samba - Dec 2010 - Windows 7 problem accessing domain member samba serve r on different subnet

We recently ran into a similar issue.  If you have any microsoft
"Live"
components installed on your 7 box, samba servers must be contacted by
numeric IP address rather than netbios (or even IP mnemonic) name.

http://www.sevenforums.com/network-sharing/8303-cant-connect-samba-share-via
-name-ip-works.html




----------------------------------------------
Tony Hoover, Network Administrator
KSU - Salina, College of Technology and Aviation
(785) 826-2660

"Don't Blend in..."
----------------------------------------------
 
-----Original Message-----
From: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org]
On Behalf Of d
Sent: Tuesday, November 30, 2010 11:22 PM
To: samba at lists.samba.org
Subject: [Samba] Windows 7 problem accessing domain member samba server on
different subnet

Hi All,

I have a problem accessing Samba 3.0.33 on some CentOS 5 machines on a
different subnet from a Windows 7 computer.

All servers and computers are joined to a Windows 2003 AD domain.

I have identical samba machines on two subnets (CentOS/samba 3.0.33).
The samba machines on the same subnet as my Win 7 computer are accessible
both by the netbios name and ip address.

The samba machines on another subnet are only accessible by IP address. If I
attempt to access these samba servers using their netbios name, I get
prompted for a password.

This configuration has worked for some time, and all CentOS/samba machines
are accessible by Windows XP and 2003 using the netbios name.

I believe Windows 2008 servers have the same issues as Windows 7.
Access can only be made by IP address and not netbios name.

Is this a known issue, or something specific to my environment? I have been
googling this for some time and I cannot find any issue identical to this.

Some additional info:

security = domain
client use spnego = no
encrypt passwords = yes
ntlm auth = yes
lanman auth = yes
client ntlmv2 auth = yes
remote browse sync = 10.0.0.255 10.0.0.0 remote announce = 10.0.0.255
10.0.0.0 local master = no wins server = ip of ad wins server

 - Not using winbind but nss_ldap and AD schema extension to support POSIX
attributes.
 - There are no packet filters between subnets.
 - The router is configured to dish out IPv6 addresses, and the Windows 7
machine has an IPv6 address, as do all the samba/centos machines. However,
the samba/centos machines don't have any AAAA records, and samba 3.0 does
not support IPv6.

I'm fairly stumped. Any tips?

Regards,

Dan
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

I actually uninstalled all the live components when I first set up
this machine, and the Windows 2008 servers never had the live
components installed.

Reading the thread you posted made this seem like the solution to my
problem. But there are no live components installed anywhere!

I have turned up debugging on the samba server and noticed this when I
try and access samba using the netbios name:

reply_spnego_negotiate: network misconfiguration, client sent us a
krb5 ticket and kerberos security not enablederror packet at
smbd/sesssetup.c(719) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE

The session setup seems to stop after this log. When I access samba by
IP address, the session seems to be set up okay.

And this only applies to servers on a different subnet from my
workstation. Samba servers on the same subnet work fine by both
netbios name and ip address.

I might have to try kerberizing one samba server for testing purposes.

Thanks,

Dan


On Thu, Dec 2, 2010 at 12:31 AM, Hoover, Tony <hoover at sal.ksu.edu>
wrote:
> We recently ran into a similar issue. ?If you have any microsoft
"Live"
> components installed on your 7 box, samba servers must be contacted by
> numeric IP address rather than netbios (or even IP mnemonic) name.
>
>
http://www.sevenforums.com/network-sharing/8303-cant-connect-samba-share-via
> -name-ip-works.html
>
>
>
>
> ----------------------------------------------
> Tony Hoover, Network Administrator
> KSU - Salina, College of Technology and Aviation
> (785) 826-2660
>
> "Don't Blend in..."
> ----------------------------------------------
>
> -----Original Message-----
> From: samba-bounces at lists.samba.org [mailto:samba-bounces at
lists.samba.org]
> On Behalf Of d
> Sent: Tuesday, November 30, 2010 11:22 PM
> To: samba at lists.samba.org
> Subject: [Samba] Windows 7 problem accessing domain member samba server on
> different subnet
>
> Hi All,
>
> I have a problem accessing Samba 3.0.33 on some CentOS 5 machines on a
> different subnet from a Windows 7 computer.
>
> All servers and computers are joined to a Windows 2003 AD domain.
>
> I have identical samba machines on two subnets (CentOS/samba 3.0.33).
> The samba machines on the same subnet as my Win 7 computer are accessible
> both by the netbios name and ip address.
>
> The samba machines on another subnet are only accessible by IP address. If
I
> attempt to access these samba servers using their netbios name, I get
> prompted for a password.
>
> This configuration has worked for some time, and all CentOS/samba machines
> are accessible by Windows XP and 2003 using the netbios name.
>
> I believe Windows 2008 servers have the same issues as Windows 7.
> Access can only be made by IP address and not netbios name.
>
> Is this a known issue, or something specific to my environment? I have been
> googling this for some time and I cannot find any issue identical to this.
>
> Some additional info:
>
> security = domain
> client use spnego = no
> encrypt passwords = yes
> ntlm auth = yes
> lanman auth = yes
> client ntlmv2 auth = yes
> remote browse sync = 10.0.0.255 10.0.0.0 remote announce = 10.0.0.255
> 10.0.0.0 local master = no wins server = ip of ad wins server
>
> ?- Not using winbind but nss_ldap and AD schema extension to support POSIX
> attributes.
> ?- There are no packet filters between subnets.
> ?- The router is configured to dish out IPv6 addresses, and the Windows 7
> machine has an IPv6 address, as do all the samba/centos machines. However,
> the samba/centos machines don't have any AAAA records, and samba 3.0
does
> not support IPv6.
>
> I'm fairly stumped. Any tips?
>
> Regards,
>
> Dan
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: ?https://lists.samba.org/mailman/options/samba
>