[Samba] suddenly unable to mount shares with hostname

Andreas Oster aoster at novanetwork.de
Wed Nov 9 17:30:38 UTC 2016 

Am 09.11.2016 um 19:21 schrieb Rowland Penny via samba:
> On Wed, 9 Nov 2016 10:15:35 -0800
> Herb Lewis via samba <samba at lists.samba.org> wrote:
>
>> I would guess that it is some kind of Kerberos issue since mounting
>> by IP does
>> not use Kerberos authentication
>>
>> https://support.microsoft.com/en-ca/kb/322979
>>
>> On 11/09/2016 08:46 AM, Andreas Oster via samba wrote:
>>> Hello all,
>>>
>>> my name is Andreas and today I have run into a problem which I am
>>> not able to fix by myself.
>>>
>>> In our company we have a samba file server (Version 4.3.11-Ubuntu)
>>> which till doday did work without any problems. Unfortunately this
>>> is not the case anymore. Since today we are no longer able to mount
>>> network shares on this serverusing the servers dns hostname. The
>>> server complains about wrong username or password. Using the same
>>> credentials but using the hosts IP address instead of the DNS name
>>> does still work.
>>> The DNS hostname is resolvable. This server is a member server in a
>>> domain (samba-ad-dc).
>>>
>>> Does anyone have an idea what could be the problem ?
>>>
>>> here a part of the current smb.conf (real domain name replaced):
>>>
>>> [global]
>>>         workgroup = EXAMPLE
>>>         realm = EXAMPLE.LOC
>>>         server string = Samba Server %v
>>>         interfaces = 127.0.0.0/8 eth0
>>>         bind interfaces only = Yes
>>>         server role = member server
>>>         security = ADS
>>>         map to guest = Bad User
>>>         obey pam restrictions = Yes
>>>         log file = /var/log/samba/log.%m
>>>         max log size = 1000
>>>         max xmit = 65535
>>>         printcap name = cups
>>>         os level = 65
>>>         preferred master = Yes
>>>         domain master = No
>>>         dns proxy = No
>>>         panic action = /usr/share/samba/panic-action %d
>>>         template homedir = /iSCSI/homes/%U
>>>         template shell = /bin/bash
>>>         winbind enum users = Yes
>>>         winbind enum groups = Yes
>>>         winbind use default domain = Yes
>>>         winbind refresh tickets = Yes
>>>         idmap config EXAMPLE:backend = rid
>>>         idmap config EXAMPLE:range = 10000-20000
>>>         idmap config *:range = 10000-20000
>>>         idmap config * : backend = tdb
>>>         map acl inherit = Yes
>>>         store dos attributes = Yes
>>>         vfs objects = acl_xattr
>>>
>>>
>>> [homes]
>>>         comment = Home Directories
>>>         valid users = %S
>>>         write list = %S +EXAMPLE\Domain-Admins
>>>         force group = "EXAMPLE\Domain-Users"
>>>         group = "EXAMPLE\Domain-Users"
>>>         create mask = 0750
>>>         directory mask = 0750
>>>         directory mode = 0750
>>>         browseable = No
>>>
>>> [Temporary]
>>>         comment = Temporary auf EXAMPLELX09
>>>         path = /iSCSI/shares/temporary
>>>         admin users = @EXAMPLE\Domain-Admins
>>>         read only = No
>>>
>>>
>>> [Applications]
>>>         comment = Application auf EXAMPLELX09
>>>         path = /iSCSI/shares/applications
>>>         admin users = @EXAMPLE\Domain-Admins
>>>         read only = No
>>>
>>>
>>> Thank you for your kind help
>>>
>>> best regards
>>> Andreas
>>>
>>>
>>
>>
>
> What have you got in /etc/krb5.conf ?
> Has /etc/resolv.conf changed ?
>
> I would also look at this:
>
>           idmap config EXAMPLE:range = 10000-20000
>          idmap config *:range = 10000-20000
>
> The ranges are not supposed to overlap, yours are exactly the same.
>
> Rowland
>

Hello Herb,

thank you very much for your fast response. Do you know how to check/fix 
this ?


best regards
Andreas

More information about the samba mailing list