samba - Dec 2004 - Trusted domain problem (maybe networking)

Hello,

I have spent the afternoon learning how to configure my routers to allow 
directed-broadcast with an access list, so that I can allow two different 
domains on different subnets to trust each other.  Now I can do a broadcast 
ping from either subnet to the other, and I can also do smbclient -L 
<remote_pdc> and get the shares, from one side.  From the other side I 
cannot.  Let me  clarify here.

PDC A is called CORPSRV, controls domain CORP, and has IP address 
192.168.1.101
PDC B is called FURNSRV, controls domain FURN, and has IP address 192.168.2.3

From CORPSRV, I can broadcast ping to 192.168.2.255 (and 192.168.2.3 answers) 
and I can successfully do "smbclient -L FURNSRV".

From FURNSRV, I can broadcast ping to 192.168.1.255, but cannot do
"smbclient
-L CORPSRV".  I get no errors on CORPSRV, but FURNSRV says the following:
furnsrv:~ # smbclient -L CORPSRV
Connection to CORPSRV failed

I think this is why the 'net rpc trustdom" commands fail.  But they
fail on
both sides.

Each PDC is acting as the WINS server for its subnet.    Below are relevant 
portions of the smb.conf files:

CORPSRV
---------------------
wins support = yes
domain logons = yes
os level = 100
preferred master = yes
domain master = yes
remote announce = 192.168.2.255/CORP
remote browse sync = 192.168.2.255

FURNSRV
---------------------
wins support = Yes
wins proxy = Yes
os level = 100
preferred master = yes
domain master = yes
local master = yes
remote announce = 192.168.1.255/FURN
remote browse sync = 192.168.1.255
name resolve order = wins bcast host

I can't really remember why I have all the settings on FURNSRV so I
didn't add
them all to CORPSRV just because they are there.  It looks like from the docs 
that I should only have one "wins support = Yes" but I'm not sure
if that's
per subnet or not.  Any advice would be appreciated.

Thanks,
Misty

Additional information embedded below:

On Tuesday 14 December 2004 15:30, Misty Stanley-Jones
wrote:
> Hello,
>
> I have spent the afternoon learning how to configure my routers to allow
> directed-broadcast with an access list, so that I can allow two different
> domains on different subnets to trust each other.  Now I can do a broadcast
> ping from either subnet to the other, and I can also do smbclient -L
> <remote_pdc> and get the shares, from one side.  From the other side
I
> cannot.  Let me  clarify here.
>
> PDC A is called CORPSRV, controls domain CORP, and has IP address
> 192.168.1.101
> PDC B is called FURNSRV, controls domain FURN, and has IP address
> 192.168.2.3
>
> From CORPSRV, I can broadcast ping to 192.168.2.255 (and 192.168.2.3
> answers) and I can successfully do "smbclient -L FURNSRV".
>
> From FURNSRV, I can broadcast ping to 192.168.1.255, but cannot do
> "smbclient -L CORPSRV".  I get no errors on CORPSRV, but FURNSRV
says the
> following: furnsrv:~ # smbclient -L CORPSRV
> Connection to CORPSRV failed
>
I forgot that smbclient looks at the DNS name, not the NETBIOS name.  The DNS 
name of CORPSRV is "oink.corp" for various reasons.  Anyway smbclient
-L
works for the DNS name.  So the above problem is not actually a problem.

> Each PDC is acting as the WINS server for its subnet.    Below are relevant
> portions of the smb.conf files:
>
> CORPSRV
> ---------------------
> wins support = yes
> domain logons = yes
> os level = 100
> preferred master = yes
> domain master = yes
> remote announce = 192.168.2.255/CORP
> remote browse sync = 192.168.2.255
>
> FURNSRV
> ---------------------
> wins support = Yes
> wins proxy = Yes
> os level = 100
> preferred master = yes
> domain master = yes
> local master = yes
> remote announce = 192.168.1.255/FURN
> remote browse sync = 192.168.1.255
> name resolve order = wins bcast host
>
> I can't really remember why I have all the settings on FURNSRV so I
didn't
> add them all to CORPSRV just because they are there.  It looks like from
> the docs that I should only have one "wins support = Yes" but
I'm not sure
> if that's per subnet or not.  Any advice would be appreciated.
Here is some output from net rpc trustdom commands:
CORPSRV:
oink:/data/samba/log # net rpc trustdom list
Password:
Trusted domains list:
none

Trusting domains list:
FURN
Unable to find a suitable server
domain controller is not responding

oink:/data/samba/log # net rpc trustdom establish FURN
[2004/12/14 16:37:34, 0] utils/net_rpc.c:rpc_trustdom_establish(4328)
  Couldn't find domain controller for domain FURN

FURNSRV:
furnsrv:/usr/local/samba/var/userlog # net rpc trustdom list
Password:
Trusted domains list:
none

Trusting domains list:
CORP
Unable to find a suitable server
domain controller is not responding
furnsrv:/usr/local/samba/var/userlog # net rpc trustdom establish CORP
[2004/12/14 16:38:34, 0] utils/net_rpc.c:rpc_trustdom_establish(4328)
  Couldn't find domain controller for domain CORP

So it does not seem to be a networking issue but more of a Samba configuration 
issue, unless for some odd reason my routers need to also be told to route 
NETBIOS commands.  Do you think so?

Misty
>
> Thanks,
> Misty

I do the same thing. I would set your remote browse sync, however, to the 
"other" server.

What I do on my two WINS servers (on different campuses) is:

On server A:
remote browse sync = serverb.ip.address.here
On server B:
remote browse sync = servera.ip.address.here

---- _  _ _  _ ___  _  _  _
|Y#| |  | |\/| |  \ |\ |  |  | Ryan Novosielski - User Support Spec. III
|$&| |__| |  | |__/ | \| _|  | novosirj@umdnj.edu - 973/972.0922 (2-0922)
\__/ Univ. of Med. and Dent. | IST/ACS - NJMS Medical Science Bldg - C630

On Tue, 14 Dec 2004, Misty Stanley-Jones wrote:
> Hello,
>
> I have spent the afternoon learning how to configure my routers to allow
> directed-broadcast with an access list, so that I can allow two different
> domains on different subnets to trust each other.  Now I can do a broadcast
> ping from either subnet to the other, and I can also do smbclient -L
> <remote_pdc> and get the shares, from one side.  From the other side
I
> cannot.  Let me  clarify here.
>
> PDC A is called CORPSRV, controls domain CORP, and has IP address
> 192.168.1.101
> PDC B is called FURNSRV, controls domain FURN, and has IP address
192.168.2.3
>
> From CORPSRV, I can broadcast ping to 192.168.2.255 (and 192.168.2.3
answers)
> and I can successfully do "smbclient -L FURNSRV".
>
> From FURNSRV, I can broadcast ping to 192.168.1.255, but cannot do
"smbclient
> -L CORPSRV".  I get no errors on CORPSRV, but FURNSRV says the
following:
> furnsrv:~ # smbclient -L CORPSRV
> Connection to CORPSRV failed
>
> I think this is why the 'net rpc trustdom" commands fail.  But
they fail on
> both sides.
>
> Each PDC is acting as the WINS server for its subnet.    Below are relevant
> portions of the smb.conf files:
>
> CORPSRV
> ---------------------
> wins support = yes
> domain logons = yes
> os level = 100
> preferred master = yes
> domain master = yes
> remote announce = 192.168.2.255/CORP
> remote browse sync = 192.168.2.255
>
> FURNSRV
> ---------------------
> wins support = Yes
> wins proxy = Yes
> os level = 100
> preferred master = yes
> domain master = yes
> local master = yes
> remote announce = 192.168.1.255/FURN
> remote browse sync = 192.168.1.255
> name resolve order = wins bcast host
>
> I can't really remember why I have all the settings on FURNSRV so I
didn't add
> them all to CORPSRV just because they are there.  It looks like from the
docs
> that I should only have one "wins support = Yes" but I'm not
sure if that's
> per subnet or not.  Any advice would be appreciated.
>
> Thanks,
> Misty
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>