[Samba] suddenly unable to mount shares with hostname
Andreas Oster
aoster at novanetwork.de
Wed Nov 9 17:30:38 UTC 2016
Am 09.11.2016 um 19:21 schrieb Rowland Penny via samba:
> On Wed, 9 Nov 2016 10:15:35 -0800
> Herb Lewis via samba <samba at lists.samba.org> wrote:
>
>> I would guess that it is some kind of Kerberos issue since mounting
>> by IP does
>> not use Kerberos authentication
>>
>> https://support.microsoft.com/en-ca/kb/322979
>>
>> On 11/09/2016 08:46 AM, Andreas Oster via samba wrote:
>>> Hello all,
>>>
>>> my name is Andreas and today I have run into a problem which I am
>>> not able to fix by myself.
>>>
>>> In our company we have a samba file server (Version 4.3.11-Ubuntu)
>>> which till doday did work without any problems. Unfortunately this
>>> is not the case anymore. Since today we are no longer able to mount
>>> network shares on this serverusing the servers dns hostname. The
>>> server complains about wrong username or password. Using the same
>>> credentials but using the hosts IP address instead of the DNS name
>>> does still work.
>>> The DNS hostname is resolvable. This server is a member server in a
>>> domain (samba-ad-dc).
>>>
>>> Does anyone have an idea what could be the problem ?
>>>
>>> here a part of the current smb.conf (real domain name replaced):
>>>
>>> [global]
>>> workgroup = EXAMPLE
>>> realm = EXAMPLE.LOC
>>> server string = Samba Server %v
>>> interfaces = 127.0.0.0/8 eth0
>>> bind interfaces only = Yes
>>> server role = member server
>>> security = ADS
>>> map to guest = Bad User
>>> obey pam restrictions = Yes
>>> log file = /var/log/samba/log.%m
>>> max log size = 1000
>>> max xmit = 65535
>>> printcap name = cups
>>> os level = 65
>>> preferred master = Yes
>>> domain master = No
>>> dns proxy = No
>>> panic action = /usr/share/samba/panic-action %d
>>> template homedir = /iSCSI/homes/%U
>>> template shell = /bin/bash
>>> winbind enum users = Yes
>>> winbind enum groups = Yes
>>> winbind use default domain = Yes
>>> winbind refresh tickets = Yes
>>> idmap config EXAMPLE:backend = rid
>>> idmap config EXAMPLE:range = 10000-20000
>>> idmap config *:range = 10000-20000
>>> idmap config * : backend = tdb
>>> map acl inherit = Yes
>>> store dos attributes = Yes
>>> vfs objects = acl_xattr
>>>
>>>
>>> [homes]
>>> comment = Home Directories
>>> valid users = %S
>>> write list = %S +EXAMPLE\Domain-Admins
>>> force group = "EXAMPLE\Domain-Users"
>>> group = "EXAMPLE\Domain-Users"
>>> create mask = 0750
>>> directory mask = 0750
>>> directory mode = 0750
>>> browseable = No
>>>
>>> [Temporary]
>>> comment = Temporary auf EXAMPLELX09
>>> path = /iSCSI/shares/temporary
>>> admin users = @EXAMPLE\Domain-Admins
>>> read only = No
>>>
>>>
>>> [Applications]
>>> comment = Application auf EXAMPLELX09
>>> path = /iSCSI/shares/applications
>>> admin users = @EXAMPLE\Domain-Admins
>>> read only = No
>>>
>>>
>>> Thank you for your kind help
>>>
>>> best regards
>>> Andreas
>>>
>>>
>>
>>
>
> What have you got in /etc/krb5.conf ?
> Has /etc/resolv.conf changed ?
>
> I would also look at this:
>
> idmap config EXAMPLE:range = 10000-20000
> idmap config *:range = 10000-20000
>
> The ranges are not supposed to overlap, yours are exactly the same.
>
> Rowland
>
Hello Herb,
thank you very much for your fast response. Do you know how to check/fix
this ?
best regards
Andreas
More information about the samba
mailing list