[Samba] suddenly unable to mount shares with hostname

Rowland Penny rpenny at samba.org
Wed Nov 9 18:21:12 UTC 2016


On Wed, 9 Nov 2016 10:15:35 -0800
Herb Lewis via samba <samba at lists.samba.org> wrote:

> I would guess that it is some kind of Kerberos issue since mounting
> by IP does
> not use Kerberos authentication
> 
> https://support.microsoft.com/en-ca/kb/322979
> 
> On 11/09/2016 08:46 AM, Andreas Oster via samba wrote:
> > Hello all,
> >
> > my name is Andreas and today I have run into a problem which I am
> > not able to fix by myself.
> >
> > In our company we have a samba file server (Version 4.3.11-Ubuntu) 
> > which till doday did work without any problems. Unfortunately this
> > is not the case anymore. Since today we are no longer able to mount 
> > network shares on this serverusing the servers dns hostname. The 
> > server complains about wrong username or password. Using the same 
> > credentials but using the hosts IP address instead of the DNS name 
> > does still work.
> > The DNS hostname is resolvable. This server is a member server in a 
> > domain (samba-ad-dc).
> >
> > Does anyone have an idea what could be the problem ?
> >
> > here a part of the current smb.conf (real domain name replaced):
> >
> > [global]
> >         workgroup = EXAMPLE
> >         realm = EXAMPLE.LOC
> >         server string = Samba Server %v
> >         interfaces = 127.0.0.0/8 eth0
> >         bind interfaces only = Yes
> >         server role = member server
> >         security = ADS
> >         map to guest = Bad User
> >         obey pam restrictions = Yes
> >         log file = /var/log/samba/log.%m
> >         max log size = 1000
> >         max xmit = 65535
> >         printcap name = cups
> >         os level = 65
> >         preferred master = Yes
> >         domain master = No
> >         dns proxy = No
> >         panic action = /usr/share/samba/panic-action %d
> >         template homedir = /iSCSI/homes/%U
> >         template shell = /bin/bash
> >         winbind enum users = Yes
> >         winbind enum groups = Yes
> >         winbind use default domain = Yes
> >         winbind refresh tickets = Yes
> >         idmap config EXAMPLE:backend = rid
> >         idmap config EXAMPLE:range = 10000-20000
> >         idmap config *:range = 10000-20000
> >         idmap config * : backend = tdb
> >         map acl inherit = Yes
> >         store dos attributes = Yes
> >         vfs objects = acl_xattr
> >
> >
> > [homes]
> >         comment = Home Directories
> >         valid users = %S
> >         write list = %S +EXAMPLE\Domain-Admins
> >         force group = "EXAMPLE\Domain-Users"
> >         group = "EXAMPLE\Domain-Users"
> >         create mask = 0750
> >         directory mask = 0750
> >         directory mode = 0750
> >         browseable = No
> >
> > [Temporary]
> >         comment = Temporary auf EXAMPLELX09
> >         path = /iSCSI/shares/temporary
> >         admin users = @EXAMPLE\Domain-Admins
> >         read only = No
> >
> >
> > [Applications]
> >         comment = Application auf EXAMPLELX09
> >         path = /iSCSI/shares/applications
> >         admin users = @EXAMPLE\Domain-Admins
> >         read only = No
> >
> >
> > Thank you for your kind help
> >
> > best regards
> > Andreas
> >
> >
> 
> 

What have you got in /etc/krb5.conf ?
Has /etc/resolv.conf changed ?

I would also look at this:

          idmap config EXAMPLE:range = 10000-20000
         idmap config *:range = 10000-20000

The ranges are not supposed to overlap, yours are exactly the same.

Rowland



More information about the samba mailing list