[Samba] Strange winbind behavior with netbios name, perfect with
ip address
Martin Zielinski
mz at seh.de
Mon Jul 11 09:02:23 GMT 2005
Hi!
Please verify, that in both cases kerberos authentication is used.
I'm not shure, if this the reason on your case, but maybe it's worth a
look - as I found completly different behaviour, when using ip-addresses
or hostnames to access a member server:
When joining the AD domain, a ticket with the hostname of the Samba
machine is created on the AD-Server.
When you connect to the server via \\ip-address\sharename, the client
tries to receive a ticket for a server with the name "ip-address (e.g.
192.168.3.188)".
The server does not have a ticket for this name (only for the hostname)
and returns a "have no ticket for this" error to the client.
Now your client tries the next method: NTLM, which might succeed.
In the other case, the AD-Server might pass your client a ticket, which
fails to be used for some reason. In this case, your client cannot get
its required access rights.
I've had cases where AD was completly broken - but I didn't recongize it
because I allways used \\ip-address\ to connect to the server.
Bye,
Martin
Hamish wrote:
> Hi all
> This is a bit of a continuation of an old thread, which I have had no joy in
> fixing. We have a samba server authenticating against a W2k3 server in
> security = ADS mode.
>
> If there is a file in a share, owned by user."domain users" and chmod 700, it
> would normally be ONLY readable by that user.
>
> This is true only if the user goes to \\ip.add.of.srv\share - if he goes to
> \\servername\share, he cannot read the file.
>
> If the user goes to \\servername\share and creates a file, it is owned by him,
> so the server can distinguish the username.
>
> If i set the permissions g+r on the file, then the user can see the file just
> fine. Unfortunately so can anyone in "domain users" - this is not good for
> files which need to be readable only for the user.
>
> I am completely stumped, can anyone shed any light on this?
>
> Setup:
> SuSE Linux 9.0 (i586)
> samba Version 3.0.14a-SUSE
> winbindd Version 3.0.14a-SUSE
>
> Cheers,
> Hamish
>
--
Martin Zielinski mz at seh.de
Software Development
SEH Computertechnik GmbH www.seh.de
More information about the samba
mailing list