[Samba] Shares not accessible when using FQDN

Gaetan SLONGO gslongo at it-optics.com
Tue Aug 29 09:47:17 UTC 2017 

Hi guys, 


Thank you for your answer. Meanwhile I have new informations, the problem also happen on a workstation in the domain. 
This should not be a DNS issue. I validated that and I can authenticate and list shares. Just cannot enter into them when i'm using the FQDN o_O 


Note : It works well on Linux clients. 


Here is the Samba config file : 


Thank you ! 



# Global parameters 
[global] 
netbios name = MOE 
realm = ADS.DOMAIN.BE 
workgroup = DOMAIN 
netbios alias = CLUSTER 
server role = active directory domain controller 
kerberos method = secrets and keytab 
idmap_ldb:use rfc2307 = yes 
winbind use default domain = false 
winbind offline logon = false 
template shell = /bin/bash 
template homedir = /home/%u 
ntlm auth = yes 
log level = 4 




[netlogon] 
path = /var/lib/samba/sysvol/ads.DOMAIN.be/scripts 
read only = Yes 
browsable = no 


[sysvol] 
path = /var/lib/samba/sysvol 
read only = Yes 
browsable = no 




[software] 
comment = Installed productlines 
path = /opt/DOMAIN/actran_product 
read only = Yes 
create mask = 0660 
directory mask = 0770 
guest ok = No 


[license] 
comment = license 
path = /opt/licenses/msctwo 
read only = yes 
guest ok = No 




[homes] 
comment = Home Directories 
;;valid users = root @smbusers 
browseable = no 
read only = No 
;create mask = 0640 ; Changé à la demande d'Eloi 
create mask = 0600 
;directory mask = 0750 ; Changé à la demande d'Eloi 
directory mask = 0700 
guest ok = no 
printable = no 
veto files = 
hide dot files = no 


----- Mail original -----

De: "Rowland Penny via samba" <samba at lists.samba.org> 
À: samba at lists.samba.org 
Envoyé: Mardi 29 Août 2017 11:31:37 
Objet : Re: [Samba] Shares not accessible when using FQDN 

On Tue, 29 Aug 2017 11:16:12 +0200 (CEST) 
Gaetan SLONGO via samba <samba at lists.samba.org> wrote: 

> 
> 
> Hi, 
> 
> 
> I'm facing to an issue where I cannot find solution. 
> 
> 
> Here is the test case : 
> 
> 
> 
> 
> * Samba 4.7, multi-server setup (multiple DC) 
> * Windows 7 and Windows 10 client (not domain member) 
> * Shares can be listed but no access to them in some case 
> 
> 
> 
> From my workstation if I access to \\myserver.domain\myshare I get an 
> error like "//UNC// is not accessible . you might nit have 
> permissions ... bla bla ... The parameter is incorrect" 
> 
> 
> On my samba server we can see the log below (at the end of that 
> mail). 
> 
> 
> However, it works when I do not append domain name to the UNC : 
> \\myserver\myshare ... Even more strange, it works on some 
> workstations but not all.. Client clients are OK. 
> 
> 
> Do you have any idea ?!? 
> 
> 
> 
> 
> 
> ==> /var/log/samba/log.smbd <== 
> [2017/08/29 10:59:55.925684, 
> 4] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - 
> already user [2017/08/29 10:59:55.925776, 
> 3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex) 
> smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] 
> status[NT_STATUS_INVALID_PARAMETER] || 
> at ../source3/smbd/smb2_ioctl.c:309 [2017/08/29 10:59:55.926835, 
> 4] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - 
> already user [2017/08/29 10:59:55.926892, 
> 3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex) 
> smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] 
> status[NT_STATUS_INVALID_PARAMETER] || 
> at ../source3/smbd/smb2_ioctl.c:309 [2017/08/29 10:59:56.088688, 
> 4] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - 
> already user [2017/08/29 10:59:56.088746, 
> 3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex) 
> smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] 
> status[NT_STATUS_INVALID_PARAMETER] || 
> at ../source3/smbd/smb2_ioctl.c:309 [2017/08/29 10:59:56.098659, 
> 4] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - 
> already user [2017/08/29 10:59:56.098717, 
> 3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex) 
> smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] 
> status[NT_STATUS_INVALID_PARAMETER] || 
> at ../source3/smbd/smb2_ioctl.c:309 [2017/08/29 10:59:56.104899, 
> 4] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - 
> already user [2017/08/29 10:59:56.104957, 
> 3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex) 
> smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] 
> status[NT_STATUS_INVALID_PARAMETER] || 
> at ../source3/smbd/smb2_ioctl.c:309 [2017/08/29 10:59:56.105755, 
> 4] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - 
> already user [2017/08/29 10:59:56.105811, 
> 3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex) 
> smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] 
> status[NT_STATUS_INVALID_PARAMETER] || 
> at ../source3/smbd/smb2_ioctl.c:309 [2017/08/29 10:59:56.106671, 
> 4] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - 
> already user [2017/08/29 10:59:56.106727, 
> 3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex) 
> smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] 
> status[NT_STATUS_INVALID_PARAMETER] || 
> at ../source3/smbd/smb2_ioctl.c:309 [2017/08/29 10:59:56.108001, 
> 4] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - 
> already user [2017/08/29 10:59:56.108058, 
> 3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex) 
> smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] 
> status[NT_STATUS_INVALID_PARAMETER] || 
> at ../source3/smbd/smb2_ioctl.c:309 [2017/08/29 10:59:56.109246, 
> 4] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) setting sec 
> ctx (0, 0) - sec_ctx_stack_ndx = 0 [2017/08/29 10:59:56.109401, 
> 3] ../lib/util/access.c:361(allow_access) Allowed connection from 
> 10.17.253.156 (10.17.253.156) [2017/08/29 10:59:56.109525, 
> 3] ../source3/smbd/service.c:576(make_connection_snum) Connect path 
> is '/opt/fft/actran_product' for service [software] [2017/08/29 
> 10:59:56.109566, 3] ../source3/smbd/vfs.c:113(vfs_init_default) 
> Initialising default vfs hooks [2017/08/29 10:59:56.109581, 
> 3] ../source3/smbd/vfs.c:139(vfs_init_custom) Initialising custom vfs 
> hooks from [/[Default VFS]/] [2017/08/29 10:59:56.109652, 
> 3] ../source3/smbd/vfs.c:139(vfs_init_custom) Initialising custom vfs 
> hooks from [acl_xattr] [2017/08/29 10:59:56.109668, 
> 3] ../source3/smbd/vfs.c:139(vfs_init_custom) Initialising custom vfs 
> hooks from [dfs_samba4] [2017/08/29 10:59:56.109691, 
> 2] ../source3/modules/vfs_acl_xattr.c:235(connect_acl_xattr) 
> connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = 
> true' and 'force unknown acl user = true' for service software 
> [2017/08/29 10:59:56.112545, 
> 4] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) setting sec 
> ctx (531, 100) - sec_ctx_stack_ndx = 0 [2017/08/29 10:59:56.112595, 
> 4] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) setting sec 
> ctx (0, 0) - sec_ctx_stack_ndx = 0 [2017/08/29 10:59:56.112642, 
> 2] ../source3/smbd/service.c:822(make_connection_snum) 10.17.253.156 
> (ipv4:10.17.253.156:49202) connect to service software initially as 
> user FFT\qa (uid=531, gid=100) (pid 23058) [2017/08/29 
> 10:59:56.114037, 
> 4] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) setting sec 
> ctx (531, 100) - sec_ctx_stack_ndx = 0 [2017/08/29 10:59:56.114105, 
> 3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex) 
> smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] 
> status[NT_STATUS_INVALID_PARAMETER] || 
> at ../source3/smbd/smb2_ioctl.c:309 [2017/08/29 10:59:56.114916, 
> 4] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - 
> already user [2017/08/29 10:59:56.114973, 
> 3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex) 
> smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] 
> status[NT_STATUS_INVALID_PARAMETER] || 
> at ../source3/smbd/smb2_ioctl.c:309 [2017/08/29 10:59:56.756703, 
> 4] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) setting sec 
> ctx (0, 0) - sec_ctx_stack_ndx = 0 
> 
> 
> 
> 
> Thank you 

Go on, I give in, how have you setup Samba ? ;-) 

Or to put it another way, can you please post your smb.conf. 

Rowland 

-- 
To unsubscribe from this list go to the following URL and read the 
instructions: https://lists.samba.org/mailman/options/samba 


-- 




www.it-optics.com 
	
Gaëtan SLONGO | Head of Infrastructure Department 
Boulevard Initialis, 28 - 7000 Mons, BELGIUM 
Company : 	+32 (0)65 84 23 85 
Direct : 	+32 (0)65 32 85 88 
Fax : 	+32 (0)65 84 66 76 
Skype ID : 	gslongo.pro 
GPG Key : 	gslongo-gpg_key.asc 
	

- Please consider your environmental responsibility before printing this e-mail -

More information about the samba mailing list