[Samba] suddenly unable to mount shares with hostname
Rowland Penny
rpenny at samba.org
Wed Nov 9 18:21:12 UTC 2016
On Wed, 9 Nov 2016 10:15:35 -0800
Herb Lewis via samba <samba at lists.samba.org> wrote:
> I would guess that it is some kind of Kerberos issue since mounting
> by IP does
> not use Kerberos authentication
>
> https://support.microsoft.com/en-ca/kb/322979
>
> On 11/09/2016 08:46 AM, Andreas Oster via samba wrote:
> > Hello all,
> >
> > my name is Andreas and today I have run into a problem which I am
> > not able to fix by myself.
> >
> > In our company we have a samba file server (Version 4.3.11-Ubuntu)
> > which till doday did work without any problems. Unfortunately this
> > is not the case anymore. Since today we are no longer able to mount
> > network shares on this serverusing the servers dns hostname. The
> > server complains about wrong username or password. Using the same
> > credentials but using the hosts IP address instead of the DNS name
> > does still work.
> > The DNS hostname is resolvable. This server is a member server in a
> > domain (samba-ad-dc).
> >
> > Does anyone have an idea what could be the problem ?
> >
> > here a part of the current smb.conf (real domain name replaced):
> >
> > [global]
> > workgroup = EXAMPLE
> > realm = EXAMPLE.LOC
> > server string = Samba Server %v
> > interfaces = 127.0.0.0/8 eth0
> > bind interfaces only = Yes
> > server role = member server
> > security = ADS
> > map to guest = Bad User
> > obey pam restrictions = Yes
> > log file = /var/log/samba/log.%m
> > max log size = 1000
> > max xmit = 65535
> > printcap name = cups
> > os level = 65
> > preferred master = Yes
> > domain master = No
> > dns proxy = No
> > panic action = /usr/share/samba/panic-action %d
> > template homedir = /iSCSI/homes/%U
> > template shell = /bin/bash
> > winbind enum users = Yes
> > winbind enum groups = Yes
> > winbind use default domain = Yes
> > winbind refresh tickets = Yes
> > idmap config EXAMPLE:backend = rid
> > idmap config EXAMPLE:range = 10000-20000
> > idmap config *:range = 10000-20000
> > idmap config * : backend = tdb
> > map acl inherit = Yes
> > store dos attributes = Yes
> > vfs objects = acl_xattr
> >
> >
> > [homes]
> > comment = Home Directories
> > valid users = %S
> > write list = %S +EXAMPLE\Domain-Admins
> > force group = "EXAMPLE\Domain-Users"
> > group = "EXAMPLE\Domain-Users"
> > create mask = 0750
> > directory mask = 0750
> > directory mode = 0750
> > browseable = No
> >
> > [Temporary]
> > comment = Temporary auf EXAMPLELX09
> > path = /iSCSI/shares/temporary
> > admin users = @EXAMPLE\Domain-Admins
> > read only = No
> >
> >
> > [Applications]
> > comment = Application auf EXAMPLELX09
> > path = /iSCSI/shares/applications
> > admin users = @EXAMPLE\Domain-Admins
> > read only = No
> >
> >
> > Thank you for your kind help
> >
> > best regards
> > Andreas
> >
> >
>
>
What have you got in /etc/krb5.conf ?
Has /etc/resolv.conf changed ?
I would also look at this:
idmap config EXAMPLE:range = 10000-20000
idmap config *:range = 10000-20000
The ranges are not supposed to overlap, yours are exactly the same.
Rowland
More information about the samba
mailing list