Was wondering if someone could tell me if this is correct. I want to set up some DFS shares. I have 3 servers with SAMBA/LDAP on them. My first is basically my PDC and the other two are my BDCs. I assume that I will have to set all of this up on each server, so that no matter which server catches the logon, the logon script will get run. Also, if one of the servers was to go down for a bit, the other two could still handle logons and some of the directories would be available. Each server has: Need to add these to samba: [global] host msdfs = yes [teacher] path = /export/teachers msdfs root = yes [student] path = /export/students msdfs root = yes Create these directories and add the links in each like so (shares are already there): /export/teachers ln -s msdfs:bes-serve\\bes elemstudents ln -s msdfs:bms-serve\\bms midstudents ln -s msdfs:bhs-serve\\bhs highstudents ln -s msdfs:bes-serve\\teachpublic teacherspublic ln -s msdfs:bes-serve\\lemburg lemburger ln -s msdfs:bes-serve\\school elemteachers ln -s msdfs:bms-serve\\school midteachers ln -s msdfs:bhs-serve\\school highteachers /export/students ln -s msdfs:bes-serve\\bes elemstudents ln -s msdfs:bms-serve\\bms midstudents ln -s msdfs:bhs-serve\\bhs highstudents Logonscript would contain: teacher.bat net use T: \\b?s-serve\teacher (where the ? is either e,m or h depending on which server the script is run) student.bat net use S: \\b?s-serve\student (where the ? is either e,m or h depending on which server the script is run) I was just wanting to get confirmation on this before I enter it all on my servers. Thanks. -- Scott Mayo Technology Coordinator Bloomfield Schools PH: 573-568-5669 FA: 573-568-4565 Pager: 800-264-2535 X2549 Duct tape is like the force, it has a light side and a dark side and it holds the universe together.
Stewart Loving-Gibbard
2005-Aug-20 18:30 UTC
[Samba] Browsing slow on samba server joined to Win2003 ADS: "Username DOMAIN\MACHINE$ is invalid on this sytem"
Domain server: Windows 2003 Server SP1 ("Unagi")
Domain Name: SIMPLE.COM
Short Domain name: SEAWORLD
Server I'm having problems with: Samba 3.0.14a running on Debian (2.6
kernel) ("Saba")
Client: Windows XP SP2 ("Pudge")
I've been struggling with slow browsing on a new Samba install for a
week. I've re-installed Samba from the ground up several times, and now
have a very minimal configuration that still shows extreme slowness
browsing.
I just timed it -- it took me 75 seconds for the subfolder I wanted in
the share MP3Library to finally open up.
Here's some log.smbd, at log level 1:
[2005/08/20 10:52:35, 0] smbd/server.c:main(798)
smbd version 3.0.14a-Debian started.
Copyright Andrew Tridgell and the Samba Team 1992-2004
[2005/08/20 10:52:35, 0] printing/pcap.c:pcap_cache_reload(149)
Unable to open printcap file /etc/printcap for read!
[2005/08/20 10:52:35, 0] printing/pcap.c:pcap_cache_reload(149)
Unable to open printcap file /etc/printcap for read!
[2005/08/20 10:52:36, 1] smbd/service.c:make_connection_snum(642)
pudge (10.0.0.12) connect to service MP3Library initially as user
stew (uid=1000, gid=1000) (pid 2304)
[2005/08/20 10:52:36, 1] smbd/sesssetup.c:reply_spnego_kerberos(250)
Username SEAWORLD\PUDGE$ is invalid on this system
[2005/08/20 10:52:36, 1] smbd/sesssetup.c:reply_spnego_kerberos(250)
Username SEAWORLD\PUDGE$ is invalid on this system
[2005/08/20 10:52:36, 1] smbd/sesssetup.c:reply_spnego_kerberos(250)
Username SEAWORLD\PUDGE$ is invalid on this system
[2005/08/20 10:52:36, 1] smbd/sesssetup.c:reply_spnego_kerberos(250)
Username SEAWORLD\PUDGE$ is invalid on this system
There are several hundred more of those "Username..is invalid on this
system" messages.
If I map the drive directly like this:
C:\WINDOWS\system32>net use k: \\saba\MP3Library
The command completed successfully.
Browsing the k: drive is snappy. Same thing if I use the IP address of
the server instead of the hostname.
I've been through Chapter 13 - Troubleshooting Techniques. Nearly all of
it works as I'd expect, but there is one problem:
saba:/var/log/samba# smbclient -L unagi -N
Anonymous login successful
Domain=[SEAWORLD] OS=[Windows Server 2003 3790 Service Pack 1]
Server=[Windows Server 2003 5.2]
Sharename Type Comment
--------- ---- -------
Error returning browse list: NT_STATUS_ACCESS_DENIED
Anonymous login successful
Domain=[SEAWORLD] OS=[Windows Server 2003 3790 Service Pack 1]
Server=[Windows Server 2003 5.2]
Server Comment
--------- -------
PUDGE Stew's Main Desktop
SABA saba server (Samba 3.0.14a-Debian)
UNAGI
Workgroup Master
--------- -------
SEAWORLD UNAGI
I don't know if that NT_STATUS_ACCESS_DENIED is significant, but I don't
see it in the troubleshooting guide.
Here are some excerpts from smbd.log messages at log level 9 when the
server is browsing slowly. If I haven't given enough detail here, I'm
happy to email the whole thing, or post more.
[2005/08/20 11:18:21, 3] smbd/sesssetup.c:reply_spnego_kerberos(179)
Ticket name is [PUDGE$@SIMPLE.COM]
[2005/08/20 11:18:21, 5] lib/username.c:Get_Pwnam(293)
Finding user SEAWORLD\PUDGE$
[2005/08/20 11:18:21, 5] lib/username.c:Get_Pwnam_internals(223)
Trying _Get_Pwnam(), username as lowercase is seaworld\pudge$
[2005/08/20 11:18:21, 5] lib/username.c:Get_Pwnam_internals(230)
Trying _Get_Pwnam(), username as given is SEAWORLD\PUDGE$
[2005/08/20 11:18:21, 5] lib/username.c:Get_Pwnam_internals(247)
Checking combinations of 0 uppercase letters in seaworld\pudge$
[2005/08/20 11:18:21, 5] lib/username.c:Get_Pwnam_internals(251)
Get_Pwnam_internals didn't find user [SEAWORLD\PUDGE$]!
[2005/08/20 11:18:21, 5] lib/username.c:Get_Pwnam(293)
Finding user PUDGE$
[2005/08/20 11:18:21, 5] lib/username.c:Get_Pwnam_internals(223)
Trying _Get_Pwnam(), username as lowercase is pudge$
[2005/08/20 11:18:21, 5] lib/username.c:Get_Pwnam_internals(230)
Trying _Get_Pwnam(), username as given is PUDGE$
[2005/08/20 11:18:21, 5] lib/username.c:Get_Pwnam_internals(247)
Checking combinations of 0 uppercase letters in pudge$
[2005/08/20 11:18:21, 5] lib/username.c:Get_Pwnam_internals(251)
Get_Pwnam_internals didn't find user [PUDGE$]!
[2005/08/20 11:18:21, 1] smbd/sesssetup.c:reply_spnego_kerberos(250)
Username SEAWORLD\PUDGE$ is invalid on this system
[2005/08/20 11:18:21, 3] smbd/error.c:error_packet(105)
error string = No such file or directory
[2005/08/20 11:18:21, 3] smbd/error.c:error_packet(129)
error packet at smbd/sesssetup.c(255) cmd=115 (SMBsesssetupX)
NT_STATUS_LOGON_FAILURE
--------------------------------------------------------------------
smb.conf:
--------------------------------------------------------------------
#======================= Global Settings ======================
[global]
## Browsing/Identification ###
# Change this to the workgroup/NT-domain name your Samba server will
workgroup = seaworld
realm = SIMPLE.COM
security = ADS
server string = %h server (Samba %v)
encrypt passwords = true
[MP3Library]
public = yes
comment = MP3 Library
write list = stew
path = /home/big_areca_raid/MP3Library
----------------------------------------------------------------
kb5.conf:
-----------------------------------------------------------------
[libdefaults]
default_realm = SIMPLE.COM
[realms]
SIMPLE.COM = {
kdc = unagi.simple.com
}
[domain_realms]
.kerberos.server = SIMPLE.COM
I have tried many things suggested online, but none seem like a perfect
fit for my circumstances, and more importantly none of them seem to help.
I hope that is enough detail. All suggestions welcome!
Scott: The approach that you're taking seems reasonable. The syntax looks good. If one of the servers goes down for an extended time, the clients that authenticated to it might have to logout/login again after their DFS cache times out. -Bill Scott Mayo wrote:> Was wondering if someone could tell me if this is correct. I want to > set up some DFS shares. I have 3 servers with SAMBA/LDAP on them. My > first is basically my PDC and the other two are my BDCs. I assume > that I will have to set all of this up on each server, so that no > matter which server catches the logon, the logon script will get run. > Also, if one of the servers was to go down for a bit, the other two > could still handle logons and some of the directories would be available. > > Each server has: > > Need to add these to samba: > > [global] > host msdfs = yes > [teacher] > path = /export/teachers > msdfs root = yes > > [student] > path = /export/students > msdfs root = yes > > > Create these directories and add the links in each like so (shares are > already there): > > /export/teachers > ln -s msdfs:bes-serve\\bes elemstudents > ln -s msdfs:bms-serve\\bms midstudents > ln -s msdfs:bhs-serve\\bhs highstudents > ln -s msdfs:bes-serve\\teachpublic teacherspublic > ln -s msdfs:bes-serve\\lemburg lemburger > ln -s msdfs:bes-serve\\school elemteachers > ln -s msdfs:bms-serve\\school midteachers > ln -s msdfs:bhs-serve\\school highteachers > > /export/students > ln -s msdfs:bes-serve\\bes elemstudents > ln -s msdfs:bms-serve\\bms midstudents > ln -s msdfs:bhs-serve\\bhs highstudents > > Logonscript would contain: > > teacher.bat > net use T: \\b?s-serve\teacher (where the ? is either e,m or h > depending on which server the script is run) > > student.bat > net use S: \\b?s-serve\student (where the ? is either e,m or h > depending on which server the script is run) > > I was just wanting to get confirmation on this before I enter it all > on my servers. > Thanks. >