Operating System - HP-UX
1820390 Members
3467 Online
109623 Solutions
New Discussion юеВ

SAMBA -- Short and Fully Qualified Hostname Access

 
Alzhy
Honored Contributor

SAMBA -- Short and Fully Qualified Hostname Access

We've configured Samba to be a true member in our Windows Domain where we've a WINS server that we register our Samba service with.

[global]
workgroup = ADO
netbios name = SRV002
server string = CIFS Service (SAMBA 2.2.8f) on SRV002
interfaces = lan900
security = DOMAIN

....

Our enterprise is transitioning to having all users,applications, systems use Fully Qulified Hostnames for accessing all services including Windows and Windows like shares.

All Reak Windows servers can be accessed both by the SHORT (NetBios/WINS provided) names as well as Fully Qualified Hostnames. However, our SAMBA services cannot be accessed via Fully Qualified Hostname.. only via its shortname. PC Clients have both WINS and DNS enabled...

Anyone know if this is indeed the behaviour of SAMBA -- that it's shares while in DOMAIN security mode can only be accessed via short names?

Thanks!
Hakuna Matata.
9 REPLIES 9
Steven E. Protter
Exalted Contributor

Re: SAMBA -- Short and Fully Qualified Hostname Access

These machines are registered with FQDN?

I would think this problem can be addressed with the DNS database.

Compare the windows servers entries to those of the HP-UX. There may be a difference that lets you fix this.

Also, what is the hostname of the machines.

A machine can be: server1

or it can be server1.domain.net

So long as the domain part is not more than 8 characters.

Check /etc/rc.config.d/netconf

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Alzhy
Honored Contributor

Re: SAMBA -- Short and Fully Qualified Hostname Access

PC Clients use both WINS and DNS at the same time. Our SAMBA servers register with WINS using the default .. meaning its hostname.

All our servers have hostnames in the short form. They are all in DNS of course.

/etc/hosts include alias for the server's fqdn i.e.:

23.5.100.34 srv001 srv001.india.com loghost

SAMBA Servers:
net view \\srv001 - works
net view \\srv001.india.com - does not work

Real Windows Servers:
net view \\winsrv - works
net view \\winsrv.india.com -- works as well

Hakuna Matata.
TwoProc
Honored Contributor

Re: SAMBA -- Short and Fully Qualified Hostname Access

I think that the name is in WINS (why it is resolving is short name), but not in any place that can resolver a longer name (dns server, host file) - whichever service is hosting your full names. I would think that just adding the same entry to your dns server/host file would resolve (pun intended) your issue.
We are the people our parents warned us about --Jimmy Buffett
Geoff Wild
Honored Contributor

Re: SAMBA -- Short and Fully Qualified Hostname Access

You need Winbind enabled....

TO smb.conf, add:

wins server = YOURBDC1, YOURBDC2
idmap uid = 10000-30000
idmap gid = 10000-30000
template primary group = users
winbind separator = +
winbind enum users = No
winbind enum groups = No

Users added like so:

valid users = YOURNTDOMAIN+group1, YOURNTDOMAIN+user1, YOURNTDOMAIN+user2


setup /etc/nsswitch.conf
#
# /etc/nsswitch.files:
#
# @(#)B.11.11_LR
#
# An example file that could be copied over to /etc/nsswitch.conf; it
# does not use any name services.
#
passwd: files winbind
group: files winbind


Start winbind with startsmb -w


Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
Alzhy
Honored Contributor

Re: SAMBA -- Short and Fully Qualified Hostname Access

Geoff,

Will WINBIND solve our long name/shortname resolution? I thought it is only for the UNIX SAMBA client's benefit?

Remember the net view examples are FROM Windows PC Clients not SAMBA clients (UNIX).

Our WINDOWS PC Clients (Clients to the SAMBA shares) are set up for both WINS and DNS.

'been a long time since I've used SAMBA actively.. back then, windbindd was not available yet.
Hakuna Matata.
David Bell_1
Honored Contributor

Re: SAMBA -- Short and Fully Qualified Hostname Access

Nelson,

From the Using Samba Handbook from O'Reilly:

Where the long (FQDN) form of a hostname works but the short name doesn't (for example, client.example.com works but client doesn't), consider the following:

DNS:

This usually indicates there is no default domain in which to look up the short names. Look for a default line in /etc/resolv.conf on the Samba server with your domain in it, or a search line with one or more domains in it. One or the other may need to be present to make short names usable; which one depends on vendor and version of the DNS resolver. Try adding domain your domain to resolv.conf and ask your network or DNS administrator what should have been in the file.

Broadcast/WINS:

Broadcast/WINS doesn't support long names; it won't suffer from this problem.

NIS:

Try the command ypmatch hostname hosts. If you don't get a match, your tables don't include short names. Speak to your network manager; short names may be missing by accident, or may be unsupported as a matter of policy. Some sites don't ever use (ambiguous) short names.

NIS+ :

Try nismatch hostname hosts, and treat failure exactly as with NIS above.

hosts:

If the short name is not in /etc/hosts, consider adding it as an alias. Avoid, if you can, short names as primary names (the first one on a line). Have them as aliases if your system permits.

LMHOSTS:

LAN Manager doesn't support long names, so it won't suffer from this problem.

On the other hand, if the short form of the name works and the long doesn't, consider the following:

DNS:

This is bizarre; see your network or DNS administrator, as this is probably a DNS setup bug.

Broadcast/WINS:

This is a normal bug; Broadcast/WINS can't use the long form. Optionally, consider DNS. Microsoft has stated that they will switch to DNS, though it's not providing name types like <00>.

NIS:

If you can use ypmatch to look up the short form but not the long, consider adding the long form to the table as at least an alias.

NIS+:

Same as NIS, except you use nismatch instead of ypmatch to look up names.

hosts:

Add the long name as at least an alias, and preferably as the primary form. Also consider using DNS if it's practical.

LMHOSTS:

This is a normal bug. LAN Manager can't use the long form; consider switching to DNS or host
Geoff Wild
Honored Contributor

Re: SAMBA -- Short and Fully Qualified Hostname Access

The only other thing I can think of - has the server been added to the domain?

/opt/samba/bin/net rpc join -U administrator

You will need a NT admin to enter the password...

Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
Alzhy
Honored Contributor

Re: SAMBA -- Short and Fully Qualified Hostname Access

Geoff,

Ad I mentioned erlier.. yes the SAMBA servers are True DOmain Members. Since we're running SAMBA 3.x -- the syntax is no longer "smbpasswd -j" , it is now "net join" or "net oldjoin"
Hakuna Matata.
Geoff Wild
Honored Contributor

Re: SAMBA -- Short and Fully Qualified Hostname Access

All my samba servers are now in ADS mode...except one - because it is still (shame) on HP-UX 11.00....

For that one, I use security=server, no winbind (not supported)...

I can net view either short name or FQDN for all....

I don't think your issue is a samba issue...

Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.