[Samba] Shares not accessible when using FQDN
Gaetan SLONGO
gslongo at it-optics.com
Tue Aug 29 09:47:17 UTC 2017
Hi guys,
Thank you for your answer. Meanwhile I have new informations, the problem also happen on a workstation in the domain.
This should not be a DNS issue. I validated that and I can authenticate and list shares. Just cannot enter into them when i'm using the FQDN o_O
Note : It works well on Linux clients.
Here is the Samba config file :
Thank you !
# Global parameters
[global]
netbios name = MOE
realm = ADS.DOMAIN.BE
workgroup = DOMAIN
netbios alias = CLUSTER
server role = active directory domain controller
kerberos method = secrets and keytab
idmap_ldb:use rfc2307 = yes
winbind use default domain = false
winbind offline logon = false
template shell = /bin/bash
template homedir = /home/%u
ntlm auth = yes
log level = 4
[netlogon]
path = /var/lib/samba/sysvol/ads.DOMAIN.be/scripts
read only = Yes
browsable = no
[sysvol]
path = /var/lib/samba/sysvol
read only = Yes
browsable = no
[software]
comment = Installed productlines
path = /opt/DOMAIN/actran_product
read only = Yes
create mask = 0660
directory mask = 0770
guest ok = No
[license]
comment = license
path = /opt/licenses/msctwo
read only = yes
guest ok = No
[homes]
comment = Home Directories
;;valid users = root @smbusers
browseable = no
read only = No
;create mask = 0640 ; Changé à la demande d'Eloi
create mask = 0600
;directory mask = 0750 ; Changé à la demande d'Eloi
directory mask = 0700
guest ok = no
printable = no
veto files =
hide dot files = no
----- Mail original -----
De: "Rowland Penny via samba" <samba at lists.samba.org>
À: samba at lists.samba.org
Envoyé: Mardi 29 Août 2017 11:31:37
Objet : Re: [Samba] Shares not accessible when using FQDN
On Tue, 29 Aug 2017 11:16:12 +0200 (CEST)
Gaetan SLONGO via samba <samba at lists.samba.org> wrote:
>
>
> Hi,
>
>
> I'm facing to an issue where I cannot find solution.
>
>
> Here is the test case :
>
>
>
>
> * Samba 4.7, multi-server setup (multiple DC)
> * Windows 7 and Windows 10 client (not domain member)
> * Shares can be listed but no access to them in some case
>
>
>
> From my workstation if I access to \\myserver.domain\myshare I get an
> error like "//UNC// is not accessible . you might nit have
> permissions ... bla bla ... The parameter is incorrect"
>
>
> On my samba server we can see the log below (at the end of that
> mail).
>
>
> However, it works when I do not append domain name to the UNC :
> \\myserver\myshare ... Even more strange, it works on some
> workstations but not all.. Client clients are OK.
>
>
> Do you have any idea ?!?
>
>
>
>
>
> ==> /var/log/samba/log.smbd <==
> [2017/08/29 10:59:55.925684,
> 4] ../source3/smbd/uid.c:384(change_to_user) Skipping user change -
> already user [2017/08/29 10:59:55.925776,
> 3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex)
> smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1]
> status[NT_STATUS_INVALID_PARAMETER] ||
> at ../source3/smbd/smb2_ioctl.c:309 [2017/08/29 10:59:55.926835,
> 4] ../source3/smbd/uid.c:384(change_to_user) Skipping user change -
> already user [2017/08/29 10:59:55.926892,
> 3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex)
> smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1]
> status[NT_STATUS_INVALID_PARAMETER] ||
> at ../source3/smbd/smb2_ioctl.c:309 [2017/08/29 10:59:56.088688,
> 4] ../source3/smbd/uid.c:384(change_to_user) Skipping user change -
> already user [2017/08/29 10:59:56.088746,
> 3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex)
> smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1]
> status[NT_STATUS_INVALID_PARAMETER] ||
> at ../source3/smbd/smb2_ioctl.c:309 [2017/08/29 10:59:56.098659,
> 4] ../source3/smbd/uid.c:384(change_to_user) Skipping user change -
> already user [2017/08/29 10:59:56.098717,
> 3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex)
> smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1]
> status[NT_STATUS_INVALID_PARAMETER] ||
> at ../source3/smbd/smb2_ioctl.c:309 [2017/08/29 10:59:56.104899,
> 4] ../source3/smbd/uid.c:384(change_to_user) Skipping user change -
> already user [2017/08/29 10:59:56.104957,
> 3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex)
> smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1]
> status[NT_STATUS_INVALID_PARAMETER] ||
> at ../source3/smbd/smb2_ioctl.c:309 [2017/08/29 10:59:56.105755,
> 4] ../source3/smbd/uid.c:384(change_to_user) Skipping user change -
> already user [2017/08/29 10:59:56.105811,
> 3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex)
> smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1]
> status[NT_STATUS_INVALID_PARAMETER] ||
> at ../source3/smbd/smb2_ioctl.c:309 [2017/08/29 10:59:56.106671,
> 4] ../source3/smbd/uid.c:384(change_to_user) Skipping user change -
> already user [2017/08/29 10:59:56.106727,
> 3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex)
> smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1]
> status[NT_STATUS_INVALID_PARAMETER] ||
> at ../source3/smbd/smb2_ioctl.c:309 [2017/08/29 10:59:56.108001,
> 4] ../source3/smbd/uid.c:384(change_to_user) Skipping user change -
> already user [2017/08/29 10:59:56.108058,
> 3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex)
> smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1]
> status[NT_STATUS_INVALID_PARAMETER] ||
> at ../source3/smbd/smb2_ioctl.c:309 [2017/08/29 10:59:56.109246,
> 4] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) setting sec
> ctx (0, 0) - sec_ctx_stack_ndx = 0 [2017/08/29 10:59:56.109401,
> 3] ../lib/util/access.c:361(allow_access) Allowed connection from
> 10.17.253.156 (10.17.253.156) [2017/08/29 10:59:56.109525,
> 3] ../source3/smbd/service.c:576(make_connection_snum) Connect path
> is '/opt/fft/actran_product' for service [software] [2017/08/29
> 10:59:56.109566, 3] ../source3/smbd/vfs.c:113(vfs_init_default)
> Initialising default vfs hooks [2017/08/29 10:59:56.109581,
> 3] ../source3/smbd/vfs.c:139(vfs_init_custom) Initialising custom vfs
> hooks from [/[Default VFS]/] [2017/08/29 10:59:56.109652,
> 3] ../source3/smbd/vfs.c:139(vfs_init_custom) Initialising custom vfs
> hooks from [acl_xattr] [2017/08/29 10:59:56.109668,
> 3] ../source3/smbd/vfs.c:139(vfs_init_custom) Initialising custom vfs
> hooks from [dfs_samba4] [2017/08/29 10:59:56.109691,
> 2] ../source3/modules/vfs_acl_xattr.c:235(connect_acl_xattr)
> connect_acl_xattr: setting 'inherit acls = true' 'dos filemode =
> true' and 'force unknown acl user = true' for service software
> [2017/08/29 10:59:56.112545,
> 4] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) setting sec
> ctx (531, 100) - sec_ctx_stack_ndx = 0 [2017/08/29 10:59:56.112595,
> 4] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) setting sec
> ctx (0, 0) - sec_ctx_stack_ndx = 0 [2017/08/29 10:59:56.112642,
> 2] ../source3/smbd/service.c:822(make_connection_snum) 10.17.253.156
> (ipv4:10.17.253.156:49202) connect to service software initially as
> user FFT\qa (uid=531, gid=100) (pid 23058) [2017/08/29
> 10:59:56.114037,
> 4] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) setting sec
> ctx (531, 100) - sec_ctx_stack_ndx = 0 [2017/08/29 10:59:56.114105,
> 3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex)
> smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1]
> status[NT_STATUS_INVALID_PARAMETER] ||
> at ../source3/smbd/smb2_ioctl.c:309 [2017/08/29 10:59:56.114916,
> 4] ../source3/smbd/uid.c:384(change_to_user) Skipping user change -
> already user [2017/08/29 10:59:56.114973,
> 3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex)
> smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1]
> status[NT_STATUS_INVALID_PARAMETER] ||
> at ../source3/smbd/smb2_ioctl.c:309 [2017/08/29 10:59:56.756703,
> 4] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) setting sec
> ctx (0, 0) - sec_ctx_stack_ndx = 0
>
>
>
>
> Thank you
Go on, I give in, how have you setup Samba ? ;-)
Or to put it another way, can you please post your smb.conf.
Rowland
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
--
www.it-optics.com
Gaëtan SLONGO | Head of Infrastructure Department
Boulevard Initialis, 28 - 7000 Mons, BELGIUM
Company : +32 (0)65 84 23 85
Direct : +32 (0)65 32 85 88
Fax : +32 (0)65 84 66 76
Skype ID : gslongo.pro
GPG Key : gslongo-gpg_key.asc
- Please consider your environmental responsibility before printing this e-mail -
More information about the samba
mailing list