I think yor problem is netbios especially nmbd. What about your wins-servers? I have 4 subnets with 2 samba domains acting without error with one and only wins: samba4wins. If you have problems to resolve hostnames you pherhaps need a dns-server, so a ping hostname must be successfull from all clients. Or you try remote announce = a.b.c.d [e.f.g.h] ... Where a.b.c.d ist the master browser in your other subnet
On Tue, 19 Oct 2010 13:49:10 -0400, Gaiseric Vandal <gaiseric.van...@gmail.com> wrote: > Maybe I missed it- but do you have problems if the client and server > are on the same network segment? > > Are all the local WINS servers samba servers or something else? > > > > > On 10/19/2010 12:45 PM, Eric A. Hall wrote: >> On 10/19/2010 9:47 AM, Gaiseric Vandal wrote: >> >>> Is your samba server also a WINS server? That may help browsing issues. >>> >> The nodes don't have any problems finding or communicating with the >> server, the server just does not want to provide data. I have three >> distinct networks that are interconnected by routers. Each segment has a >> local DHCP/DNS/WINS/etc server that assigns H-Node WINS options to the >> local clients, and in addition the broadcasts on 137/138 are also >> forwarded from each segment to the WINS servers on the other segments. >> What this means is clients try to resolve a name by asking the local >> server, then will broadcast a query which is forwarded to the other >> servers, which they answer. If a TCP session is required (such as >> fetching >> a browse list via port 139) then that also happens as expected, once the >> client knows the server to contact. This works for local and remote nodes >> alike. >> >> From a client on network A that is trying to browse Windows 2003 domain >> on >> network B, I can see the TCP session established, the challenge and >> response negotiation, the Tree Connect AndX Request and Response, the >> LANMAN server enumeration exchange, and orderly shutdown. >> >> When using the same client to browse the Samba domain on network C, I can >> see the TCP session established, the challenge and response negotiation, >> the Tree Connect AndX Request and Response, but then the client shuts >> down >> the session without trying to enumerate the LANMAN servers. This cycle >> repeats 4 times for every failed browse attempt indicating that the >> client >> believes it should be able to get an answer from the server. >> >> Both responses show STATUS_SUCCESS in the SMB message. The only potential >> difference that I can see between them is that the Samba response shows >> "Security signatures are not supported" in the reply message. Perhaps >> this >> is preventing the client from following up with the LANMAN request to >> enumerate the servers? Also I have long since set the registry options >> needed for signatures, and this same configuration was working before the >> upgrade. Did something about this change recently? >> >> >>> Do you have "smb ports" defined in smb.conf? >>> >> I don't have it defined and am using the defaults. It does not seem to be >> causing any problems. >> >> >>> wiki.samba.org should have the registry settings required to let Windows >>> 7 machines join on a Samba domain. >>> >> I have already made those changes and like I said I am able to join the >> Win7 client to the domain and can view \\SERVER shares, but cannot browse >> the domain or login to the server. >> >> >>> I would concentrate on the XP machines first since they don't need the >>> registry changes. >>> >> Yes that is what I'm doing. I have XP/SP3, Windows Server 2003 (and R2), >> and Windows 7, but am focusing on XP/SP3. >> >> >>> Also, make sure that you do have correct group mappings for the key well >>> know windows groups (including Administrators, Domain Admins, Users) >>> # net groupmap list >>> >> [ 12:39:47 -- bulldog:/root/ ] >> [ root# ] net groupmap list >> Domain Admins (S-1-5-21-[...]-512) -> Domain Admins >> Domain Users (S-1-5-21-[...]-513) -> Domain Users >> Domain Guests (S-1-5-21-[...]-514) -> Domain Guests >> Domain Computers (S-1-5-21-[...]-515) -> Domain Computers >> Local Admins (S-1-5-32-544) -> Local Admins >> Local Users (S-1-5-32-545) -> users >> Local Guests (S-1-5-32-546) -> nobody >> >> For a while I thought it might be related to guest/nobody mapping but I >> have exhausted all of the permutations there. I have tried smbusers >> mapping, putting guest into LDAP, etc., and none of it seems to make much >> any difference in the logs or with the problem at hand. >> >> >>> Also, the windows diagnostic tools (netdiag, dcdiag, nbtstat ?) may >>> help you determine which domain controller and master browser the client >>> is using. >>> >> nbtstat is able to display remote data but it does not use the SMB/LANMAN >> enumeration over IPC$ which is where the problem seems to lie. >> >> Local utilities on the Samba server also seem to express normally >> although >> I am happy to try specific things if somebody will name them. >> >> I am able to use USRMGR.EXE to connect to the server and view/modify user >> accounts successfully. >> >> I have not looked at the others yet. >> >> Thanks for the help >> >> >> >>> On 10/19/2010 02:02 AM, Eric A. Hall wrote: >>> >>>> I was running 3.0.25c (I think) LDAP PDC for a couple of years and just >>>> tried swapping in a new 3.5.4 setup. I had some problems so I wiped all >>>> the entries and *.tdb files, and started from scratch. >>>> >>>> Problem in a nutshell: I can't browse the domain normally, nor can I >>>> logon >>>> to the domain. However I can access the server shares fine if I point >>>> to >>>> the server specifically. SOMETIMES this will then cause browsing to >>>> succeed as well. >>>> >>>> Normally I can see the domain in network neighborhood but if I click >>>> on I >>>> get the "domain is not accessible error". From a command prompt "net >>>> view >>>> /domain:DOMAIN" also typically produces an error 59. However if I "net >>>> view \\SERVER" then that works fine, and THEN I am sometimes able to >>>> successfully view the domain (about half the time sometimes more). >>>> >>>> I am able to successfully join machines to the domain (they show up in >>>> LDAP) but am unable to login to the domain from any of them. On XP/SP3 >>>> boxes the error is "the system cannot log you on now because the domain >>>> DOMAIN is not available", while Windows 7 says "there are currently no >>>> logon servers available to service the logon request" >>>> >>>> I have looked at the smb/nmb/winbind logs at level 3 and near as I can >>>> tell everything is operating correctly although something seems to be >>>> crashing a lot--there are many entries about brl and lock database >>>> after >>>> unclean shutdown. >>>> >>>> I don't know SMB protocol very well but from watching some wireshark >>>> traces and reading the corresponding logs it looks like the nodes are >>>> negotiating IPC$ connection but not getting data. Client asks for copy >>>> 4, >>>> server offers copy 1, client negotiates TCP/IP session then closes, and >>>> everything starts over again. Perhaps once they authenticate (enough to >>>> view \\SERVER shares) the negotiation is reused and this is what works? >>>> >>>> Are there security permissions on IPC$ that need to be set? >>>> >>>> Where should I be looking and what should I be looking for? >>>> >>>> Thanks >>>> >>>> >>>> >>> >> -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba