties joining a Fedora Core 7 Samba server to a Windows 2000 Domain Controller. Both servers are located in a separate subnet which are connected via shorewall (4.0.6). I have configured the policy file to accept all traffic form both subnets and vice versa. This Samba server also runs a Postfix / Dovecot mailserver which succesfully authenticate users on the W2K DC. If I move the Samba server to the same subnet as the W2K DC, joining seems no problem. But when I move the server back to its original subnet and issue the command "net rpc testjoin", the response is "unable to find a suitable server". If I point the command directly to the DC with "net rpc testjoin -S myserver.mydomain.local ", the full output is: [2008/03/12 16:47:04, 0] utils/net_rpc_join.c:net_rpc_join_ok(70) net_rpc_join_ok: failed to get schannel session key from server myserver.mydomain.local for domain MYDOMAIN. Error was NT_STATUS_INVALID_COMPUTER_NAME Join to domain ''MYDOMAIN'' is not valid At first is was tempted the blame Samba, but since switching the server between subnets (and so bypassing shorewall) I believe I have misconfigured shorewall. Could shorewall be blocking some broadcasting traffic needed to perform the joining to the domain? Kind regards, Wouter ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
Wouter Amsterdam schrieb:> L.S., > > > > I'm having difficulties joining a Fedora Core 7 Samba server to a > Windows 2000 Domain Controller. Both servers are located in a separate > subnet which are connected via shorewall (4.0.6). I have configured the > policy file to accept all traffic form both subnets and vice versa. This > Samba server also runs a Postfix / Dovecot mailserver which succesfully > authenticate users on the W2K DC. If I move the Samba server to the same > subnet as the W2K DC, joining seems no problem. But when I move the > server back to its original subnet and issue the command "net rpc > testjoin", the response is "unable to find a suitable server". If I > point the command directly to the DC with "net rpc testjoin –S > myserver.mydomain.local ", the full output is: > > > > [2008/03/12 16:47:04, 0] utils/net_rpc_join.c:net_rpc_join_ok(70) > > net_rpc_join_ok: failed to get schannel session key from server > myserver.mydomain.local for domain MYDOMAIN. Error was > NT_STATUS_INVALID_COMPUTER_NAME > > Join to domain 'MYDOMAIN' is not valid > > > > At first is was tempted the blame Samba, but since switching the server > between subnets (and so bypassing shorewall) I believe I have > misconfigured shorewall. Could shorewall be blocking some broadcasting > traffic needed to perform the joining to the domain?What happens, if you disable shorewall? What is in the logs? Any blocked packages? Regards, -- Götz Reinicke IT Koordinator Tel. +49 7141 969 420 Fax +49 7141 969 55 420 E-Mail goetz.reinicke@filmakademie.de Filmakademie Baden-Württemberg GmbH Mathildenstr. 20 71638 Ludwigsburg www.filmakademie.de Eintragung Amtsgericht Stuttgart HRB 205016 Vorsitzender des Aufsichtsrats: Dr. Christoph Palmer, MdL, Minister a.D. Geschäftsführer: Prof. Thomas Schadt ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
Götz Reinicke wrote:> Wouter Amsterdam schrieb: >> L.S., >> >> >> >> I''m having difficulties joining a Fedora Core 7 Samba server to a >> Windows 2000 Domain Controller. Both servers are located in a separate >> subnet which are connected via shorewall (4.0.6). I have configured the >> policy file to accept all traffic form both subnets and vice versa. This >> Samba server also runs a Postfix / Dovecot mailserver which succesfully >> authenticate users on the W2K DC. If I move the Samba server to the same >> subnet as the W2K DC, joining seems no problem. But when I move the >> server back to its original subnet and issue the command "net rpc >> testjoin", the response is "unable to find a suitable server". If I >> point the command directly to the DC with "net rpc testjoin –S >> myserver.mydomain.local ", the full output is: >> >> >> >> [2008/03/12 16:47:04, 0] utils/net_rpc_join.c:net_rpc_join_ok(70) >> >> net_rpc_join_ok: failed to get schannel session key from server >> myserver.mydomain.local for domain MYDOMAIN. Error was >> NT_STATUS_INVALID_COMPUTER_NAME >> >> Join to domain ''MYDOMAIN'' is not valid >> >> >> >> At first is was tempted the blame Samba, but since switching the server >> between subnets (and so bypassing shorewall) I believe I have >> misconfigured shorewall. Could shorewall be blocking some broadcasting >> traffic needed to perform the joining to the domain? > > What happens, if you disable shorewall? > > What is in the logs? Any blocked packages?Shorewall doesn''t log any of the Microsoft Networking noise that it drops or rejects. It did that originally, and we had 100''s of newbies frantically reporting that they were under attack by their own Windows systems. See http://www.shorewall.net/samba.htm -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
Tom Eastep schrieb:> Götz Reinicke wrote: >> Wouter Amsterdam schrieb: >>> L.S., >>> >>> >>> >>> I'm having difficulties joining a Fedora Core 7 Samba server to a >>> Windows 2000 Domain Controller. Both servers are located in a >>> separate subnet which are connected via shorewall (4.0.6). I have >>> configured the policy file to accept all traffic form both subnets >>> and vice versa. This Samba server also runs a Postfix / Dovecot >>> mailserver which succesfully authenticate users on the W2K DC. If I >>> move the Samba server to the same subnet as the W2K DC, joining seems >>> no problem. But when I move the server back to its original subnet >>> and issue the command "net rpc testjoin", the response is "unable to >>> find a suitable server". If I point the command directly to the DC >>> with "net rpc testjoin –S myserver.mydomain.local ", the full output is: >>> >>> >>> >>> [2008/03/12 16:47:04, 0] utils/net_rpc_join.c:net_rpc_join_ok(70) >>> >>> net_rpc_join_ok: failed to get schannel session key from server >>> myserver.mydomain.local for domain MYDOMAIN. Error was >>> NT_STATUS_INVALID_COMPUTER_NAME >>> >>> Join to domain 'MYDOMAIN' is not valid >>> >>> >>> >>> At first is was tempted the blame Samba, but since switching the >>> server between subnets (and so bypassing shorewall) I believe I have >>> misconfigured shorewall. Could shorewall be blocking some >>> broadcasting traffic needed to perform the joining to the domain? >> >> What happens, if you disable shorewall? >> >> What is in the logs? Any blocked packages? > > Shorewall doesn't log any of the Microsoft Networking noise that it > drops or rejects. It did that originally, and we had 100's of newbies > frantically reporting that they were under attack by their own Windows > systems.I was in a situation where logging was disabled too by default and that was a harder problem to debug. Enabling the logging helped to solve the problem ... so sometimes logging a lot is O.K. (Regarding our problem I had 4GB+ of Logfiles, as some devices flooded the net with broadcasts ...) And may be Wouter Amsterdam enabled logging too? Regards Götz -- Götz Reinicke IT Koordinator Tel. +49 7141 969 420 Fax +49 7141 969 55 420 E-Mail goetz.reinicke@filmakademie.de Filmakademie Baden-Württemberg GmbH Mathildenstr. 20 71638 Ludwigsburg www.filmakademie.de Eintragung Amtsgericht Stuttgart HRB 205016 Vorsitzender des Aufsichtsrats: Dr. Christoph Palmer, MdL, Minister a.D. Geschäftsführer: Prof. Thomas Schadt ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
Tom, Thanks for your swift reply. I changed my rules file and the etc/shorewall/action.Drop and action.Reject files as mentioned in http://www.shorewall.net/samba.htm. But unfortunately I cannot find any logging of SMB traffic between both zones. The only logging with the relevant IP addresses in /var/log/messages is from yesterday, before I changed anything: Mar 12 15:39:13 omilia kernel: Shorewall:FORWARD:REJECT:IN=eth2 OUT=eth2 SRC=192.168.6.13 DST=192.168.0.12 LEN=77 TOS=0x00 PREC=0x00 TTL=63 ID=54555 DF PROTO=UDP SPT=32889 DPT=53 LEN=57 Mar 12 15:39:23 omilia kernel: Shorewall:FORWARD:REJECT:IN=eth2 OUT=eth2 SRC=192.168.6.13 DST=192.168.0.12 LEN=77 TOS=0x00 PREC=0x00 TTL=63 ID=54556 DF PROTO=UDP SPT=32889 DPT=53 LEN=57 The only relevant logging from today is this one: Mar 13 08:59:43 omilia kernel: Shorewall:all2all:REJECT:IN= OUT=eth2 SRC=192.168.0.254 DST=192.168.0.12 LEN=71 TOS=0x00 PREC=0x00 TTL=64 ID=7733 DF PROTO=UDP SPT=32772 DPT=53 LEN=51 But this looks like a DNS query from the firewall itself (0.254) to my domain controller (0.12). Nothing Samba about that. I'm lost... Wouter -----Oorspronkelijk bericht----- Van: shorewall-users-bounces@lists.sourceforge.net [mailto:shorewall-users-bounces@lists.sourceforge.net] Namens Tom Eastep Verzonden: woensdag 12 maart 2008 17:20 Aan: Shorewall Users Onderwerp: Re: [Shorewall-users] Shorewall & Samba domain join Götz Reinicke wrote:> Wouter Amsterdam schrieb: >> L.S., >> >> >> >> I'm having difficulties joining a Fedora Core 7 Samba server to a >> Windows 2000 Domain Controller. Both servers are located in a >> separate subnet which are connected via shorewall (4.0.6). I have >> configured the policy file to accept all traffic form both subnets >> and vice versa. This Samba server also runs a Postfix / Dovecot >> mailserver which succesfully authenticate users on the W2K DC. If I >> move the Samba server to the same subnet as the W2K DC, joining seems >> no problem. But when I move the server back to its original subnet >> and issue the command "net rpc testjoin", the response is "unable to >> find a suitable server". If I point the command directly to the DC >> with "net rpc testjoin –S myserver.mydomain.local ", the full output is: >> >> >> >> [2008/03/12 16:47:04, 0] utils/net_rpc_join.c:net_rpc_join_ok(70) >> >> net_rpc_join_ok: failed to get schannel session key from server >> myserver.mydomain.local for domain MYDOMAIN. Error was >> NT_STATUS_INVALID_COMPUTER_NAME >> >> Join to domain 'MYDOMAIN' is not valid >> >> >> >> At first is was tempted the blame Samba, but since switching the >> server between subnets (and so bypassing shorewall) I believe I have >> misconfigured shorewall. Could shorewall be blocking some >> broadcasting traffic needed to perform the joining to the domain? > > What happens, if you disable shorewall? > > What is in the logs? Any blocked packages?Shorewall doesn't log any of the Microsoft Networking noise that it drops or rejects. It did that originally, and we had 100's of newbies frantically reporting that they were under attack by their own Windows systems. See http://www.shorewall.net/samba.htm -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
On Thu, Mar 13, 2008 at 09:47:32AM +0100, Wouter Amsterdam wrote:> Tom, > > Thanks for your swift reply. I changed my rules file and the etc/shorewall/action.Drop and action.Reject files as mentioned in http://www.shorewall.net/samba.htm. But unfortunately I cannot find any logging of SMB traffic between both zones. The only logging with the relevant IP addresses in /var/log/messages is from yesterday, before I changed anything: >What happens if you run "shorewall clear"? Do things start working then? Regards, -Roberto -- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
Wouter Amsterdam wrote:> Tom, > > Thanks for your swift reply. I changed my rules file and the etc/shorewall/action.Drop and action.Reject files as mentioned in http://www.shorewall.net/samba.htm. But unfortunately I cannot find any logging of SMB traffic between both zones. The only logging with the relevant IP addresses in /var/log/messages is from yesterday, before I changed anything: > > Mar 12 15:39:13 omilia kernel: Shorewall:FORWARD:REJECT:IN=eth2 OUT=eth2 SRC=192.168.6.13 DST=192.168.0.12 LEN=77 TOS=0x00 PREC=0x00 TTL=63 ID=54555 DF PROTO=UDP SPT=32889 DPT=53 LEN=57 > Mar 12 15:39:23 omilia kernel: Shorewall:FORWARD:REJECT:IN=eth2 OUT=eth2 SRC=192.168.6.13 DST=192.168.0.12 LEN=77 TOS=0x00 PREC=0x00 TTL=63 ID=54556 DF PROTO=UDP SPT=32889 DPT=53 LEN=57 > > The only relevant logging from today is this one: > > Mar 13 08:59:43 omilia kernel: Shorewall:all2all:REJECT:IN= OUT=eth2 SRC=192.168.0.254 DST=192.168.0.12 LEN=71 TOS=0x00 PREC=0x00 TTL=64 ID=7733 DF PROTO=UDP SPT=32772 DPT=53 LEN=51 > > But this looks like a DNS query from the firewall itself (0.254) to my domain controller (0.12). Nothing Samba about that. I''m lost...So do you have a Wins server or PDC? Are the Windows hosts configured to use it? -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
Tom, We do have a Windows 2000 DC, but WINS is not installed. All Windows clients are located in the same segment as the DC, DNS server information is issued to the clients via DHCP. Wouter -----Oorspronkelijk bericht----- Van: shorewall-users-bounces@lists.sourceforge.net [mailto:shorewall-users-bounces@lists.sourceforge.net] Namens Tom Eastep Verzonden: donderdag 13 maart 2008 15:13 Aan: Shorewall Users Onderwerp: Re: [Shorewall-users] Shorewall & Samba domain join Wouter Amsterdam wrote:> Tom, > > Thanks for your swift reply. I changed my rules file and the etc/shorewall/action.Drop and action.Reject files as mentioned in http://www.shorewall.net/samba.htm. But unfortunately I cannot find any logging of SMB traffic between both zones. The only logging with the relevant IP addresses in /var/log/messages is from yesterday, before I changed anything: > > Mar 12 15:39:13 omilia kernel: Shorewall:FORWARD:REJECT:IN=eth2 > OUT=eth2 SRC=192.168.6.13 DST=192.168.0.12 LEN=77 TOS=0x00 PREC=0x00 > TTL=63 ID=54555 DF PROTO=UDP SPT=32889 DPT=53 LEN=57 Mar 12 15:39:23 > omilia kernel: Shorewall:FORWARD:REJECT:IN=eth2 OUT=eth2 > SRC=192.168.6.13 DST=192.168.0.12 LEN=77 TOS=0x00 PREC=0x00 TTL=63 > ID=54556 DF PROTO=UDP SPT=32889 DPT=53 LEN=57 > > The only relevant logging from today is this one: > > Mar 13 08:59:43 omilia kernel: Shorewall:all2all:REJECT:IN= OUT=eth2 > SRC=192.168.0.254 DST=192.168.0.12 LEN=71 TOS=0x00 PREC=0x00 TTL=64 > ID=7733 DF PROTO=UDP SPT=32772 DPT=53 LEN=51 > > But this looks like a DNS query from the firewall itself (0.254) to my domain controller (0.12). Nothing Samba about that. I''m lost...So do you have a Wins server or PDC? Are the Windows hosts configured to use it? -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
Wouter Amsterdam wrote:> Tom, > > We do have a Windows 2000 DC, but WINS is not installed. All Windows > clients are located in the same segment as the DC, DNS server > information is issued to the clients via DHCP.If all clients are in the same segment, what problem are you trying to solve that involves Shorewall? -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
I''m trying to set up a new Samba file server in the other segment. For it to succesfully authenticate users in Active Directory (using winbind), I need to join the Samba server to the domain. Until now, that has proven to be a problem. -----Oorspronkelijk bericht----- Van: shorewall-users-bounces@lists.sourceforge.net [mailto:shorewall-users-bounces@lists.sourceforge.net] Namens Tom Eastep Verzonden: donderdag 13 maart 2008 16:12 Aan: Shorewall Users Onderwerp: Re: [Shorewall-users] Shorewall & Samba domain join Wouter Amsterdam wrote:> Tom, > > We do have a Windows 2000 DC, but WINS is not installed. All Windows > clients are located in the same segment as the DC, DNS server > information is issued to the clients via DHCP.If all clients are in the same segment, what problem are you trying to solve that involves Shorewall? -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
Wouter Amsterdam wrote:> The only relevant logging from today is this one: > > Mar 13 08:59:43 omilia kernel: Shorewall:all2all:REJECT:IN= OUT=eth2 SRC=192.168.0.254 DST=192.168.0.12 LEN=71 TOS=0x00 PREC=0x00 TTL=64 ID=7733 DF PROTO=UDP SPT=32772 DPT=53 LEN=51 > > But this looks like a DNS query from the firewall itself (0.254) to my domain controller (0.12). Nothing Samba about that. I''m lost...So shouldn''t you be allowing that traffic? -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
Wouter Amsterdam wrote:> I''m trying to set up a new Samba file server in the other segment. For it to > succesfully authenticate users in Active Directory (using winbind), I need > to join the Samba server to the domain. Until now, that has proven to be a > problem.Then I''m going to ask the same question that was asked previously; if you "shorewall clear", does it work? If it doesn''t work with Shorewall cleared, it certainly isn''t going to work with Shorewall started. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
Wouter Amsterdam wrote:> I''m trying to set up a new Samba file server in the other segment. For it to > succesfully authenticate users in Active Directory (using winbind), I need > to join the Samba server to the domain. Until now, that has proven to be a > problem.Have you configured Samba to use the PDC as its Wins Server? -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
I would like to try "shorewall clear" outside office hours, to keep communications to our mailserver up (both from the outside as from my clients). I''ll post the results when I''m done. Wouter -----Oorspronkelijk bericht----- Van: shorewall-users-bounces@lists.sourceforge.net [mailto:shorewall-users-bounces@lists.sourceforge.net] Namens Tom Eastep Verzonden: donderdag 13 maart 2008 16:22 Aan: Shorewall Users Onderwerp: Re: [Shorewall-users] Shorewall & Samba domain join Wouter Amsterdam wrote:> I''m trying to set up a new Samba file server in the other segment. For > it to succesfully authenticate users in Active Directory (using > winbind), I need to join the Samba server to the domain. Until now, > that has proven to be a problem.Then I''m going to ask the same question that was asked previously; if you "shorewall clear", does it work? If it doesn''t work with Shorewall cleared, it certainly isn''t going to work with Shorewall started. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
On Thu, Mar 13, 2008 at 04:11:45PM +0100, Wouter Amsterdam wrote:> We do have a Windows 2000 DC, but WINS is not installed. All Windows > clients are located in the same segment as the DC, DNS server > information is issued to the clients via DHCP.In this configuration, netbios unicast and broadcast discovery (including WINS) is not used. Clients discover the AD server(s) via DHCP, which points them to other hosts via an unholy mixture of LDAP and DNS. Clients will still send out legacy netbios noise as a fallback mechanism when something goes wrong. Ignore it. The DNS traffic you have noticed is probably relevant. ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
Tom, As you probably expected, if won''t work even if I "shorewall clear". Sorry for my ignorance. I''ll contact a samba mailing list instead. Wouter -----Oorspronkelijk bericht----- Van: shorewall-users-bounces@lists.sourceforge.net [mailto:shorewall-users-bounces@lists.sourceforge.net] Namens Tom Eastep Verzonden: donderdag 13 maart 2008 16:22 Aan: Shorewall Users Onderwerp: Re: [Shorewall-users] Shorewall & Samba domain join Wouter Amsterdam wrote:> I''m trying to set up a new Samba file server in the other segment. For > it to succesfully authenticate users in Active Directory (using > winbind), I need to join the Samba server to the domain. Until now, > that has proven to be a problem.Then I''m going to ask the same question that was asked previously; if you "shorewall clear", does it work? If it doesn''t work with Shorewall cleared, it certainly isn''t going to work with Shorewall started. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/