[Samba] cannot access samba server from outside domain
Gaiseric Vandal
gaiseric.vandal at gmail.com
Thu Sep 30 12:10:54 MDT 2010
Are the workstations XP, Vista or Win 7?
What happens if you log in to the non-domain workstation using a
username and password that match a valid domain name and password
If you run "testparm -v" on the samba server do you have both ports 139
and 445 open?
Yesterday I was trouble shooting a remote access issue as well.
Windows XP machines in the domain on the LAN have no problem with samba
shares.
A Window 7 user over VPN could only access shares on some samba servers
but not others. I tested over VPN with an XP workstation, I had
trouble with one server until I reenabled 445 by DISABLING the following
line in smb.conf
smb ports = 139
Fixed it for XP, not for Win 7. The logs on the server
(/var/log/samba/the-win7-machine) showed that the user failed with
[2010/09/30 05:01:10, 2] auth/auth.c:320(check_ntlm_password)
check_ntlm_password: Authentication for user [jsmith] -> [jsmith]
FAILED with error NT_STATUS_WRONG_PASSWORD
On 09/30/2010 01:52 PM, Lorenzo Monti wrote:
> Hello everybody --
> can someone please help with this:
>
> win 2008 AD domain controller
> samba 3.2.5 on debian lenny configured as domain member
>
> workstations joined to domain can access samba shares.
> workstations outside domain cannot access shares.
> anytime one tries to connect, popup shows asking for credentials. no
> combination of domain\user + password, user at domain + password or
> whatever will be accepted.
> I have a similar situation in another site with a 2003 AD domain wich
> works flawlessly, configuration files are the same so I guess it can
> be a samba<->2008 AD compatibility issue?
>
> config file follows:
> -----------------------------------
> [global]
> unix charset = UTF8
> display charset = UTF8
>
> netbios name = DEBIAN
> workgroup = ##########
> realm = ##########.LOCAL
>
> encrypt passwords = true
> server string = Samba Server %v
> security = ads
> log level = 1
> syslog = 0
> log file = /var/log/samba/%m.log
> max log size = 500
>
> ldap ssl = no
> winbind separator = +
> winbind uid = 100000-200000
> winbind gid = 100000-200000
> winbind enum users = yes
> winbind enum groups = yes
> winbind use default domain = no
> idmap backend = idmap_rid:##########=100000-200000
> allow trusted domains = no
>
> passdb backend = tdbsam
>
> load printers = no
> printing = bsd
> printcap name = /dev/null
> disable spoolss = yes
>
> passdb expand explicit = no
> os level = 40
> local master = no
> dns proxy = no
>
> template shell = /usr/sbin/nologin
> template homedir = /dev/null
>
> wins support = no
> disable netbios = no
> # wins server = 192.168.1.253
>
> map hidden = yes
> # hide files = /desktop.ini/Thumbs.db/
> nt acl support = no
> dos filemode = yes
> create mask = 0745
> directory mask = 0755
>
> kernel change notify = yes
> kernel oplocks = yes
>
> socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=8192
> SO_RCVBUF=8192
> panic action = /usr/share/samba/panic-action %d
>
More information about the samba
mailing list