Nov 12

Dynamic Proxy Auto Configuration

Some businesses still rely on the the Proxy auto-config file format originally designed by Netscape in 1996.  I have had instances where the javascript can get pretty complex and long.  Plus sometimes I have to rely on the javascript to report the IP address of the client accurately.  Sometimes the browser reports 127.0.0.1 or even IPv6 addresses.  Meaning the rules in the PAC file becomes useless since they are making decisions on where to direct the client based on its subnet.

One other idea is to use PHP to generate the javascript dynamically.  For one you can really simplify the code by reading your lists from files into arrays dynamically but also you can correctly capture the IP address of the client.

Example: I simplified it a little for readability and its been a while since I played with this so don't recall if this one actually was a working copy.

<?php
    $proxy = "mainsquid001.domain.com";
    $port  = "3128";

    header ("Content-type: application/x-ns-proxy-autoconfig");
    header ("Date: " . gmdate('D, d M Y H:i:s \G\M\T', time ()));
    header ("Last-Modified: " . gmdate('D, d M Y H:i:s \G\M\T', time ()));
    header ("Expires: " . gmdate('D, d M Y H:i:s \G\M\T', time () + 60 * 30));

    #echo "// Request from: " . $_SERVER ['REMOTE_ADDR'] . "\n";
    #echo "// OS: " . $_SERVER ['HTTP_USER_AGENT'] . "\n";

    $netProxyMap = array('172.16'=>'uksquid001','172.19'=>'casquid001');
    // I removed a lot of subnets from above array for readability.
    $ipA = explode(".", $_SERVER ['REMOTE_ADDR']);
    $bNetPart = $ipA[0] . "." . $ipA[1];
    $cNetPart = $bNetPart . "." . $ipA[2];
  
    if ( array_key_exists($cNetPart, $netProxyMap) ) {
      $proxy = $netProxyMap[$cNetPart] . ".domain.com";      	
    } else {
	if ( array_key_exists($bNetPart, $netProxyMap) ) {
          $proxy = $netProxyMap[$bNetPart] . ".domain.com";      	
        }
    }
?>

// Proxy Servers
var proxy = "PROXY <?php echo $proxy; ?>:<?php echo $port?>;";
var dmzproxy = "PROXY dmzproxy.domain.com:3128;";

// Proxy Logic
function FindProxyForURL(url, host)
{
    if (url.substring(0,6)=="https:") { return "DIRECT"; }

    else if (shExpMatch(url,"*.google.com*") ||
      shExpMatch(url,"*.gotomeeting.com*") 
      { return "DIRECT"; }

    else if ((host == "localhost") || (shExpMatch(host, "localhost.*")) || (host == "127.0.0.1")) 
     { return "DIRECT;"; }

    else if ( (host == "hostedext1.domain.com") || (host == "hostedext2.domain.com") 
     { return olddmzproxy; }

    else if ((host == "www.domain.com") || (host == "dmzapp1.domain.com")  
     { return dmzproxy; }

    else if (shExpMatch(url,"http://domain.com/")) { return dmzproxy; }

    else if (dnsDomainIs(host, ".domain.com")) { return "DIRECT;"; }

    else if (isPlainHostName(host)) { return "DIRECT;"; } 

    else return proxy;
}

Comments Off on Dynamic Proxy Auto Configuration
comments

Posted in PHP, Squid

Nov 12

CIFS ACLs on ZFS Problem

Recently had an issue with a CIFS share on a Solaris 11 box.  Still not sure how this happened but it turned out there was a weird Idmap mapping.  Active Directory Group and members were correct and group had correct members.  Yet still the users in this group could not write to the folder.

 How to check identities in idmap:

# idmap show -cv rrosso@domain.com
winuser:rrosso@domain.com -> uid:2147483651
Source: Cache
Method: Ephemeral

# idmap show -cv DFS_Corp-CA-Dept-IT_rw@domain.com
wingroup:DFS_Corp-CA-Dept-IT_rw@domain.com -> gid:2147483667
Source: Cache
Method: Ephemeral

Lets just see how the mapping rules look:

# idmap list
add     winuser:*@domain.com  unixuser:*
add     wingroup:*@domain.com unixgroup:*
add     winuser:administrator@domain.com      unixuser:root
add     "wingroup:Domain Users@domain.com"    unixgroup:smbusers

The Active Directory Read-Write group that is not allowing the members to write to the folder:

# idmap show -cv DFS_Eng-CA-Dirs-Engineering-Bugzilla_rw@domain.com
wingroup:DFS_Eng-CA-Dirs-Engineering-Bugzilla_rw@domain.com -> gid:2147484149
Source: Cache
Method: Ephemeral

Looking at the folder called Bugzilla:
Current (broken) acl must be this one user:2147483813 if I look at the gid above.  Not to mention the mapping is not for a group but for a user.

root@zfs001:/tank/dfs/engdirs/engineering/engineering# /bin/ls -v | more
d---------+ 16 2147483650 smbusers      17 Oct 12 14:14 Bugzilla
0:user:2147483813:list_directory/read_data/add_file/write_data
/add_subdirectory/append_data/read_xattr/write_xattr/execute
/read_attributes/write_attributes/delete/read_acl/synchronize
:file_inherit/dir_inherit:allow
1:group:2147483763:list_directory/read_data/add_file/write_data
/add_subdirectory/append_data/read_xattr/write_xattr/execute
/delete_child/read_attributes/write_attributes/delete/read_acl
/synchronize:file_inherit/dir_inherit:allow
2:group:2147483660:list_directory/read_data/read_xattr/execute
/read_attributes/read_acl/synchronize:file_inherit/dir_inherit
:allow

Looking at above something looks odd.  Looking at the windows side we expect three groups to have permission here but spot the "user" listed in the first ACL.

Lets find the three id's.  Left the grep wide open to find all uid and gid matching the number. But really we are just after the gid's:

# idmap dump -n | grep 2147483813
wingroup:Guests@BUILTIN ==      gid:2147483813
wingroup:DFS_Eng-CA-Dirs-Engineering-Bugzilla_rw@domain.com   ==      uid:2147483813

# idmap dump -n | grep 2147483763
winuser:Homey@domain.com     ==      uid:2147483763
wingroup:DFS_Eng-CA-Dirs-Engineering_rw@domain.com    ==      gid:2147483763

# idmap dump -n | grep 2147483660
winuser:Stewey@domain.com     ==      uid:2147483660
wingroup:DFS_Eng-CA-Dirs-Engineering_ro@domain.com    ==      gid:2147483660

# idmap dump -n | grep 2147484149
wingroup:DFS_Eng-CA-Dirs-Engineering-Bugzilla_rw@domain.com   ==      gid:2147484149

 

After we removed and  recreated the group in AD.  Might take a little bit to show up:

# idmap show -cv DFS_Eng-CA-Dirs-Engineering-Bugzilla_rw@domain.com
wingroup:DFS_Eng-CA-Dirs-Engineering-Bugzilla_rw@domain.com -> gid:2147484149
Source: Cache
Method: Ephemeral

# idmap dump -n | grep 2147483813
wingroup:Guests@BUILTIN ==      gid:2147483813
usid:S-1-5-21-1977730361-3076317898-4166923938-22371    ==      uid:2147483813

# idmap dump -n | grep 147484149
wingroup:DFS_Eng-CA-Dirs-Engineering-Bugzilla_rw@domain.com   ==      gid:2147484149

Permissions after re-applying from Windows:

# /bin/ls -dv Bugzilla/
d---------+ 17 2147483650 smbusers      18 Nov 12 20:12 Bugzilla/
     0:group:2147483763:list_directory/read_data/add_file/write_data
         /add_subdirectory/append_data/read_xattr/write_xattr/execute
         /delete_child/read_attributes/write_attributes/delete/read_acl
         /synchronize:file_inherit/dir_inherit:allow
     1:group:2147483660:list_directory/read_data/read_xattr/execute
         /read_attributes/read_acl/synchronize:file_inherit/dir_inherit
         :allow
     2:group:2147484149:list_directory/read_data/add_file/write_data
         /add_subdirectory/append_data/read_xattr/write_xattr/execute
         /read_attributes/write_attributes/delete/read_acl/synchronize
         :file_inherit/dir_inherit:allow

Just checking a new file we just created for good measure:

# /bin/ls -v | grep Test
d---------+  2 2147483740 smbusers       2 Nov 12 20:12 Test

Comments Off on CIFS ACLs on ZFS Problem
comments

Posted in Active Directory, CIFS, Idmap

Nov 06

Python Inject SMTP

Sometimes I want to email from Python and this is pretty easy. Or even just testing mail flow I prefer this over good old "telnet host 25" since we have well constructed headers with smtplib.

#!/usr/bin/python
import datetime
import os
import sys
import smtplib

def warnEmail(SMTPserver, Subject, Body):
 fromaddr = "rrosso@domain.com"
 #toaddrs = ["rcpt1@domain.com","rcpt2@domain.com"]
 toaddrs = ["hostmaster@domain.com"]

 msg = ("From: %s\r\nTo: %s\r\nSubject: %s\r\n\r\n" % (fromaddr, ", ".join(toaddrs),Subject))
 
 server = smtplib.SMTP(SMTPserver)
 msg = msg + Body
 #server.set_debuglevel(1)
 server.sendmail(fromaddr, toaddrs, msg)
 server.quit()

SMTPserver =  'mailhost'
warnEmail(SMTPserver, "Test through " + SMTPserver , "Body test goes \n here!")

Comments Off on Python Inject SMTP
comments

Posted in Python

Nov 06

Python-ldap Query MS Active Directory

I use Python to pull Active Directory information sometimes. In my case mainly to report or view information but also to create files in a LDIF or PowerShell format.  These can be manually run on the Domain Controller later. For instance find all users in a Distribution List or Group and create a rule or ldif entry that can manually be executed line by line. Off course there is also ways with PowerShell and vbscript to do this, but I prefer Python for text manipulation and it is not too cumbersome for me to batch run these files manually later.

I noticed on Ubuntu 12.10 that my query failed with the following error:

ldap.LDAP_CONTROL_PAGE_OID,True,(page_size,'')
AttributeError: 'module' object has no attribute 'LDAP_CONTROL_PAGE_OID'

I found a comment from the developers saying that with python-ldap 2.4
"there have been changes in the API for LDAPv3 extended controls. Please see Demo/page_control.py (and Demo/paged_search_ext_s.py) how to use the simple paged control with 2.4."

I found the source here: http://python-ldap.cvs.sourceforge.net/viewvc/python-ldap/python-ldap/Demo/page_control.py?view=log

I made a new script and tested as shown below:
** Note the following first:

  1. This is a "paged" query meaning you should not have issues if LDAP return a limted number of results.  More detail here: http://support.microsoft.com/kb/315071
  2. You need to install python-ldap of course.  apt-get install python-ldap should work on apt systems.
  3. Check comment about using 512 as userAccountControl.
DistributionList = "CN=IT Infrastructure,CN=Distribution Lists,CN=Users,DC=domain,DC=com"

url = "ldap://usdc101"
base = "dc=domain,dc=com"
#  search_flt = r'(objectClass=*)'
##  I used userAccountControl=512 but that would most certainly exclude some 
##  user accounts in your domain. For instance "66048 Enabled, Password Doesn't Expire"
##  values listed here: http://www.netvision.com/ad_useraccountcontrol.php
search_flt = r'(&(objectCategory=user) (userAccountControl=512) )'

page_size = 10

import ldap,pprint
from ldap.controls import SimplePagedResultsControl

searchreq_attrlist=["displayName","cn","distinguishedName","mail","memberOf"]

ldap.set_option(ldap.OPT_REFERRALS, 0)
l = ldap.initialize(url,trace_level=0)
l.protocol_version = 3
l.simple_bind_s("ADaccount@domain.com", "passsword")

req_ctrl = SimplePagedResultsControl(True,size=page_size,cookie='')

known_ldap_resp_ctrls = {
SimplePagedResultsControl.controlType:SimplePagedResultsControl,
}

# Send search request
msgid = l.search_ext(
base,
ldap.SCOPE_SUBTREE,
search_flt,
attrlist=searchreq_attrlist,
serverctrls=[req_ctrl]
)

pages = 0
i = 0
print "listing users in the list:" + DistributionList

while True:
  pages += 1
  rtype, rdata, rmsgid, serverctrls = l.result3(msgid,resp_ctrl_classes=known_ldap_resp_ctrls)

  for dn, entry in rdata:
    ##  Lets check if the user is a member of the AD List / Group
    try:
      membership = entry['memberOf']
    except:
      membership = 'none'
    if DistributionList in membership:
      i += 1
      print " \"%d\" | \"%s\" " % (i , dn)

  pctrls = [
    c
    for c in serverctrls
    if c.controlType == SimplePagedResultsControl.controlType
  ]
  if pctrls:
    if pctrls[0].cookie:
      # Copy cookie from response control to request control
      req_ctrl.cookie = pctrls[0].cookie
      msgid = l.search_ext(
        base,
        ldap.SCOPE_SUBTREE,
        search_flt,
        attrlist=searchreq_attrlist,
        serverctrls=[req_ctrl]
      )
    else:
      break
  else:
    print "Warning: Server ignores RFC 2696 control."
    break

l.unbind_s()

Comments Off on Python-ldap Query MS Active Directory
comments

Posted in Active Directory, KVM, Python

Nov 06

Python Simple Sort

Quick sort routine...

def sort(array):
  if len(array) <= 1: return array
  mid = len(array) // 2
  return merge (sort(array[0:mid]), sort(array[mid:]))

# this may not be the most thoroughly idiomatic python, or the
# most efficient merge (it duplicates data when "Transmitting")
# but it works
def merge(left, right):
    merged = []

    i = 0
    j = 0
    while(len(merged) < len(left)+len(right)):
        if left[i] < right[j]:
            merged.append(left[i])
            i += 1
            if i == len(left):
                # Knuth, TaoCP Vol 3 5.2.4 Calls this the "transmit"       
                y = right[j:]
                for x in y:
                    merged.append(x)
                break
        else:
            merged.append(right[j])
            j += 1
            if j == len(right):
                y = left[i:]
                for x in y:
                    merged.append(x)
                break

    return merged

a=[1,3,2,4]
b=sort(a)
print b

Comments Off on Python Simple Sort
comments

Posted in Python

Nov 06

Python Nodes In A List

Quick and simple Python list with node insert capabilty.

class Node:
    def __init__(self,value):
        self.data = value
        self.next = 0

class List:
    def __init__(self):
        self.firstNode = Node(0)
    def __ShowNodeData(self,aNode):
        if aNode.next != 0:
           print aNode.data
           self.__ShowNodeData(aNode.next)
    def Dump(self):
        self.__ShowNodeData(self.firstNode)
    def InsertAfter(self,aNode,aNewNode):
        aNewNode.next = aNode.next
        aNode.next = aNewNode
    def InsertBeginning(self,aNewNode):
        aNewNode.next = self.firstNode
        self.firstNode = aNewNode   

nodeA = Node("A")
nodeB = Node("B")
nodeC = Node("C")
nodeD = Node("D")

aList = List()

aList.InsertBeginning(nodeB)
aList.InsertAfter(nodeB,nodeD)
aList.InsertAfter(nodeD,nodeC)
aList.InsertAfter(nodeC,nodeA)
 
aList.Dump()

Comments Off on Python Nodes In A List
comments

Posted in Python

Nov 06

Solaris Idmap Problems

When using the kernel enabled CIFS server on Solaris 11, we found that the idmap service picks Domain Controllers that are located across a WAN link, which cause two problems:
A) slow authentication; or even worse
B) idmap will use a server that disappears when a WAN link goes down which causes havoc

After watching the debug logs I can see that idmap scans the SRV records in DNS to get a list of Domain Controllers in the forest.  Even when config/site_name (not a well documented setting) is set in the SMF properties for idmap, the discovery process still cycles through the whole list of DC's in the forest.  If the first one is unreachable it keeps going until it finds one.  The list of SRV records is pretty much random since Active Directory assigned a weight of 100% to each SRV entry.  So in our case the discovery routine of idmap use basically a random server in a list of 21 Domain Controllers no matter where they live.  As long as its reachable through LDAP.

If the idmap service would just use the DC's listed in the specific site we specify for this CIFS server this would be a much more stable service.  It's possible this could be a bug that needs to be reported to Sun (Oracle) I am not sure.

My work around:

In my case I made local firewall rules on the inferior Windows Domain Controllers to block the specific Solaris CIFS server from connecting to them.  So the idmap logs will still show the unsuccessful attempts connecting to non reachable servers during discovery, but at least it will not be able to use them.  Whereas without the firewall block idmap would happily attach to a reachable DC in India or Australia.

PS C:\Users\Administrator.DOMAIN> netsh advfirewall firewall add rule name="Block Solaris IDMAPD" dir=In new remoteip="172.19.8.62/32,172.19.8.64/32,172.21.8.33/32" Action="Block" protocol="Any" Profile="Domain,Private,Public" enable="no

Ok.

PS C:\Users\Administrator.DOMAIN> netsh advfirewall firewall show rule name="Block Solaris IDMAPD"

Rule Name:                            Block Solaris IDMAPD
----------------------------------------------------------------------
Enabled:                              No
Direction:                            In
Profiles:                             Domain,Private,Public
Grouping:
LocalIP:                              Any
RemoteIP:                             172.19.8.62/32,172.19.8.64/32,172.21.8.33/32
Protocol:                             Any
Edge traversal:                       No
Action:                               Block
Ok.

PS C:\Users\Administrator.DOMAIN> netsh advfirewall firewall set rule name="Block Solaris IDMAPD" new enable="yes"

Updated 1 rule(s).
Ok.

Log entries looks  like this:

# pwd
/var/svc/log

# tail -f system-idmap:default.log
LDAP: frdc001.domain.com:389: Can't connect to the LDAP server
frdc001.sonosite.com: Can't connect to the LDAP server - Operation now in progress
LDAP: dedc002.domain.com:389: Can't connect to the LDAP server
dedc002.sonosite.com: Can't connect to the LDAP server - Operation now in progress
Using server usdc001.sonosite.com:3268

** Note:
Unfortunately the "Using server" log entry is specific to SunOS 5.11 151.0.1.8 which I think translates to Solaris 11 Express.  Even with debugging turned on for all, discovery or ldap I did not get the "Using server" entries on 5.11 11.0.

Check what DNS shows in the forest.  Our case 21 DC's:

# dig _ldap._tcp.domain.com SRV +short
;; Truncated, retrying in TCP mode.
0 100 389 frdc001.domain.com.
<snip>
0 100 389 indc002.domain.com.

Set Debugging Higher. Play with these. All might be too high, especially in a working server:

# svccfg -s idmap setprop 'debug/all = integer: 0'
# svccfg -s idmap setprop 'debug/ldap = integer: 1'
# svccfg -s idmap setprop 'debug/discovery = integer: 1'

Refresh the service to reload configuration change:

# svcadm refresh svc:/system/idmap:default

Set site_name :

# svccfg -s idmap setprop 'config/site_name = astring: US'
# svcadm refresh svc:/system/idmap:default

If the site name is not set the discovery process will complain that no site found.  It does not really affect anything since it goes and use any DC in the forest anyhow but I would think if site is set the discovery should behave better.

Check the SRV record for US site as we configured in Active Directory:

# dig _ldap._tcp.US._sites.domain.com SRV +short
0 100 389 usdc101.domain.com.
<snip>
0 100 389 usdc001.domain.com.

Check the CA site:

# dig _ldap._tcp.CA._sites.domain.com SRV +short
0 100 389 cadc001.domain.com.
0 100 389 cadc002.domain.com.

Check if this service is running. Might be required:

# svcs name-service-cache
STATE          STIME    FMRI
online         Jun_04   svc:/system/name-service-cache:default

TODO:

- Check how the Solaris ZFS appliance does this.  It does not appear to suffer the same fate.

Links:

http://docs.oracle.com/cd/E19082-01/819-3194/adsetup-2/index.html

Comments Off on Solaris Idmap Problems
comments

Posted in CIFS, Solaris

Nov 06

Python Exec Linux Process

While I am writing a curses based recording application in Python I thought it a good idea to jot down what I did to call a process and get the pid, then run for a set number of minutes and then kill the pid.

def doit_func():
output = subprocess.check_output(["/usr/bin/v4l2-ctl","--device=/dev/" + cfg_dict['source'],"--set-ctrl=video_bitrate="
 +  cfg_dict['bitrate']])

    tsStream = open(cfg_dict['target'],"wb")

    catProc = subprocess.Popen(["/bin/cat","/dev/video1","&"], stdout=tsStream)
    pid = str(catProc.pid) 

    start_time = time.time()
    elapsed_mins = 0

    while elapsed_mins != mins:
      counter = counter + 1
      elapsed_mins = int(time.time() - start_time) / 60
      draw_dict("recording for " + str(elapsed_mins) + " mins")

    output = subprocess.check_output(["/bin/kill","-9",pid])

Comments Off on Python Exec Linux Process
comments

Posted in Python

Nov 06

Multidimensional array in python 

#!/usr/bin/python 
rows=5;cols=2 
players=[[0]*cols for _ in xrange(rows)] 
print "####### Print Original Array ###################" 
print players 
print "\n" 

print "####### Direct Access ###################" 
print "going to set [0][0]=S9 and [3][1]=D3" 
players[0][0]='S9' 
players[3][1]='D3' 
print players 
print "\n" 

print "####### Append Col ###################" 
print "going to add to [2] value C7, and add to [4] value S4" 
players[2].append('C7') 
players[4].append('S4') 
print players 
print "\n" 

print "####### Append Row ###################" 
print "going to add row [5]" 
players.extend([[0]*cols]) 
print players 
print "\n" 

print "####### Print Complete Rows ###################" 
for row in range(len(players)): 
    print players[row] 
print "\n" 

print "####### Print item for item, by Column by Row ######" 
for row in range(len(players)): 
    for col in range(len(players[row])): 
        print str(players[row][col]).rjust(10), 
    print

REF: http://stackoverflow.com/questions/261006/multidimensional-array-python

Comments Off on Multidimensional array in python
comments

Posted in Python

Nov 06

Troubleshoot DFS Connectivity on Clients

To troubleshoot when clients have issues accessing DFS shares. This occurs mostly over VPN connections. Just a few notes to help troubleshooting these cases. Mostly this happens on Windows XP or when DNS settings are incorrect.

  • Make sure machines can see each other, for example ping both ends.
  • Make sure you enable file sharing.
  • Make sure client is in the same DOMAIN.
  • Enable NetBIOS over TCP/IP.
  • Make sure no firewall/security software block sharing.
  • Create the same username and password on all shared computers.
  • Disable the IPv6 from the property page of the NIC.
  • Reset Network Security LAN Manager Authentication Level from the default setting (NTLMv2 only) to Send LM & NTLM - use NTLMv2 session if negotiated.
  • To rule out permissions test the users account on a different XP client. For instance a Windows XP client hooked up to a guest Internet port, logged in locally as relevant user, using user’s own VPN account and then trying DFS. This will ensure it is a DFS/DNS issue on client’s pc or network and not a generic permissions issue.
    Check general requirements (VPN interface):

    C:\Program Files\Support Tools>ipconfig /all

    Check for correct DNS servers, WINS servers and DNS suffix. While connected to VPN use nslookup to check if correct DNS server is being used.

    **Note if you are experiencing DNS hijacking as done by some ISP's, it is out of scope of this document and need to be resolved first.

    Check output of this DNS command for DFS and/or DNS server entries:

    C:\Program Files\Support Tools>ipconfig /displaydns

    Test basic non DNS Windows file sharing:

    C:\Program Files\Support Tools>start \\172.20.10.222
** You should see an explorer window displaying the volumes of this server.

C:\Program Files\Support Tools>net view \\172.20.10.222
Shared resources at \\172.20.10.222
Share name  Type  Used as  Comment
-------------------------------------------------------------------------------
NETLOGON    Disk           Logon server share
SYSVOL      Disk           Logon server share
The command completed successfully.

    Try DFS share from command line:

    C:\Program Files\Support Tools>net use * \\YOUR_DOMAIN\TOP_LEVEL_SHARE

    Install Windows XP Service Pack 2 Support Tools:
    http://www.microsoft.com/downloads/en/details.aspx?FamilyID=49ae8576-9bb9-4126-9761-ba8011fabf38&displaylang=en

    Run dfsutil /pktinfo and record results:

     C:\Program Files\Support Tools>dfsutil /pktinfo
--mup.sys--
3 entries...
Entry: \domain.com\SysVol
ShortEntry: \domain.com\SysVol
Expires in 0 seconds
UseCount: 0 Type:0x1 ( DFS )
   0:[\server0.domain.com\SysVol] State:0x131 ( ACTIVE )
   1:[\server1.domain.com\SysVol] State:0x21 ( )
...snip
  16:[\server16.domain.com\SysVol] State:0x21 ( )

Entry: \domain.com\corp
ShortEntry: \domain.com\corp
Expires in 0 seconds
UseCount: 2 Type:0x8081 ( REFERRAL_SVC DFS )
   0:[\server0\Corp] State:0x119 ( ACTIVE )
   1:[\server1\Corp] State:0x09 ( )
...snip
  11:[\server11\Corp] State:0x09 ( )

Entry: \domain.com\corp\us
ShortEntry: \domain.com\corp\us
Expires in 360 seconds
UseCount: 0 Type:0x8001 ( DFS )
   0:[\server0\DFSData$\usdfs101_data1\corp\US] State:0x131 ( ACTIVE )

Done processing this command.

    Run dfsutil /spcinfo and record results:

     C:\Program Files\Support Tools>dfsutil /spcinfo
[*][server.sonosite.com]
[*][DOMAIN]
[*][domain.com]
[+][domain.com]
        [+server0.sonosite.com]
...snip
Done processing this command.

    Links:
    http://support.microsoft.com/kb/975440

Comments Off on Troubleshoot DFS Connectivity on Clients
comments

Posted in DFS

« Older Entries
Newer Entries »