[Samba] suddenly unable to mount shares with hostname

Herb Lewis hlewis at panasas.com
Wed Nov 9 18:15:35 UTC 2016 

I would guess that it is some kind of Kerberos issue since mounting by 
IP does
not use Kerberos authentication

https://support.microsoft.com/en-ca/kb/322979

On 11/09/2016 08:46 AM, Andreas Oster via samba wrote:
> Hello all,
>
> my name is Andreas and today I have run into a problem which I am not 
> able to fix by myself.
>
> In our company we have a samba file server (Version 4.3.11-Ubuntu) 
> which till doday did work without any problems. Unfortunately this is 
> not the case anymore. Since today we are no longer able to mount 
> network shares on this serverusing the servers dns hostname. The 
> server complains about wrong username or password. Using the same 
> credentials but using the hosts IP address instead of the DNS name 
> does still work.
> The DNS hostname is resolvable. This server is a member server in a 
> domain (samba-ad-dc).
>
> Does anyone have an idea what could be the problem ?
>
> here a part of the current smb.conf (real domain name replaced):
>
> [global]
>         workgroup = EXAMPLE
>         realm = EXAMPLE.LOC
>         server string = Samba Server %v
>         interfaces = 127.0.0.0/8 eth0
>         bind interfaces only = Yes
>         server role = member server
>         security = ADS
>         map to guest = Bad User
>         obey pam restrictions = Yes
>         log file = /var/log/samba/log.%m
>         max log size = 1000
>         max xmit = 65535
>         printcap name = cups
>         os level = 65
>         preferred master = Yes
>         domain master = No
>         dns proxy = No
>         panic action = /usr/share/samba/panic-action %d
>         template homedir = /iSCSI/homes/%U
>         template shell = /bin/bash
>         winbind enum users = Yes
>         winbind enum groups = Yes
>         winbind use default domain = Yes
>         winbind refresh tickets = Yes
>         idmap config EXAMPLE:backend = rid
>         idmap config EXAMPLE:range = 10000-20000
>         idmap config *:range = 10000-20000
>         idmap config * : backend = tdb
>         map acl inherit = Yes
>         store dos attributes = Yes
>         vfs objects = acl_xattr
>
>
> [homes]
>         comment = Home Directories
>         valid users = %S
>         write list = %S +EXAMPLE\Domain-Admins
>         force group = "EXAMPLE\Domain-Users"
>         group = "EXAMPLE\Domain-Users"
>         create mask = 0750
>         directory mask = 0750
>         directory mode = 0750
>         browseable = No
>
> [Temporary]
>         comment = Temporary auf EXAMPLELX09
>         path = /iSCSI/shares/temporary
>         admin users = @EXAMPLE\Domain-Admins
>         read only = No
>
>
> [Applications]
>         comment = Application auf EXAMPLELX09
>         path = /iSCSI/shares/applications
>         admin users = @EXAMPLE\Domain-Admins
>         read only = No
>
>
> Thank you for your kind help
>
> best regards
> Andreas
>
>

More information about the samba mailing list