[Samba] Shares not accessible when using FQDN
L.P.H. van Belle
belle at bazuin.nl
Tue Aug 29 10:01:50 UTC 2017
If DNS is setup correct, then and your sure,
then show ipconfig /all from a working and failing pc.
And for i forget to mention.
Did you check if the time is in sync? ( sorry must ask )
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Gaetan SLONGO via samba
> Verzonden: dinsdag 29 augustus 2017 11:47
> Aan: Rowland Penny
> CC: samba at lists.samba.org
> Onderwerp: Re: [Samba] Shares not accessible when using FQDN
>
> Hi guys,
>
>
> Thank you for your answer. Meanwhile I have new informations,
> the problem also happen on a workstation in the domain.
> This should not be a DNS issue. I validated that and I can
> authenticate and list shares. Just cannot enter into them
> when i'm using the FQDN o_O
>
>
> Note : It works well on Linux clients.
>
>
> Here is the Samba config file :
>
>
> Thank you !
>
>
>
> # Global parameters
> [global]
> netbios name = MOE
> realm = ADS.DOMAIN.BE
> workgroup = DOMAIN
> netbios alias = CLUSTER
> server role = active directory domain controller kerberos
> method = secrets and keytab idmap_ldb:use rfc2307 = yes
> winbind use default domain = false winbind offline logon =
> false template shell = /bin/bash template homedir = /home/%u
> ntlm auth = yes log level = 4
>
>
>
>
> [netlogon]
> path = /var/lib/samba/sysvol/ads.DOMAIN.be/scripts
> read only = Yes
> browsable = no
>
>
> [sysvol]
> path = /var/lib/samba/sysvol
> read only = Yes
> browsable = no
>
>
>
>
> [software]
> comment = Installed productlines
> path = /opt/DOMAIN/actran_product
> read only = Yes
> create mask = 0660
> directory mask = 0770
> guest ok = No
>
>
> [license]
> comment = license
> path = /opt/licenses/msctwo
> read only = yes
> guest ok = No
>
>
>
>
> [homes]
> comment = Home Directories
> ;;valid users = root @smbusers
> browseable = no
> read only = No
> ;create mask = 0640 ; Changé à la demande d'Eloi create mask
> = 0600 ;directory mask = 0750 ; Changé à la demande d'Eloi
> directory mask = 0700 guest ok = no printable = no veto files
> = hide dot files = no
>
>
> ----- Mail original -----
>
> De: "Rowland Penny via samba" <samba at lists.samba.org>
> À: samba at lists.samba.org
> Envoyé: Mardi 29 Août 2017 11:31:37
> Objet : Re: [Samba] Shares not accessible when using FQDN
>
> On Tue, 29 Aug 2017 11:16:12 +0200 (CEST) Gaetan SLONGO via
> samba <samba at lists.samba.org> wrote:
>
> >
> >
> > Hi,
> >
> >
> > I'm facing to an issue where I cannot find solution.
> >
> >
> > Here is the test case :
> >
> >
> >
> >
> > * Samba 4.7, multi-server setup (multiple DC)
> > * Windows 7 and Windows 10 client (not domain member)
> > * Shares can be listed but no access to them in some case
> >
> >
> >
> > From my workstation if I access to
> \\myserver.domain\myshare I get an
> > error like "//UNC// is not accessible . you might nit have
> > permissions ... bla bla ... The parameter is incorrect"
> >
> >
> > On my samba server we can see the log below (at the end of that
> > mail).
> >
> >
> > However, it works when I do not append domain name to the UNC :
> > \\myserver\myshare ... Even more strange, it works on some
> > workstations but not all.. Client clients are OK.
> >
> >
> > Do you have any idea ?!?
> >
> >
> >
> >
> >
> > ==> /var/log/samba/log.smbd <==
> > [2017/08/29 10:59:55.925684,
> > 4] ../source3/smbd/uid.c:384(change_to_user) Skipping user change -
> > already user [2017/08/29 10:59:55.925776,
> > 3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex)
> > smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1]
> > status[NT_STATUS_INVALID_PARAMETER] ||
> > at ../source3/smbd/smb2_ioctl.c:309 [2017/08/29 10:59:55.926835,
> > 4] ../source3/smbd/uid.c:384(change_to_user) Skipping user change -
> > already user [2017/08/29 10:59:55.926892,
> > 3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex)
> > smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1]
> > status[NT_STATUS_INVALID_PARAMETER] ||
> > at ../source3/smbd/smb2_ioctl.c:309 [2017/08/29 10:59:56.088688,
> > 4] ../source3/smbd/uid.c:384(change_to_user) Skipping user change -
> > already user [2017/08/29 10:59:56.088746,
> > 3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex)
> > smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1]
> > status[NT_STATUS_INVALID_PARAMETER] ||
> > at ../source3/smbd/smb2_ioctl.c:309 [2017/08/29 10:59:56.098659,
> > 4] ../source3/smbd/uid.c:384(change_to_user) Skipping user change -
> > already user [2017/08/29 10:59:56.098717,
> > 3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex)
> > smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1]
> > status[NT_STATUS_INVALID_PARAMETER] ||
> > at ../source3/smbd/smb2_ioctl.c:309 [2017/08/29 10:59:56.104899,
> > 4] ../source3/smbd/uid.c:384(change_to_user) Skipping user change -
> > already user [2017/08/29 10:59:56.104957,
> > 3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex)
> > smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1]
> > status[NT_STATUS_INVALID_PARAMETER] ||
> > at ../source3/smbd/smb2_ioctl.c:309 [2017/08/29 10:59:56.105755,
> > 4] ../source3/smbd/uid.c:384(change_to_user) Skipping user change -
> > already user [2017/08/29 10:59:56.105811,
> > 3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex)
> > smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1]
> > status[NT_STATUS_INVALID_PARAMETER] ||
> > at ../source3/smbd/smb2_ioctl.c:309 [2017/08/29 10:59:56.106671,
> > 4] ../source3/smbd/uid.c:384(change_to_user) Skipping user change -
> > already user [2017/08/29 10:59:56.106727,
> > 3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex)
> > smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1]
> > status[NT_STATUS_INVALID_PARAMETER] ||
> > at ../source3/smbd/smb2_ioctl.c:309 [2017/08/29 10:59:56.108001,
> > 4] ../source3/smbd/uid.c:384(change_to_user) Skipping user change -
> > already user [2017/08/29 10:59:56.108058,
> > 3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex)
> > smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1]
> > status[NT_STATUS_INVALID_PARAMETER] ||
> > at ../source3/smbd/smb2_ioctl.c:309 [2017/08/29 10:59:56.109246,
> > 4] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) setting sec
> > ctx (0, 0) - sec_ctx_stack_ndx = 0 [2017/08/29 10:59:56.109401,
> > 3] ../lib/util/access.c:361(allow_access) Allowed connection from
> > 10.17.253.156 (10.17.253.156) [2017/08/29 10:59:56.109525,
> > 3] ../source3/smbd/service.c:576(make_connection_snum) Connect path
> > is '/opt/fft/actran_product' for service [software] [2017/08/29
> > 10:59:56.109566, 3] ../source3/smbd/vfs.c:113(vfs_init_default)
> > Initialising default vfs hooks [2017/08/29 10:59:56.109581,
> > 3] ../source3/smbd/vfs.c:139(vfs_init_custom) Initialising
> custom vfs
> > hooks from [/[Default VFS]/] [2017/08/29 10:59:56.109652,
> > 3] ../source3/smbd/vfs.c:139(vfs_init_custom) Initialising
> custom vfs
> > hooks from [acl_xattr] [2017/08/29 10:59:56.109668,
> > 3] ../source3/smbd/vfs.c:139(vfs_init_custom) Initialising
> custom vfs
> > hooks from [dfs_samba4] [2017/08/29 10:59:56.109691,
> > 2] ../source3/modules/vfs_acl_xattr.c:235(connect_acl_xattr)
> > connect_acl_xattr: setting 'inherit acls = true' 'dos filemode =
> > true' and 'force unknown acl user = true' for service software
> > [2017/08/29 10:59:56.112545,
> > 4] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) setting sec
> > ctx (531, 100) - sec_ctx_stack_ndx = 0 [2017/08/29 10:59:56.112595,
> > 4] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) setting sec
> > ctx (0, 0) - sec_ctx_stack_ndx = 0 [2017/08/29 10:59:56.112642,
> > 2] ../source3/smbd/service.c:822(make_connection_snum)
> 10.17.253.156
> > (ipv4:10.17.253.156:49202) connect to service software initially as
> > user FFT\qa (uid=531, gid=100) (pid 23058) [2017/08/29
> > 10:59:56.114037,
> > 4] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) setting sec
> > ctx (531, 100) - sec_ctx_stack_ndx = 0 [2017/08/29 10:59:56.114105,
> > 3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex)
> > smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1]
> > status[NT_STATUS_INVALID_PARAMETER] ||
> > at ../source3/smbd/smb2_ioctl.c:309 [2017/08/29 10:59:56.114916,
> > 4] ../source3/smbd/uid.c:384(change_to_user) Skipping user change -
> > already user [2017/08/29 10:59:56.114973,
> > 3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex)
> > smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1]
> > status[NT_STATUS_INVALID_PARAMETER] ||
> > at ../source3/smbd/smb2_ioctl.c:309 [2017/08/29 10:59:56.756703,
> > 4] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) setting sec
> > ctx (0, 0) - sec_ctx_stack_ndx = 0
> >
> >
> >
> >
> > Thank you
>
> Go on, I give in, how have you setup Samba ? ;-)
>
> Or to put it another way, can you please post your smb.conf.
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
> --
>
>
>
>
> www.it-optics.com
>
> Gaëtan SLONGO | Head of Infrastructure Department
> Boulevard Initialis, 28 - 7000 Mons, BELGIUM
> Company : +32 (0)65 84 23 85
> Direct : +32 (0)65 32 85 88
> Fax : +32 (0)65 84 66 76
> Skype ID : gslongo.pro
> GPG Key : gslongo-gpg_key.asc
>
>
> - Please consider your environmental responsibility before
> printing this e-mail -
>
>
>
>
>
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list