[Samba] cannot access samba server from outside domain

Gaiseric Vandal gaiseric.vandal at gmail.com
Thu Sep 30 12:10:54 MDT 2010 

Are the workstations XP, Vista or Win 7?

What happens if you log in to the non-domain workstation using a 
username and password that match a valid domain name and password

If you run "testparm -v" on the samba server do you have both ports 139 
and 445 open?

Yesterday I was trouble shooting a remote access issue as well.   
Windows XP machines in the domain on the LAN have no problem with samba 
shares.

A Window 7 user over VPN  could only access shares on some samba servers 
but not others.   I tested over VPN with an XP workstation, I had 
trouble with one server until I reenabled 445 by DISABLING the following 
line in smb.conf

     smb ports = 139


Fixed it for XP, not for Win 7.  The logs on the server 
(/var/log/samba/the-win7-machine) showed that the user failed with

[2010/09/30 05:01:10,  2] auth/auth.c:320(check_ntlm_password)
   check_ntlm_password:  Authentication for user [jsmith] -> [jsmith] 
FAILED with error NT_STATUS_WRONG_PASSWORD







On 09/30/2010 01:52 PM, Lorenzo Monti wrote:
> Hello everybody --
> can someone please help with this:
>
> win 2008 AD domain controller
> samba 3.2.5 on debian lenny configured as domain member
>
> workstations joined to domain can access samba shares.
> workstations outside domain cannot access shares.
> anytime one tries to connect, popup shows asking for credentials. no
> combination of domain\user + password, user at domain + password or
> whatever will be accepted.
> I have a similar situation in another site with a 2003 AD domain wich
> works flawlessly, configuration files are the same so I guess it can
> be a samba<->2008 AD compatibility issue?
>
> config file follows:
> -----------------------------------
> [global]
>          unix charset = UTF8
>          display charset = UTF8
>
>          netbios name = DEBIAN
>          workgroup = ##########
>          realm = ##########.LOCAL
>
>          encrypt passwords = true
>          server string = Samba Server %v
>          security = ads
>          log level = 1
>          syslog = 0
>          log file = /var/log/samba/%m.log
>          max log size = 500
>
>          ldap ssl = no
>          winbind separator = +
>          winbind uid = 100000-200000
>          winbind gid = 100000-200000
>          winbind enum users = yes
>          winbind enum groups = yes
>          winbind use default domain = no
>          idmap backend = idmap_rid:##########=100000-200000
>          allow trusted domains = no
>
>          passdb backend = tdbsam
>
>          load printers = no
>          printing = bsd
>          printcap name = /dev/null
>          disable spoolss = yes
>
>          passdb expand explicit = no
>          os level = 40
>          local master = no
>          dns proxy = no
>
>          template shell = /usr/sbin/nologin
>          template homedir = /dev/null
>
>          wins support = no
>          disable netbios = no
> #       wins server = 192.168.1.253
>
>          map hidden = yes
> #       hide files = /desktop.ini/Thumbs.db/
>          nt acl support = no
>          dos filemode = yes
>          create mask = 0745
>          directory mask = 0755
>
>          kernel change notify = yes
>          kernel oplocks = yes
>
>          socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=8192
> SO_RCVBUF=8192
>          panic action = /usr/share/samba/panic-action %d
>

More information about the samba mailing list