[Samba] access my created share in smb.conf Only by Ip

Ricky Nance ricky.nance at weaubleau.k12.mo.us
Mon Nov 5 06:42:42 MST 2012


With that provision line, you will default to the internal_dns dns server,
if you want to use bind9_dlz you will need to specify
--dns-backend=BIND9_DLZ ,this is the excerpt if you run samba-tool domain
provision --help....

-dns-backend=NAMESERVER-BACKEND
                        The DNS server backend. samba_internal is the
builtin
                        name server (default), bind9_flatfile uses bind9
text
                        database to store zone information, bind9_dlz uses
                        samba4 AD to store zone information, none skips the
                        DNS setup entirely (not recommended)

Provisioning with the internal DNS server may work fine for you (it may
not, I don't know your situation exactly), but you can't run bind, then run
samba and expect it to work, you can run one or the other, but if bind is
running, and you start samba, the only errors you will see are in the
samba/log/log.samba file, samba itself will not stop, but rather that one
service samba spawns will not run. This is the same for any other service
taking a port samba uses, if it is running first, samba will just not run
that service. The code is in place and the samba binary should stop and
throw an error, but for some reason its not functioning properly. You can
verify what ports samba is using by doing a 'netstat -anp | grep samba |
grep "LISTEN " ' (notice the space after the "LISTEN ")

Good luck,
Ricky

On Sun, Nov 4, 2012 at 10:54 PM, Mohammad Ebrahim Abravi <lamp.mia at gmail.com
> wrote:

> *samba4 provision line : *
> provision --realm=hum-office.xxx.xx.xx --domain=HUM-Office
> --adminpass='p4$$word' --server-role=dc
>
> *smb.conf :*
>
> ============================================================================================
> # Global parameters
> [global]
>         workgroup = HUM-OFFICE
>         realm = hum-office.xxx.xx.xx
>         netbios name = HUM-AD
>         server role = active directory domain controller
>         passdb backend = samba4
>
>
> [netlogon]
>         path =
> /usr/local/samba/var/locks/sysvol/hum-office.xxx.xx.xx/scripts
>         read only = No
>
> [sysvol]
>         path = /usr/local/samba/var/locks/sysvol
>         read only = No
>
> [profiles]
>         path =
> /usr/local/samba/var/locks/sysvol/hum-office.xxx.xx.xx/profiles
>         browseable = yes
>         read only = no
>
> [ShareDir]
>         path = /ShareDir
>         read only = No
>         create mask = 0600
>         directory mask = 0700
>
> ============================================================================================
>
>
> *Bind bind-9.9.1-P2 : *
>
> built with '--with-gssapi=/usr/include/gssapi' '--prefix=/usr'
> '--mandir=/usr/share/man' '--infodir=/usr/share/info'
> '--sysconfdir=/etc/bind' '--localstatedir=/var' '--enable-threads'
> '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static'
> '--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld'
> '--with-geoip=/usr' '--enable-ipv6' 'CFLAGS=-fno-strict-aliasing'
> 'LDFLAGS=-Wl,-Bsymbolic-functions' 'CPPFLAGS=-D_FORTIFY_SOURCE=2'
> '--with-dlz-dlopen=yes' '--with-dlopen=yes'
>
>
>
> ============================
> *named.conf*======================================
> include "/etc/bind/named.conf.options";
> include "/usr/local/samba/private/named.conf";
>
> =============================================================================
>
> =============================
> *named.conf.options*=================================
> options {
>         directory "/var/cache/bind";
> tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab";
>
> allow-recursion  {
> 192.168.25.0/24;127.0.0.1;192.168.113.0/24;192.168.112.0/24;};
> allow-query      {
> 192.168.25.0/24;127.0.0.1;192.168.113.0/24;192.168.112.0/24; };
> allow-query-cache{
> 192.168.25.0/24;127.0.0.1;192.168.113.0/24;192.168.112.0/24;};
>
> forwarders {
>         4.2.2.4
> };
>         dnssec-validation yes;
>
>         auth-nxdomain no;    # conform to RFC1035
>         listen-on-v6 { any; };
> };
> server ::/0 {
>       edns no;
> };
>
> server 0.0.0.0/0 {
>       edns no;
> };
>
> =============================================================================
>
> On Wed, Oct 31, 2012 at 2:22 PM, Rowland Penny <repenny at f2s.com> wrote:
>
> > Can you please give us your samba4 provision line, a copy of your
> smb.conf
> > and tell us if bind9 is running on the samba4 server.
> >
> > Without this information, nobody can start to help you sort out your
> > problem.
> >
> > Rowland
> >
> >
> > On 31/10/12 09:56, Mohammad Ebrahim Abravi wrote:
> >
> >> Hello
> >>
> >> Upgrade to samba4 rc4 But this problem not solved !!!!
> >>
> >> On Sat, Oct 20, 2012 at 12:40 PM, Rowland Penny <rpenny at f2s.com> wrote:
> >>
> >>  On 20/10/12 08:20, Mohammad Ebrahim Abravi wrote:
> >>>
> >>>  Hello
> >>>>
> >>>> use your recommendations , Results:
> >>>>
> >>>> samba4 rc3
> >>>> *s4-ad -> samba server Host name
> >>>> test.s4.com -> domain name*
> >>>> *Dns Server -> Samba Internal DNS server , Bind 9.9.1-P2*
> >>>> *win xp*
> >>>>
> >>>> \\test.s4.com  no  access
> >>>> \\192.168.1.6 ->  no  access
> >>>>
> >>>> \\test.s4.com\myshare   ->  no  access
> >>>> \\192.168.1.6\myshare  ->  no  access
> >>>>
> >>>>
> >>>> *Note*: this options set for change mandatory profile owner to
> >>>>
> >>>> AdministratorS :
> >>>> server services = +smb -s3fs
> >>>> dcerpc endpoint servers = +winreg +srvsvc
> >>>>
> >>>>
> >>>> Thanks
> >>>>
> >>>>
> >>>> On Wed, Oct 17, 2012 at 6:54 PM, Carlos R. Pena Evertsz <
> >>>> carlosrpevertsz at gmail.com> wrote:
> >>>>
> >>>>   Let Mohammad try my recommendations and them we will talk about it.
> >>>>
> >>>>>
> >>>>>
> >>>>> On 10/17/2012 9:07 AM, Rowland Penny wrote:
> >>>>>
> >>>>>   On 17/10/12 15:20, Carlos R. Pena Evertsz wrote:
> >>>>>
> >>>>>>   Hi Mohammad,
> >>>>>>
> >>>>>>> I had the same problem like many others,  so I think samba should
> >>>>>>> include a note like mine in their documentation.
> >>>>>>>
> >>>>>>> This is the trick for successfully access the share with the
> >>>>>>> hostname..
> >>>>>>>
> >>>>>>> Be sure you have the following lines in the smb.conf:
> >>>>>>>
> >>>>>>> netbios name = yourhostname
> >>>>>>>
> >>>>>>>   This is set by default
> >>>>>>>
> >>>>>>    wins support = yes
> >>>>>> This turns on the wins server, you should only turn this on if it is
> >>>>>> the
> >>>>>> only one.
> >>>>>>
> >>>>>>
> >>>>>>   Find the "name resolve order" directive and be sure you have it in
> >>>>>> the
> >>>>>>
> >>>>>>> following order.
> >>>>>>>
> >>>>>>> name resolve order = wins lmhosts hosts bcast
> >>>>>>>
> >>>>>>>
> >>>>>>> Add the following line:
> >>>>>>>
> >>>>>>> hosts allow = the host ip / mask
> >>>>>>>
> >>>>>>> Where the host ip is your server ip.
> >>>>>>>                the mask is the mask you are using in all your
> windows
> >>>>>>> clients.
> >>>>>>>
> >>>>>>>   If you set it like this, the only machine that will be able to
> >>>>>>> connect
> >>>>>>>
> >>>>>> would be the server itself. It should be, from data supplied,
> >>>>>> 192.168.1.0/255.255.255.0 This would allow any computer on the
> subnet
> >>>>>> to
> >>>>>> connect.
> >>>>>>
> >>>>>>    This is the most important thing. For example If you have in your
> >>>>>> server
> >>>>>>
> >>>>>>  the mask 255.255.0.0 then all your clients must have the same
> network
> >>>>>>> mask.
> >>>>>>> Windows clients with the same mask of the server will see the
> server
> >>>>>>> on the
> >>>>>>> network with it hostname otherwise you need to access the server by
> >>>>>>> its ip
> >>>>>>> number. I think this is a Windows issue but they have left it in
> this
> >>>>>>> way
> >>>>>>> so we have to live with it.
> >>>>>>>
> >>>>>>> I hope this can help you.
> >>>>>>>
> >>>>>>>    I doubt it.
> >>>>>>>
> >>>>>>>  Rowland
> >>>>>>
> >>>>>>    Carlos
> >>>>>>
> >>>>>>  Santo Domingo, Dominican Republic
> >>>>>>> On 10/17/2012 6:55 AM, Mohammad Ebrahim Abravi wrote:
> >>>>>>>
> >>>>>>>   Hello
> >>>>>>>
> >>>>>>>> samba4 rc3
> >>>>>>>> *s4-ad -> samba server Host name
> >>>>>>>> test.s4.com -> domain name*
> >>>>>>>> *Dns Server -> Samba Internal DNS server , Bind 9.9.1-P2*
> >>>>>>>> *win xp*
> >>>>>>>>
> >>>>>>>> have access to default  share such as sysvol  by dns name (\\
> >>>>>>>> test.s4.com
> >>>>>>>> \sysvol)
> >>>>>>>>
> >>>>>>>> but if  created a share in smb.conf  Only access by IP such as :
> >>>>>>>>
> >>>>>>>> \\test.s4.com\myshare   ->  no  access and ask me for user and
> >>>>>>>> password !
> >>>>>>>> \\192.168.1.6\myshare  ->  access
> >>>>>>>>
> >>>>>>>> If using *s4-ad.test.s4.com* my share accessible !!!
> >>>>>>>>
> >>>>>>>> \\test.s4.com\myshare   ->  no  access !
> >>>>>>>> \\s4-ad.s4.com <http://test.s4.com>\myshare   -> access !
> >>>>>>>>
> >>>>>>>> \\test.s4.com\sysvol   ->  access !
> >>>>>>>> \\*s4-ad* <http://test.s4.com>. <http://test.s4.com>test.s4.****
> >>>>>>>> **com<
> >>>>>>>>
> >>>>>>>> http://test.s4.com>\sysvol
> >>>>>>>>
> >>>>>>>>    ->
> >>>>>>>> access !
> >>>>>>>>
> >>>>>>>> Note:
> >>>>>>>> In *\\test.s4.com* seen all the shared directory, but not
> >>>>>>>> accessible
> >>>>>>>>
> >>>>>>>> in *samba alpha17* no need type *s4-ad*
> >>>>>>>>
> >>>>>>>> what happened ?
> >>>>>>>>
> >>>>>>>> This is  Bug in samba4 rc3 ?
> >>>>>>>>
> >>>>>>>>
> >>>>>>>> Thanks
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>    --
> >>>>>>
> >>>>> To unsubscribe from this list go to the following URL and read the
> >>>>> instructions:  https://lists.samba.org/******mailman/options/samba<
> https://lists.samba.org/****mailman/options/samba>
> >>>>> <https://**lists.samba.org/**mailman/**options/samba<
> https://lists.samba.org/**mailman/options/samba>
> >>>>> >
> >>>>> <https://**lists.samba.org/**mailman/**options/samba<
> http://lists.samba.org/mailman/**options/samba>
> >>>>> <https:**//lists.samba.org/mailman/**options/samba<
> https://lists.samba.org/mailman/options/samba>
> >>>>> >
> >>>>>
> >>>>>   Hello again, how did you provision the samba4 server? Please
> provide
> >>>>>
> >>>> the smb.conf from the samba4 server.
> >>>
> >>> Rowland
> >>>
> >>>
> >>>
> >>> --
> >>> This message has been scanned for viruses and
> >>> dangerous content by MailScanner, and is
> >>> believed to be clean.
> >>>
> >>> --
> >>> To unsubscribe from this list go to the following URL and read the
> >>> instructions:  https://lists.samba.org/****mailman/options/samba<
> https://lists.samba.org/**mailman/options/samba>
> >>> <https://**lists.samba.org/mailman/**options/samba<
> https://lists.samba.org/mailman/options/samba>
> >>> >
> >>>
> >>>
> >>
> >
> > --
> > This message has been scanned for viruses and
> > dangerous content by MailScanner, and is
> > believed to be clean.
> >
> >
>



--


More information about the samba-technical mailing list