SAMBA не пускает с другой сети

[Zoldan]

Доброго времнени суток.

Беда! Win домен, сеть порядка 300 машин winXP и 7. Сеть разбита на несколько сегментов, соединенных между собой по VPN. Почти в каждом сегменте есть свой домен контроллер, привязанный к сайту сегмента сети.

В этом всем безобразии есть Linux сервер занимающийся приемом факсов. Принятые факсы он складывает в расшаренную SAMB'ой шару.

Беда вот в чем. Если пользователь заходит с тойже сети в которой находится SAMBA, то все ок, а если с любой другой, то может пройти только пару вложенных папок, а при заходе в папку с факсами exsplorer благополучно вешается, и в конце коцев выдает сообщение что доступ не может быть получен.... и ниже "не найдено имя группы"

Linux машина в домене, группы и пользователей получает вроде нормально

## Browsing/Identification ### # Change this to the workgroup/NT-domain name your Samba server will part of workgroup = RDS realm = RDS.LAN local master = no preferred master = no # server string is the equivalent of the NT Description field server string = %h server (Samba, Ubuntu) # Windows Internet Name Serving Support Section: # WINS Support - Tells the NMBD component of Samba to enable its WINS Server # wins support = no # WINS Server - Tells the NMBD components of Samba to be a WINS Client # Note: Samba can be either a WINS Server, or a WINS Client, but NOT both ; wins server = w.x.y.z # This will prevent nmbd to search for NetBIOS names through DNS. dns proxy = no # What naming service and in what order should we use to resolve host names # to IP addresses ; name resolve order = lmhosts host wins bcast #### Networking #### # The specific set of interfaces / networks to bind to # This can be either the interface name or an IP address/netmask; # interface names are normally preferred ; interfaces = 127.0.0.0/8 eth0 hosts allow = 192.168. # Only bind to the named interfaces and/or networks; you must use the # 'interfaces' option above to use this. # It is recommended that you enable this feature if your Samba machine is # not protected by a firewall or is a firewall itself. However, this # option cannot handle dynamic or non-broadcast interfaces correctly. ; bind interfaces only = yes #### Debugging/Accounting #### # This tells Samba to use a separate log file for each machine # that connects log file = /var/log/samba/log.%m # Cap the size of the individual log files (in KiB). max log size = 1000 # If you want Samba to only log through syslog then set the following # parameter to 'yes'. # syslog only = no # We want Samba to log a minimum amount of information to syslog. Everything # should go to /var/log/samba/log.{smbd,nmbd} instead. If you want to log # through syslog you should set the following parameter to something higher. syslog = 0 # Do something sensible when Samba crashes: mail the admin a backtrace panic action = /usr/share/samba/panic-action %d ####### Authentication ####### # "security = user" is always a good idea. This will require a Unix account # in this server for every user accessing the server. See # /usr/share/doc/samba-doc/htmldocs/Samba3-HOWTO/ServerType.html # in the samba-doc package for details. security = ADS auth methods = winbind password server = dc-01.rds.lan, dc-02.rds.lan, dc-03.rds.lan, dc-05.rds.lan # You may wish to use password encryption. See the section on # 'encrypt passwords' in the smb.conf(5) manpage before enabling. encrypt passwords = true dns proxy = no socket options = TCP_NODELAY # If you are using encrypted passwords, Samba will need to know what # password database type you are using.  passdb backend = tdbsam obey pam restrictions = yes # This boolean parameter controls whether Samba attempts to sync the Unix # password with the SMB password when the encrypted SMB password in the # passdb is changed. unix password sync = yes # For Unix password sync to work on a Debian GNU/Linux system, the following # parameters must be set (thanks to Ian Kahan <<kahan@informatik.tu-muenchen.de> for # sending the correct chat script for the passwd program in Debian Sarge). passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . # This boolean controls whether PAM will be used for password changes # when requested by an SMB client instead of the program listed in # 'passwd program'. The default is 'no'. pam password change = yes # This option controls how unsuccessful authentication attempts are mapped  # to anonymous connections map to guest = bad user ########## Domains ########### # Is this machine able to authenticate users. Both PDC and BDC # must have this setting enabled. If you are the BDC you must # change the 'domain master' setting to no # ; domain logons = yes # # The following setting only takes effect if 'domain logons' is set # It specifies the location of the user's profile directory # from the client point of view) # The following required a [profiles] share to be setup on the # samba server (see below) ; logon path = \\%N\profiles\%U # Another common choice is storing the profile in the user's home directory # (this is Samba's default) # logon path = \\%N\%U\profile # The following setting only takes effect if 'domain logons' is set # It specifies the location of a user's home directory (from the client # point of view) ; logon drive = H: # logon home = \\%N\%U # The following setting only takes effect if 'domain logons' is set # It specifies the script to run during logon. The script must be stored # in the [netlogon] share # NOTE: Must be store in 'DOS' file format convention ; logon script = logon.cmd # This allows Unix users to be created on the domain controller via the SAMR # RPC pipe. The example command creates a user account with a disabled Unix # password; please adapt to your needs ; add user script = /usr/sbin/adduser --quiet --disabled-password --gecos "" %u # This allows machine accounts to be created on the domain controller via the  # SAMR RPC pipe.  # The following assumes a "machines" group exists on the system ; add machine script = /usr/sbin/useradd -g machines -c "%u machine account" -d /var/lib/samba -s /bin/false %u # This allows Unix groups to be created on the domain controller via the SAMR # RPC pipe.  ; add group script = /usr/sbin/addgroup --force-badname %g ########## Printing ########## # If you want to automatically load your printer list rather # than setting them up individually then you'll need this # load printers = yes # lpr(ng) printing. You may wish to override the location of the # printcap file ; printing = bsd ; printcap name = /etc/printcap # CUPS printing. See also the cupsaddsmb(8) manpage in the # cupsys-client package. ; printing = cups ; printcap name = cups ############ Misc ############ # Using the following line enables you to customise your configuration # on a per machine basis. The %m gets replaced with the netbios name # of the machine that is connecting ; include = /home/samba/etc/smb.conf.%m # Most people will find that this option gives better performance. # See smb.conf(5) and /usr/share/doc/samba-doc/htmldocs/Samba3-HOWTO/speed.html # for details # You may want to add the following on a Linux system: # SO_RCVBUF=8192 SO_SNDBUF=8192 # socket options = TCP_NODELAY # The following parameter is useful only if you have the linpopup package # installed. The samba maintainer and the linpopup maintainer are # working to ease installation and configuration of linpopup and samba. ; message command = /bin/sh -c '/usr/bin/linpopup "%f" "%m" %s; rm %s' & # Domain Master specifies Samba to be the Domain Master Browser. If this # machine will be configured as a BDC (a secondary logon server), you # must set this to 'no'; otherwise, the default behavior is recommended. domain master = no local master = no preferred master = no os level = 0 domain logons = no # Some defaults for winbind (make sure you're not using the ranges # for something else.) idmap uid = 10000-40000 idmap gid = 10000-40000 winbind use default domain = yes winbind refresh tickets = yes case sensitive = No ; template shell = /bin/bash # The following was the default behaviour in sarge, # but samba upstream reverted the default because it might induce # performance issues in large organizations. # See Debian bug #368251 for some of the consequences of *not* # having this setting and smb.conf(5) for details. winbind enum groups = yes winbind enum users = yes # Setup usershare options to enable non-root users to share folders # with the net usershare command. # Maximum number of usershare. 0 (default) means that usershare is disabled. ; usershare max shares = 100 # Allow users who've been granted usershare privileges to create # public shares, not just authenticated ones # usershare allow # guestsкуакrefresh # guest account = guest # [Входящие факсы] browseable = yes path = /home/tux/FAX/incoming guest ok = Yes valid users = "@RDS\Пользователи домена" read list = "@RDS\Пользователи домена" write list = "@RDS\FAX_RW" create mask = 664 directory mask = 664 force group = "@RDS\FAX_RW" readonly = No [share] browseable = yes #valid users = "@RDS\Администраторы домена" #write list = "@RDS\Администраторы домена" #read list = "@RDS\Администраторы домена" path = /home/tux/share readonly = no directory mask = 666 guest ok = Yes [TEST] browseable = yes path = /home/tux/TEST readonly = no guest ok = yes

Расшаренна папка incoming, в ней есть папка 2012->Февраль->тут файлы с факсами *.tif Нормально доходит до папки "Январь", а при входе в нее все виснит

Помогите, где копать?

Samba 3.4.7, ubuntu 10.04 server

Вообщем заметил такую странность, если папка пустая, то открывается, если там 4-10 файлов (на разных компах проявляется по разному), то не пускает...

вот что в логе:

[2012/02/29 09:17:29, 1] smbd/service.c:1063(make_connection_snum)

dc-02 (192.168.15.7) connect to service Входящие факсы initially as user RDS\druide (uid=10500, gid=10261) (pid 6098)

[2012/02/29 09:17:59, 1] smbd/service.c:1240(close_cnum)

dc-02 (192.168.15.7) closed connection to service Входящие факсы

[2012/02/29 09:17:59, 0] lib/util_sock.c:539(read_fd_with_timeout)

[2012/02/29 09:17:59, 0] lib/util_sock.c:1498(get_peer_addr_internal)

getpeername failed. Error was Transport endpoint is not connected

read_fd_with_timeout: client 0.0.0.0 read error = Connection reset by peer.

[2012/02/29 09:18:11, 1] smbd/service.c:1063(make_connection_snum)