[Samba] Strange issue with share access on domain controllers

L.P.H. van Belle belle at bazuin.nl
Mon Jul 13 14:53:45 UTC 2015 

Make sure you use the new GPO policies. 
Looks like the problem "[Samba] Windows 10 in Samba 3 domain: netlogon share access denied"

Its not only for windows 10, also 7 and 8.x 

Solution: GPEDIT.MSC -> Computer -> Administrative templates -> Network 
-> Networkprovider -> Hardened UNC Paths

Added

\\foo.lan\netlogon and Value:  
RequireMutualAuthentication=0,RequireIntegrity=0,RequirePrivacy=0

also added this for \\dc1\... and \\dc1.e2c.lan\... works :)


 

>-----Oorspronkelijk bericht-----
>Van: samba [mailto:samba-bounces at lists.samba.org] Namens Zerwes, Klaus
>Verzonden: maandag 13 juli 2015 15:53
>Aan: Sébastien Le Ray; Samba Mailing List
>Onderwerp: Re: [Samba] Strange issue with share access on 
>domain controllers
>
>set
>
>netbios aliases = 
>
>in the global section of smb.conf
>
>Good luck
>
>Klaus
>
>Klaus Zerwes
>Rosa Luxemburg Stiftung | IT-Auslandskoordinator
>Franz-Mehring-Platz 1   | 10243 Berlin
>
>Tel. +49 30 44310-555   | Fax +49 30 44310-182
>zerwes at rosalux.de       | www.rosalux.de
>
>________________________________________
>Von: samba [samba-bounces at lists.samba.org]" im Auftrag 
>von "Sébastien Le Ray [sebastien-samba at orniz.org]
>Gesendet: Sonntag, 12. Juli 2015 18:41
>An: Samba Mailing List
>Betreff: [Samba] Strange issue with share access on domain controllers
>
>Hi list,
>
>I've a strange issue with Windows 7 (also occurs on 8.1) when accessing
>shares on domain controllers. If I use IP address or in-domain FQDN
>(server.domain.name), all is right. If I use another DNS entry pointing
>to the same IP, share access fails with following message (translated
>from french) :
>\\somehost.somsuffix\someshare is not accessible. [?]  Invalid 
>parameter
>
>Issue occurs on both sysvol, netlogon and custom shares (yes evil not
>the point)
>
>Log does not seem to contain anything relevant, last line 
>before failure
>is [CLIENT IP] (ipv4:[Client IP]:49296) connect to service [share]
>initially as user [DOMAIN\User] (uid=[uid], gid=[main gid]) (pid 15374)
>
>Issue occurs on all tested machines, with different account names, on
>(at least) two differrent DC. Access is fine from smbclient no 
>matter if
>I use IP, domain FQDN or alternate FQDN.
>
>smb.conf snipped (sysvol & netlogon are default provisioned ones)
>
>[global]
>         workgroup = SOMEDOM
>         realm = somedom.fdqdn
>         netbios name = SOMEDC
>         server string = AD DC SOMEDC
>         server role = active directory domain controller
>
>         idmap_ldb:use rfc2307 = yes
>
>         interfaces = someIP/24
>         bind interfaces only = Yes
>
>         template shell = /bin/false
>         template homedir = /data/homes/%ACCOUNTNAME%
>
>         dns forwarder = 127.0.0.1
>
>
>
>Regards,
>
>Sébastien
>
>--
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba
>
>-- 
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba
>
>

More information about the samba mailing list