06-30-2010
Stop samba from querying trusted domain servers
Hi,
We've got a samba server running in our DMZ. Our users drag & drop files on it for vendors. Everything was working perfectly until the powers that be decided to build a trust between a couple of internal domains.
Samba is now querying each server in the trust. When a user browses the directory on the mapped drive occasionally explorer will hang. The same holds true for a Unix user truing to list a directory.
After much digging, I found that the "hang" is occurring when the trusted servers are being queried. The directory listing won't show up until the queries are done. This is causing some grief for users and the scripts that run in the background.
Since the server is in the DMZ the trusted servers aren't reachable, nor are there routes back to it from these servers. So, even if I did allow the traffic, it wouldn't come back anyway.
This appears to be a winbind problem. There seems to be no problem with authentication. Only mapping Unix UID to a Windows user name.
Is there a way to stop samba from querying these servers, or limit it to just our local server? I've been through the man pages, scoured the Internet & tried several ideas that I found all to no avail.
Any Ideas?
Thanks,
MPH
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
I am trying to set samba up to join my windows 2000 domain and I am having troubles
If anyone if familiar with this help would be greatly appreciated
I issue the following command
# ./smbpasswd -j DOMAIN -r DOMAINCONTROLER
And the following gets returned
load_client_codepage: filename... (4 Replies)
Discussion started by: gennaro
4 Replies
2. UNIX for Advanced & Expert Users
I have a samba server and a raid SAN which is actually running samba. Neither one lets me access anything on the samba unix side. I really do not know where to look anymore. there are no errors. When I try to connect to the samba server I get prompted with login and password repeatedly.
Frank (4 Replies)
Discussion started by: frankkahle
4 Replies
3. AIX
Hello,
I've created new DNS servers and changed all of the clients /etc/resolv.conf to point to them, but when I check the old DNS logs, I see that the clients are still querying it. Does anybody know why?
thanks, (2 Replies)
Discussion started by: ctcuser
2 Replies
4. Red Hat
Hi all,
I'm having some problems with joining an active directory domain as a member. My Linux servers using the same configuration across the board are all joining as domain controllers, which is bad.
I am running Samba 3.0.25b-0.4E.6 on all of my RHEL servers.
Here is my global... (1 Reply)
Discussion started by: Bert
1 Replies
5. Solaris
Hello to everybody from Argentina.
I need to stop samba because i need to fsck a filesystem
How can i do this?
I presume that the version is higher than 3.0.
/usr/sfw/sbin/smbd -D This is the out of ps -ef | grep smbd.
Thank you very much for your time i am a litle lost.
The... (4 Replies)
Discussion started by: enkei17
4 Replies
6. Homework & Coursework Questions
Use and complete the template provided. The entire template must be completed. If you don't, your post may be deleted!
1. The problem statement, all variables and given/known data:
I have a barebones XP Pro SP2 with no firewall.
CentOS 5.xx running a Samba 3.xx Domain (PDC)
The XP machine... (2 Replies)
Discussion started by: pogipants
2 Replies
7. UNIX for Dummies Questions & Answers
Hello people i have a samba and they changed domain controller from a windows 2003 to a windows 2008, there is a problem with the version of samba maybe incompatibilities i dont know what show me this
domain_client_validate: unable to validate password for user xxxx in domain xxxx to Domain... (0 Replies)
Discussion started by: enkei17
0 Replies
8. Debian
Hello,,,
We have an existing(working) MS PDC in our office.
I have already installed SAMBA with LDAP Authentication on a TEST machine (on same LAN).
But, am unable to join a WinXP machine to this domain.
in smb.conf i have:
WORKGROUP = mydomain
and tried to join the XP machine to... (0 Replies)
Discussion started by: coolatt
0 Replies
9. Windows & DOS: Issues & Discussions
Hello,
I have apparently lost all domain admin privledges in Samba. I have had several problems ever since I installed the 1/31 Solaris patch cluster. I had to roll out one Samba update (146363-01), which denied all logons network access. However, this particular problem seems to have begun... (0 Replies)
Discussion started by: stringman
0 Replies
10. UNIX for Dummies Questions & Answers
Hi all,
You may have seen my recent topic, where I asked for help getting some samba shares to work on our network.
Now that these are working, I move on to the next hurdle!
We have a few externally hosted (Windows Server 2008 R2) web servers which are not on our domain, but can still... (0 Replies)
Discussion started by: mgreen81
0 Replies
LEARN ABOUT DEBIAN
masktest
MASKTEST(1) [FIXME: manual] MASKTEST(1)
NAME
masktest - Find differences in wildcard matching between Samba's implementation and that of a remote server.
SYNOPSIS
masktest {//server/share} [-U user%pass] [-d debuglevel] [-W workgroup] [-n numloops] [-s seed] [-a] [-E] [-M max protocol] [-f filechars]
[-m maskchars] [-v]
DESCRIPTION
masktest is a utility for detecting differences in behaviour between Samba's own implementation and that of a remote server. It will run
generate random filenames/masks and check if these match the same files they do on the remote file as they do on the local server. It will
display any differences it finds.
This utility is used by the Samba team to find differences in behaviour between Samba and Windows servers.
OPTIONS
-U user%pass
Specify the user and password to use when logging on on the shares. This parameter can be specified twice (once for the first server,
once for the second).
-s seed
Seed the random number generator with the specified value.
-n numops
Set the number of operations to perform.
-a
Print the operations that are performed.
-M max_protocol
Maximum protocol to use.
-f
Specify characters that can be used when generating file names. Default: abcdefghijklm.
-E
Abort when difference in behaviour is found.
-m maskchars
Specify characters used for wildcards.
-v
Be verbose
VERSION
This man page is correct for version 4.0 of the Samba suite.
SEE ALSO
Samba
AUTHOR
This utility is part of the Samba[1] suite, which is developed by the global Samba Team[2].
masktest was written by Andrew Tridgell.
This manpage was written by Jelmer Vernooij.
NOTES
1. Samba
http://www.samba.org/
2. Samba Team
http://www.samba.org/samba/team/
[FIXME: source] 04/16/2014 MASKTEST(1)