[Samba] Strange issue with share access on domain controllers

Sébastien Le Ray sebastien-samba at orniz.org
Mon Jul 13 15:52:54 UTC 2015 

Nice try but it is an AD one ;-)

Seems that the netbios aliases did the trick. Maybe manpage should be 
updated since reading it does suggest (to me at least) that it is only 
related to netbios announces (broadcasting when no DNS is available), 
but also seems to be involved in share access.

Regards

Le 13/07/2015 16:53, L.P.H. van Belle a écrit :
> Make sure you use the new GPO policies.
> Looks like the problem "[Samba] Windows 10 in Samba 3 domain: netlogon share access denied"
>
> Its not only for windows 10, also 7 and 8.x
>
> Solution: GPEDIT.MSC -> Computer -> Administrative templates -> Network
> -> Networkprovider -> Hardened UNC Paths
>
> Added
>
> \\foo.lan\netlogon and Value:
> RequireMutualAuthentication=0,RequireIntegrity=0,RequirePrivacy=0
>
> also added this for \\dc1\... and \\dc1.e2c.lan\... works :)
>
>
>   
>
>> -----Oorspronkelijk bericht-----
>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Zerwes, Klaus
>> Verzonden: maandag 13 juli 2015 15:53
>> Aan: Sébastien Le Ray; Samba Mailing List
>> Onderwerp: Re: [Samba] Strange issue with share access on
>> domain controllers
>>
>> set
>>
>> netbios aliases =
>>
>> in the global section of smb.conf
>>
>> Good luck
>>
>> Klaus
>>
>> Klaus Zerwes
>> Rosa Luxemburg Stiftung | IT-Auslandskoordinator
>> Franz-Mehring-Platz 1   | 10243 Berlin
>>
>> Tel. +49 30 44310-555   | Fax +49 30 44310-182
>> zerwes at rosalux.de       | www.rosalux.de
>>
>> ________________________________________
>> Von: samba [samba-bounces at lists.samba.org]" im Auftrag
>> von "Sébastien Le Ray [sebastien-samba at orniz.org]
>> Gesendet: Sonntag, 12. Juli 2015 18:41
>> An: Samba Mailing List
>> Betreff: [Samba] Strange issue with share access on domain controllers
>>
>> Hi list,
>>
>> I've a strange issue with Windows 7 (also occurs on 8.1) when accessing
>> shares on domain controllers. If I use IP address or in-domain FQDN
>> (server.domain.name), all is right. If I use another DNS entry pointing
>> to the same IP, share access fails with following message (translated
> >from french) :
>> \\somehost.somsuffix\someshare is not accessible. [?]  Invalid
>> parameter
>>
>> Issue occurs on both sysvol, netlogon and custom shares (yes evil not
>> the point)
>>
>> Log does not seem to contain anything relevant, last line
>> before failure
>> is [CLIENT IP] (ipv4:[Client IP]:49296) connect to service [share]
>> initially as user [DOMAIN\User] (uid=[uid], gid=[main gid]) (pid 15374)
>>
>> Issue occurs on all tested machines, with different account names, on
>> (at least) two differrent DC. Access is fine from smbclient no
>> matter if
>> I use IP, domain FQDN or alternate FQDN.
>>
>> smb.conf snipped (sysvol & netlogon are default provisioned ones)
>>
>> [global]
>>          workgroup = SOMEDOM
>>          realm = somedom.fdqdn
>>          netbios name = SOMEDC
>>          server string = AD DC SOMEDC
>>          server role = active directory domain controller
>>
>>          idmap_ldb:use rfc2307 = yes
>>
>>          interfaces = someIP/24
>>          bind interfaces only = Yes
>>
>>          template shell = /bin/false
>>          template homedir = /data/homes/%ACCOUNTNAME%
>>
>>          dns forwarder = 127.0.0.1
>>
>>
>>
>> Regards,
>>
>> Sébastien
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>> -- 
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>>
>

More information about the samba mailing list