Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Stop samba from querying trusted domain servers
Special Forums UNIX and Linux Applications Stop samba from querying trusted domain servers Post 302435119 by mph on Tuesday 6th of July 2010 11:44:22 AM
Old 07-06-2010
It's not listing from all the domains. It IS trying to reach the other controllers. The problem is that there's no route to some of the servers and others there's no route back to the machine. Doing a tcpdump yields the following

From my samba machine in the DMZ to, and back from, the local AD server:
Quote:
10:45:01.170297 IP 10.xxx.xx.34.44697 > 10.xxx.x.70.389: tcp 0
10:45:01.170434 IP 10.xxx.x.70.389 > 10.xxx.xx.34.44697: tcp 1188
To other AD servers with insufficient routing:
Quote:
10:47:00.154323 IP 10.xxx.xx.34 > 10.xx.xxx.128 tcp 99
10:47:10.462745 IP 10.xxx.xx.34 > 10.x.xx.223 tcp 99
There are 5 or so more remote AD servers from other domains that never come back for due to routing. During the time that it's attempting to query or connect with these servers file listings and such "hang" until the the local machine gives up.

Using the allow trusted domains = no parameter DOES limit the connection attempts to once every half an hour or so. Before that, it would try almost every time a directory listing or anything else that needed to tie a user name to an UID was attempted. It's not the fix, but it SURE helped.

The routing is something that will not be fixed. The other domains need not access nor communicate with our DMZ.
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Using Samba to join a win 2000 Domain

I am trying to set samba up to join my windows 2000 domain and I am having troubles If anyone if familiar with this help would be greatly appreciated I issue the following command # ./smbpasswd -j DOMAIN -r DOMAINCONTROLER And the following gets returned load_client_codepage: filename... (4 Replies)
Discussion started by: gennaro
4 Replies

2. UNIX for Advanced & Expert Users

Samba does not connect to domain

I have a samba server and a raid SAN which is actually running samba. Neither one lets me access anything on the samba unix side. I really do not know where to look anymore. there are no errors. When I try to connect to the samba server I get prompted with login and password repeatedly. Frank (4 Replies)
Discussion started by: frankkahle
4 Replies

3. AIX

Servers still querying old DNS server?

Hello, I've created new DNS servers and changed all of the clients /etc/resolv.conf to point to them, but when I check the old DNS logs, I see that the clients are still querying it. Does anybody know why? thanks, (2 Replies)
Discussion started by: ctcuser
2 Replies

4. Red Hat

Samba: Authenticating and joining AD domain as a member

Hi all, I'm having some problems with joining an active directory domain as a member. My Linux servers using the same configuration across the board are all joining as domain controllers, which is bad. I am running Samba 3.0.25b-0.4E.6 on all of my RHEL servers. Here is my global... (1 Reply)
Discussion started by: Bert
1 Replies

5. Solaris

How to stop samba on solaris 10?

Hello to everybody from Argentina. I need to stop samba because i need to fsck a filesystem How can i do this? I presume that the version is higher than 3.0. /usr/sfw/sbin/smbd -D This is the out of ps -ef | grep smbd. Thank you very much for your time i am a litle lost. The... (4 Replies)
Discussion started by: enkei17
4 Replies

6. Homework & Coursework Questions

cannot join xp or vista to samba domain (PDC)

Use and complete the template provided. The entire template must be completed. If you don't, your post may be deleted! 1. The problem statement, all variables and given/known data: I have a barebones XP Pro SP2 with no firewall. CentOS 5.xx running a Samba 3.xx Domain (PDC) The XP machine... (2 Replies)
Discussion started by: pogipants
2 Replies

7. UNIX for Dummies Questions & Answers

Samba change domain controller

Hello people i have a samba and they changed domain controller from a windows 2003 to a windows 2008, there is a problem with the version of samba maybe incompatibilities i dont know what show me this domain_client_validate: unable to validate password for user xxxx in domain xxxx to Domain... (0 Replies)
Discussion started by: enkei17
0 Replies

8. Debian

Testing a SAMBA Domain Controller

Hello,,, We have an existing(working) MS PDC in our office. I have already installed SAMBA with LDAP Authentication on a TEST machine (on same LAN). But, am unable to join a WinXP machine to this domain. in smb.conf i have: WORKGROUP = mydomain and tried to join the XP machine to... (0 Replies)
Discussion started by: coolatt
0 Replies

9. Windows & DOS: Issues & Discussions

Lost Domain Admin Privileges in Samba

Hello, I have apparently lost all domain admin privledges in Samba. I have had several problems ever since I installed the 1/31 Solaris patch cluster. I had to roll out one Samba update (146363-01), which denied all logons network access. However, this particular problem seems to have begun... (0 Replies)
Discussion started by: stringman
0 Replies

10. UNIX for Dummies Questions & Answers

Help with accessing Samba shares on external (NON-DOMAIN) webserver(s)

Hi all, You may have seen my recent topic, where I asked for help getting some samba shares to work on our network. Now that these are working, I move on to the next hurdle! We have a few externally hosted (Windows Server 2008 R2) web servers which are not on our domain, but can still... (0 Replies)
Discussion started by: mgreen81
0 Replies

LEARN ABOUT DEBIAN

pure-authd

pure-authd(8)							     Pure-FTPd							     pure-authd(8)

NAME

       pure-authd - External authentication agent for Pure-FTPd.

SYNTAX

       pure-authd [-p </path/to/pidfile>] [-u uid] [-g gid] [-B] <-s /path/to/socket> -r /program/to/run

DESCRIPTION

       pure-authd is a daemon that forks an authentication program, waits for an authentication reply, and feed them to an application server.

       pure-authd listens to a local Unix socket. A new connection to that socket should feed pure-authd the following structure :

	      account:xxx

	      password:xxx

	      localhost:xxx

	      localport:xxx

	      peer:xxx

	      end

       (replace  xxx  with  appropriate  values) . localhost, localport and peer are numeric IP addresses and ports. peer is the IP address of the
       remote client.

       These arguments are passed to the authentication program, as environment variables :

	      AUTHD_ACCOUNT

	      AUTHD_PASSWORD

	      AUTHD_LOCAL_IP

	      AUTHD_LOCAL_PORT

	      AUTHD_REMOTE_IP

	      AUTHD_ENCRYPTED

       The authentication program should take appropriate actions to fetch account info according to these arguments, and reply  to  the  standard
       output a structure like the following one :

	      auth_ok:1

	      uid:42

	      gid:21

	      dir:/home/j

	      end

       auth_ok:xxx
	      If  xxx is 0, the user was not found (the next authentication method passed to pure-ftpd will be tried) . If xxx is -1, the user was
	      found, but there was a fatal authentication error : user is root, password is wrong, account has expired, etc  (next  authentication
	      methods will not be tried) . If xxx is 1, the user was found and successfully authenticated.

       uid:xxx
	      The system uid to be assigned to that user. Must be > 0.

       gid:xxx
	      The primary system gid. Must be > 0.

       dir:xxx
	      The absolute path to the home directory. Can contain /./ for a chroot jail.

       slow_tilde_expansion:xxx (optional, default is 1)
	      When  the  command  'cd  ~user'  is  issued, it's handy to go to that user's home directory, as expected in a shell environment. But
	      fetching account info can be an expensive operation for non-system accounts. If xxx is 0, 'cd ~user' will expand to the system  user
	      home  directory.	If  xxx  is 1, 'cd ~user' won't expand. You should use 1 in most cases with external authentication, when your FTP
	      users don't match system users. You can also set xxx to 1 if you're using slow nss_* system authentication modules.

       throttling_bandwidth_ul:xxx (optional)
	      The allocated bandwidth for uploads, in bytes per second.

       throttling_bandwidth_dl:xxx (optional)
	      The allocated bandwidth for downloads, in bytes per second.

       user_quota_size:xxx (optional)
	      The maximal total size for this account, in bytes.

       user_quota_files:xxx (optional)
	      The maximal number of files for this account.

       ratio_upload:xxx (optional)

       radio_download:xxx (optional)
	      The user must match a ratio_upload:ratio_download ratio.

       Only one authentication program is forked at a time. It must return quickly.

OPTIONS

       -u <uid>
	      Have the daemon run with that uid.

       -g <gid>
	      Have the daemon run with that gid.

       -B     Fork in background (daemonization).

       -s </path/to/socket>
	      Set the full path to the local Unix socket.

       -R </path/to/program>
	      Set the full path to the authentication program.

       -h     Output help information and exit.

EXAMPLES

       To run this program the standard way type:

       pure-authd -s /var/run/ftpd.sock -r /usr/bin/my-auth-program &

       pure-ftpd -lextauth:/var/run/ftpd.sock &

       /usr/bin/my-auth-program can be as simple as :
	      #! /bin/sh

	      echo 'auth_ok:1'

	      echo 'uid:42'

	      echo 'gid:21'

	      echo 'dir:/home/j'

	      echo 'end'

AUTHORS

       Frank DENIS <j at pureftpd dot org>

SEE ALSO

       ftp(1), pure-ftpd(8) pure-ftpwho(8) pure-mrtginfo(8) pure-uploadscript(8) pure-statsdecode(8) pure-pw(8) pure-quotacheck(8) pure-authd(8)

       RFC 959, RFC 2389, RFC 2228 and RFC 2428.

Pure-FTPd team							      1.0.36							     pure-authd(8)
All times are GMT -4. The time now is 05:21 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy