Hoover, Tony
2010-Dec-01 14:31 UTC
[Samba] Windows 7 problem accessing domain member samba serve r on different subnet
We recently ran into a similar issue. If you have any microsoft "Live" components installed on your 7 box, samba servers must be contacted by numeric IP address rather than netbios (or even IP mnemonic) name. http://www.sevenforums.com/network-sharing/8303-cant-connect-samba-share-via -name-ip-works.html ---------------------------------------------- Tony Hoover, Network Administrator KSU - Salina, College of Technology and Aviation (785) 826-2660 "Don't Blend in..." ---------------------------------------------- -----Original Message----- From: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] On Behalf Of d Sent: Tuesday, November 30, 2010 11:22 PM To: samba at lists.samba.org Subject: [Samba] Windows 7 problem accessing domain member samba server on different subnet Hi All, I have a problem accessing Samba 3.0.33 on some CentOS 5 machines on a different subnet from a Windows 7 computer. All servers and computers are joined to a Windows 2003 AD domain. I have identical samba machines on two subnets (CentOS/samba 3.0.33). The samba machines on the same subnet as my Win 7 computer are accessible both by the netbios name and ip address. The samba machines on another subnet are only accessible by IP address. If I attempt to access these samba servers using their netbios name, I get prompted for a password. This configuration has worked for some time, and all CentOS/samba machines are accessible by Windows XP and 2003 using the netbios name. I believe Windows 2008 servers have the same issues as Windows 7. Access can only be made by IP address and not netbios name. Is this a known issue, or something specific to my environment? I have been googling this for some time and I cannot find any issue identical to this. Some additional info: security = domain client use spnego = no encrypt passwords = yes ntlm auth = yes lanman auth = yes client ntlmv2 auth = yes remote browse sync = 10.0.0.255 10.0.0.0 remote announce = 10.0.0.255 10.0.0.0 local master = no wins server = ip of ad wins server - Not using winbind but nss_ldap and AD schema extension to support POSIX attributes. - There are no packet filters between subnets. - The router is configured to dish out IPv6 addresses, and the Windows 7 machine has an IPv6 address, as do all the samba/centos machines. However, the samba/centos machines don't have any AAAA records, and samba 3.0 does not support IPv6. I'm fairly stumped. Any tips? Regards, Dan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
d
2010-Dec-02 00:08 UTC
[Samba] Windows 7 problem accessing domain member samba serve r on different subnet
I actually uninstalled all the live components when I first set up this machine, and the Windows 2008 servers never had the live components installed. Reading the thread you posted made this seem like the solution to my problem. But there are no live components installed anywhere! I have turned up debugging on the samba server and noticed this when I try and access samba using the netbios name: reply_spnego_negotiate: network misconfiguration, client sent us a krb5 ticket and kerberos security not enablederror packet at smbd/sesssetup.c(719) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE The session setup seems to stop after this log. When I access samba by IP address, the session seems to be set up okay. And this only applies to servers on a different subnet from my workstation. Samba servers on the same subnet work fine by both netbios name and ip address. I might have to try kerberizing one samba server for testing purposes. Thanks, Dan On Thu, Dec 2, 2010 at 12:31 AM, Hoover, Tony <hoover at sal.ksu.edu> wrote:> We recently ran into a similar issue. ?If you have any microsoft "Live" > components installed on your 7 box, samba servers must be contacted by > numeric IP address rather than netbios (or even IP mnemonic) name. > > http://www.sevenforums.com/network-sharing/8303-cant-connect-samba-share-via > -name-ip-works.html > > > > > ---------------------------------------------- > Tony Hoover, Network Administrator > KSU - Salina, College of Technology and Aviation > (785) 826-2660 > > "Don't Blend in..." > ---------------------------------------------- > > -----Original Message----- > From: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] > On Behalf Of d > Sent: Tuesday, November 30, 2010 11:22 PM > To: samba at lists.samba.org > Subject: [Samba] Windows 7 problem accessing domain member samba server on > different subnet > > Hi All, > > I have a problem accessing Samba 3.0.33 on some CentOS 5 machines on a > different subnet from a Windows 7 computer. > > All servers and computers are joined to a Windows 2003 AD domain. > > I have identical samba machines on two subnets (CentOS/samba 3.0.33). > The samba machines on the same subnet as my Win 7 computer are accessible > both by the netbios name and ip address. > > The samba machines on another subnet are only accessible by IP address. If I > attempt to access these samba servers using their netbios name, I get > prompted for a password. > > This configuration has worked for some time, and all CentOS/samba machines > are accessible by Windows XP and 2003 using the netbios name. > > I believe Windows 2008 servers have the same issues as Windows 7. > Access can only be made by IP address and not netbios name. > > Is this a known issue, or something specific to my environment? I have been > googling this for some time and I cannot find any issue identical to this. > > Some additional info: > > security = domain > client use spnego = no > encrypt passwords = yes > ntlm auth = yes > lanman auth = yes > client ntlmv2 auth = yes > remote browse sync = 10.0.0.255 10.0.0.0 remote announce = 10.0.0.255 > 10.0.0.0 local master = no wins server = ip of ad wins server > > ?- Not using winbind but nss_ldap and AD schema extension to support POSIX > attributes. > ?- There are no packet filters between subnets. > ?- The router is configured to dish out IPv6 addresses, and the Windows 7 > machine has an IPv6 address, as do all the samba/centos machines. However, > the samba/centos machines don't have any AAAA records, and samba 3.0 does > not support IPv6. > > I'm fairly stumped. Any tips? > > Regards, > > Dan > -- > To unsubscribe from this list go to the following URL and read the > instructions: ?https://lists.samba.org/mailman/options/samba >