[Samba] The specified network name is no longer available
Jay Libove
libove at felines.org
Thu Jul 24 21:26:24 GMT 2008
Thanks for the suggestion Andrew. I gave it a try - no difference in my
case, unfortunately.
(My client is Windows XP SP3, by the way).
Anyone, any other ideas?
Thanks!
Jay
-----Original Message-----
From: Colb, Andrew [mailto:andy at ici.org]
Sent: Thursday, July 24, 2008 4:32 PM
To: Jay Libove; samba at lists.samba.org
Subject: RE: [Samba] The specified network name is no longer available
Jay,
We had to remove our "valid users" stanza for our windows 2000 desktops
to authenticate correctly with Samba 3. (Samba 3.0.28 on Solaris 10/64;
Win2k3/64 DCs; Winbind; Kerberos)
The "valid users" stanza apparently works fine for us on Samba 3.0.28
with Vista but not with Win2000 desktop
Conversely, the "valid users" stanza works fine for us on Samba 2.x with
Win2000 desktop
We're in the midst of sorting out the whys and wherefores now that users
have their files back.
Andy
-----Original Message-----
From: samba-bounces+acolb=ici.org at lists.samba.org
[mailto:samba-bounces+acolb=ici.org at lists.samba.org] On Behalf Of Jay
Libove
Sent: Thursday, July 24, 2008 3:26 PM
To: samba at lists.samba.org
Subject: [Samba] The specified network name is no longer available
Hello Samba people,
I have been successfully using Samba for several years, across many
minor versions of Samba across many minor versions of Linux kernel 2.4.x
and 2.6.x, against a Windows 2000 and then in the past couple of years
2003 AD Domain. This morning, something broke...
Setting the stage:
RedHat Fedora based Linux box, FC8, updated over time using 'yum
update'..., current kernel is 2.6.25.10-47.fc8 (released just a few days
ago).
Samba packages:
samba-common-3.0.30-0.fc8
samba-client-3.0.30-0.fc8
samba-3.0.30-0.fc8
/etc/samba/smb.conf key configuration lines: (just ask if I've left out
any important ones, please)
workgroup = FELINESAD2
netbios name = PANTHER8
realm = ad2.felines.org
password server = reset6.ad2.felines.org
client use spnego = yes
all trusted domains = yes
security = ADS
encrypt passwords = yes
local master = no
domain master = no
preferred master = no
domain logons = no
wins support = no
wins proxy = no
dns proxy = no
map to guest = never
null passwords = no
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
template shell = /bin/false
winbind use default domain = no
[homes]
browseable = no
writable = yes
public = no
valid users = libove, libove at ad2.felines.org
available = yes
In short, it should talk only secure Kerberos protocols and rely on my
Domain Controller reset6.ad2.felines.org (the DC for my FELINESAD2 /
ad2.felines.org Win2K3 Domain) for authentication.
The one actual home share is "libove", which lives on the Linux box at
/home/libove
This all used to work just fine. Today, it doesn't anymore. Example:
C:\>net use h: \\panther8.ad2.felines.org\libove
System error 64 has occurred.
The specified network name is no longer available.
Note that this is different from the common case I found in searching
the net for the "... no longer available" error message. That common
case was where connecting to the network share worked fine, but large
transfers broke in the middle. My case is that I can no longer connect
to the network shares on the Samba server at all.
What has changed recently?
The aforementioned kernel upgrade, care of "yum update" a couple of days
ago.
And Domain default Policy updates I also made a few days ago, to turn on
stronger security of Windows SMB / CIFS requests such as always signing
and encrypting:
Domain Member: Digitally encrypt of sign secure channel data (always) -
Enabled
Domain Member: Require strong (Windows 2000 or later) session key -
Enabled
Microsoft network client: Digitally sign communications (always) -
Enabled
Microsoft network client: Send unencrypted password to third-party SMB
servers - Disabled
Microsoft network client: Digitally sign communications (always) -
Enabled
Network access: Allow anonymous SID/Name translation - Disabled
Network access: Do not allow anonymous enumeration of SAM accounts -
Enabled
Network access: Do not allow anonymous enumeration of SAM accounts and
shares - Enabled
Network access: Let Everyone permissions apply to anonymous users -
Disabled
Network security: Do not store LAN Manager hash value on next password
change - Enabled
Network security: LAN Manager authentication level - Send NTLMv2
response only, and refuse LM & NTLM
Network security: Minimum session security for NTLM SSP based (including
secure RPC) clients -
Require message integrity
Require message confidentiality
Require NTLMv2 session security
Require 128-bit encryption
Network security: Minimum session security for NTLM SSP based (including
secure RPC) servers -
Require message integrity
Require message confidentiality
Require NTLMv2 session security
Require 128-bit encryption
The /var/log/samba/log.smb, log.<clientname>, and log.<clientIPaddress>
subsets [ at debug level 3 ] from a session demonstrating the error
message above are posted at my web site at
http://www.felines.org/Samba_logs.txt because they are too large to
include in an email to the Samba mailing list.
With apologies for asking for your help before I change back these
things, reboot everything, and see if the problem goes away... does any
of this ring any bells, has anyone experienced this before and just
right away knows the answer?
Thanks for your help,
Jay Libove, CISSP, CIPP
Atlanta, GA, US and Barcelona, Spain
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
More information about the samba
mailing list