[Samba] access my created share in smb.conf Only by Ip

Rowland Penny rpenny at f2s.com
Mon Nov 5 01:51:39 MST 2012 

On 05/11/12 04:54, Mohammad Ebrahim Abravi wrote:
> *samba4 provision line : *
> provision --realm=hum-office.xxx.xx.xx --domain=HUM-Office
> --adminpass='p4$$word' --server-role=dc
>
> *smb.conf :*
> ============================================================================================
> # Global parameters
> [global]
>          workgroup = HUM-OFFICE
>          realm = hum-office.xxx.xx.xx
>          netbios name = HUM-AD
>          server role = active directory domain controller
>          passdb backend = samba4
>
>
> [netlogon]
>          path =
> /usr/local/samba/var/locks/sysvol/hum-office.xxx.xx.xx/scripts
>          read only = No
>
> [sysvol]
>          path = /usr/local/samba/var/locks/sysvol
>          read only = No
>
> [profiles]
>          path =
> /usr/local/samba/var/locks/sysvol/hum-office.xxx.xx.xx/profiles
>          browseable = yes
>          read only = no
>
> [ShareDir]
>          path = /ShareDir
>          read only = No
>          create mask = 0600
>          directory mask = 0700
> ============================================================================================
>
>
> *Bind bind-9.9.1-P2 : *
>
> built with '--with-gssapi=/usr/include/gssapi' '--prefix=/usr'
> '--mandir=/usr/share/man' '--infodir=/usr/share/info'
> '--sysconfdir=/etc/bind' '--localstatedir=/var' '--enable-threads'
> '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static'
> '--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld'
> '--with-geoip=/usr' '--enable-ipv6' 'CFLAGS=-fno-strict-aliasing'
> 'LDFLAGS=-Wl,-Bsymbolic-functions' 'CPPFLAGS=-D_FORTIFY_SOURCE=2'
> '--with-dlz-dlopen=yes' '--with-dlopen=yes'
>
>
>
> ============================ *named.conf*======================================
> include "/etc/bind/named.conf.options";
> include "/usr/local/samba/private/named.conf";
> =============================================================================
>
> =============================
> *named.conf.options*=================================
> options {
>          directory "/var/cache/bind";
> tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab";
>
> allow-recursion  {
> 192.168.25.0/24;127.0.0.1;192.168.113.0/24;192.168.112.0/24;};
> allow-query      {
> 192.168.25.0/24;127.0.0.1;192.168.113.0/24;192.168.112.0/24; };
> allow-query-cache{
> 192.168.25.0/24;127.0.0.1;192.168.113.0/24;192.168.112.0/24;};
>
> forwarders {
>          4.2.2.4
> };
>          dnssec-validation yes;
>
>          auth-nxdomain no;    # conform to RFC1035
>          listen-on-v6 { any; };
> };
> server ::/0 {
>        edns no;
> };
>
> server 0.0.0.0/0 {
>        edns no;
> };
> =============================================================================
>
> On Wed, Oct 31, 2012 at 2:22 PM, Rowland Penny <repenny at f2s.com> wrote:
>
>> Can you please give us your samba4 provision line, a copy of your smb.conf
>> and tell us if bind9 is running on the samba4 server.
>>
>> Without this information, nobody can start to help you sort out your
>> problem.
>>
>> Rowland
>>
>>
>> On 31/10/12 09:56, Mohammad Ebrahim Abravi wrote:
>>
>>> Hello
>>>
>>> Upgrade to samba4 rc4 But this problem not solved !!!!
>>>
>>> On Sat, Oct 20, 2012 at 12:40 PM, Rowland Penny <rpenny at f2s.com> wrote:
>>>
>>>   On 20/10/12 08:20, Mohammad Ebrahim Abravi wrote:
>>>>   Hello
>>>>> use your recommendations , Results:
>>>>>
>>>>> samba4 rc3
>>>>> *s4-ad -> samba server Host name
>>>>> test.s4.com -> domain name*
>>>>> *Dns Server -> Samba Internal DNS server , Bind 9.9.1-P2*
>>>>> *win xp*
>>>>>
>>>>> \\test.s4.com  no  access
>>>>> \\192.168.1.6 ->  no  access
>>>>>
>>>>> \\test.s4.com\myshare   ->  no  access
>>>>> \\192.168.1.6\myshare  ->  no  access
>>>>>
>>>>>
>>>>> *Note*: this options set for change mandatory profile owner to
>>>>>
>>>>> AdministratorS :
>>>>> server services = +smb -s3fs
>>>>> dcerpc endpoint servers = +winreg +srvsvc
>>>>>
>>>>>
>>>>> Thanks
>>>>>
>>>>>
>>>>> On Wed, Oct 17, 2012 at 6:54 PM, Carlos R. Pena Evertsz <
>>>>> carlosrpevertsz at gmail.com> wrote:
>>>>>
>>>>>    Let Mohammad try my recommendations and them we will talk about it.
>>>>>
>>>>>>
>>>>>> On 10/17/2012 9:07 AM, Rowland Penny wrote:
>>>>>>
>>>>>>    On 17/10/12 15:20, Carlos R. Pena Evertsz wrote:
>>>>>>
>>>>>>>    Hi Mohammad,
>>>>>>>
>>>>>>>> I had the same problem like many others,  so I think samba should
>>>>>>>> include a note like mine in their documentation.
>>>>>>>>
>>>>>>>> This is the trick for successfully access the share with the
>>>>>>>> hostname..
>>>>>>>>
>>>>>>>> Be sure you have the following lines in the smb.conf:
>>>>>>>>
>>>>>>>> netbios name = yourhostname
>>>>>>>>
>>>>>>>>    This is set by default
>>>>>>>>
>>>>>>>     wins support = yes
>>>>>>> This turns on the wins server, you should only turn this on if it is
>>>>>>> the
>>>>>>> only one.
>>>>>>>
>>>>>>>
>>>>>>>    Find the "name resolve order" directive and be sure you have it in
>>>>>>> the
>>>>>>>
>>>>>>>> following order.
>>>>>>>>
>>>>>>>> name resolve order = wins lmhosts hosts bcast
>>>>>>>>
>>>>>>>>
>>>>>>>> Add the following line:
>>>>>>>>
>>>>>>>> hosts allow = the host ip / mask
>>>>>>>>
>>>>>>>> Where the host ip is your server ip.
>>>>>>>>                 the mask is the mask you are using in all your windows
>>>>>>>> clients.
>>>>>>>>
>>>>>>>>    If you set it like this, the only machine that will be able to
>>>>>>>> connect
>>>>>>>>
>>>>>>> would be the server itself. It should be, from data supplied,
>>>>>>> 192.168.1.0/255.255.255.0 This would allow any computer on the subnet
>>>>>>> to
>>>>>>> connect.
>>>>>>>
>>>>>>>     This is the most important thing. For example If you have in your
>>>>>>> server
>>>>>>>
>>>>>>>   the mask 255.255.0.0 then all your clients must have the same network
>>>>>>>> mask.
>>>>>>>> Windows clients with the same mask of the server will see the server
>>>>>>>> on the
>>>>>>>> network with it hostname otherwise you need to access the server by
>>>>>>>> its ip
>>>>>>>> number. I think this is a Windows issue but they have left it in this
>>>>>>>> way
>>>>>>>> so we have to live with it.
>>>>>>>>
>>>>>>>> I hope this can help you.
>>>>>>>>
>>>>>>>>     I doubt it.
>>>>>>>>
>>>>>>>>   Rowland
>>>>>>>     Carlos
>>>>>>>
>>>>>>>   Santo Domingo, Dominican Republic
>>>>>>>> On 10/17/2012 6:55 AM, Mohammad Ebrahim Abravi wrote:
>>>>>>>>
>>>>>>>>    Hello
>>>>>>>>
>>>>>>>>> samba4 rc3
>>>>>>>>> *s4-ad -> samba server Host name
>>>>>>>>> test.s4.com -> domain name*
>>>>>>>>> *Dns Server -> Samba Internal DNS server , Bind 9.9.1-P2*
>>>>>>>>> *win xp*
>>>>>>>>>
>>>>>>>>> have access to default  share such as sysvol  by dns name (\\
>>>>>>>>> test.s4.com
>>>>>>>>> \sysvol)
>>>>>>>>>
>>>>>>>>> but if  created a share in smb.conf  Only access by IP such as :
>>>>>>>>>
>>>>>>>>> \\test.s4.com\myshare   ->  no  access and ask me for user and
>>>>>>>>> password !
>>>>>>>>> \\192.168.1.6\myshare  ->  access
>>>>>>>>>
>>>>>>>>> If using *s4-ad.test.s4.com* my share accessible !!!
>>>>>>>>>
>>>>>>>>> \\test.s4.com\myshare   ->  no  access !
>>>>>>>>> \\s4-ad.s4.com <http://test.s4.com>\myshare   -> access !
>>>>>>>>>
>>>>>>>>> \\test.s4.com\sysvol   ->  access !
>>>>>>>>> \\*s4-ad* <http://test.s4.com>. <http://test.s4.com>test.s4.****
>>>>>>>>> **com<
>>>>>>>>>
>>>>>>>>> http://test.s4.com>\sysvol
>>>>>>>>>
>>>>>>>>>     ->
>>>>>>>>> access !
>>>>>>>>>
>>>>>>>>> Note:
>>>>>>>>> In *\\test.s4.com* seen all the shared directory, but not
>>>>>>>>> accessible
>>>>>>>>>
>>>>>>>>> in *samba alpha17* no need type *s4-ad*
>>>>>>>>>
>>>>>>>>> what happened ?
>>>>>>>>>
>>>>>>>>> This is  Bug in samba4 rc3 ?
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Thanks
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>     --
>>>>>> To unsubscribe from this list go to the following URL and read the
>>>>>> instructions:  https://lists.samba.org/******mailman/options/samba<https://lists.samba.org/****mailman/options/samba>
>>>>>> <https://**lists.samba.org/**mailman/**options/samba<https://lists.samba.org/**mailman/options/samba>
>>>>>> <https://**lists.samba.org/**mailman/**options/samba<http://lists.samba.org/mailman/**options/samba>
>>>>>> <https:**//lists.samba.org/mailman/**options/samba<https://lists.samba.org/mailman/options/samba>
>>>>>>    Hello again, how did you provision the samba4 server? Please provide
>>>>>>
>>>>> the smb.conf from the samba4 server.
>>>> Rowland
>>>>
>>>>
>>>>
>>>> --
>>>> This message has been scanned for viruses and
>>>> dangerous content by MailScanner, and is
>>>> believed to be clean.
>>>>
>>>> --
>>>> To unsubscribe from this list go to the following URL and read the
>>>> instructions:  https://lists.samba.org/****mailman/options/samba<https://lists.samba.org/**mailman/options/samba>
>>>> <https://**lists.samba.org/mailman/**options/samba<https://lists.samba.org/mailman/options/samba>
>>>>
>> --
>> This message has been scanned for viruses and
>> dangerous content by MailScanner, and is
>> believed to be clean.
>>
>>
Try re-provisioning with '--dns-backend=BIND9_DLZ' in the line if you 
want to use bind9, I suspect that you are using two nameservers, bind9 & 
the samba4 internal one.
If you do not want to re-provision, search this list, there is a way of 
turning the internal dns off, but I cannot remember just how to.

Rowland

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the samba mailing list