[Samba] Shares not accessible when using FQDN

L.P.H. van Belle belle at bazuin.nl
Tue Aug 29 10:01:50 UTC 2017


If DNS is setup correct, then and your sure, 
then show ipconfig /all from a working and failing pc. 

And for i forget to mention. 
Did you check if the time is in sync?  ( sorry must ask ) 

Greetz, 

Louis


> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Gaetan SLONGO via samba
> Verzonden: dinsdag 29 augustus 2017 11:47
> Aan: Rowland Penny
> CC: samba at lists.samba.org
> Onderwerp: Re: [Samba] Shares not accessible when using FQDN
> 
> Hi guys, 
> 
> 
> Thank you for your answer. Meanwhile I have new informations, 
> the problem also happen on a workstation in the domain. 
> This should not be a DNS issue. I validated that and I can 
> authenticate and list shares. Just cannot enter into them 
> when i'm using the FQDN o_O 
> 
> 
> Note : It works well on Linux clients. 
> 
> 
> Here is the Samba config file : 
> 
> 
> Thank you ! 
> 
> 
> 
> # Global parameters
> [global]
> netbios name = MOE
> realm = ADS.DOMAIN.BE
> workgroup = DOMAIN
> netbios alias = CLUSTER
> server role = active directory domain controller kerberos 
> method = secrets and keytab idmap_ldb:use rfc2307 = yes 
> winbind use default domain = false winbind offline logon = 
> false template shell = /bin/bash template homedir = /home/%u 
> ntlm auth = yes log level = 4 
> 
> 
> 
> 
> [netlogon]
> path = /var/lib/samba/sysvol/ads.DOMAIN.be/scripts
> read only = Yes
> browsable = no 
> 
> 
> [sysvol]
> path = /var/lib/samba/sysvol
> read only = Yes
> browsable = no 
> 
> 
> 
> 
> [software]
> comment = Installed productlines
> path = /opt/DOMAIN/actran_product
> read only = Yes
> create mask = 0660
> directory mask = 0770
> guest ok = No 
> 
> 
> [license]
> comment = license
> path = /opt/licenses/msctwo
> read only = yes
> guest ok = No 
> 
> 
> 
> 
> [homes]
> comment = Home Directories
> ;;valid users = root @smbusers
> browseable = no
> read only = No
> ;create mask = 0640 ; Changé à la demande d'Eloi create mask 
> = 0600 ;directory mask = 0750 ; Changé à la demande d'Eloi 
> directory mask = 0700 guest ok = no printable = no veto files 
> = hide dot files = no 
> 
> 
> ----- Mail original -----
> 
> De: "Rowland Penny via samba" <samba at lists.samba.org>
> À: samba at lists.samba.org
> Envoyé: Mardi 29 Août 2017 11:31:37
> Objet : Re: [Samba] Shares not accessible when using FQDN 
> 
> On Tue, 29 Aug 2017 11:16:12 +0200 (CEST) Gaetan SLONGO via 
> samba <samba at lists.samba.org> wrote: 
> 
> > 
> > 
> > Hi,
> > 
> > 
> > I'm facing to an issue where I cannot find solution. 
> > 
> > 
> > Here is the test case : 
> > 
> > 
> > 
> > 
> > * Samba 4.7, multi-server setup (multiple DC)
> > * Windows 7 and Windows 10 client (not domain member)
> > * Shares can be listed but no access to them in some case
> > 
> > 
> > 
> > From my workstation if I access to 
> \\myserver.domain\myshare I get an 
> > error like "//UNC// is not accessible . you might nit have 
> > permissions ... bla bla ... The parameter is incorrect" 
> > 
> > 
> > On my samba server we can see the log below (at the end of that 
> > mail). 
> > 
> > 
> > However, it works when I do not append domain name to the UNC : 
> > \\myserver\myshare ... Even more strange, it works on some 
> > workstations but not all.. Client clients are OK. 
> > 
> > 
> > Do you have any idea ?!? 
> > 
> > 
> > 
> > 
> > 
> > ==> /var/log/samba/log.smbd <== 
> > [2017/08/29 10:59:55.925684, 
> > 4] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - 
> > already user [2017/08/29 10:59:55.925776, 
> > 3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex) 
> > smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] 
> > status[NT_STATUS_INVALID_PARAMETER] || 
> > at ../source3/smbd/smb2_ioctl.c:309 [2017/08/29 10:59:55.926835, 
> > 4] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - 
> > already user [2017/08/29 10:59:55.926892, 
> > 3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex) 
> > smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] 
> > status[NT_STATUS_INVALID_PARAMETER] || 
> > at ../source3/smbd/smb2_ioctl.c:309 [2017/08/29 10:59:56.088688, 
> > 4] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - 
> > already user [2017/08/29 10:59:56.088746, 
> > 3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex) 
> > smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] 
> > status[NT_STATUS_INVALID_PARAMETER] || 
> > at ../source3/smbd/smb2_ioctl.c:309 [2017/08/29 10:59:56.098659, 
> > 4] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - 
> > already user [2017/08/29 10:59:56.098717, 
> > 3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex) 
> > smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] 
> > status[NT_STATUS_INVALID_PARAMETER] || 
> > at ../source3/smbd/smb2_ioctl.c:309 [2017/08/29 10:59:56.104899, 
> > 4] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - 
> > already user [2017/08/29 10:59:56.104957, 
> > 3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex) 
> > smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] 
> > status[NT_STATUS_INVALID_PARAMETER] || 
> > at ../source3/smbd/smb2_ioctl.c:309 [2017/08/29 10:59:56.105755, 
> > 4] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - 
> > already user [2017/08/29 10:59:56.105811, 
> > 3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex) 
> > smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] 
> > status[NT_STATUS_INVALID_PARAMETER] || 
> > at ../source3/smbd/smb2_ioctl.c:309 [2017/08/29 10:59:56.106671, 
> > 4] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - 
> > already user [2017/08/29 10:59:56.106727, 
> > 3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex) 
> > smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] 
> > status[NT_STATUS_INVALID_PARAMETER] || 
> > at ../source3/smbd/smb2_ioctl.c:309 [2017/08/29 10:59:56.108001, 
> > 4] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - 
> > already user [2017/08/29 10:59:56.108058, 
> > 3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex) 
> > smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] 
> > status[NT_STATUS_INVALID_PARAMETER] || 
> > at ../source3/smbd/smb2_ioctl.c:309 [2017/08/29 10:59:56.109246, 
> > 4] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) setting sec 
> > ctx (0, 0) - sec_ctx_stack_ndx = 0 [2017/08/29 10:59:56.109401, 
> > 3] ../lib/util/access.c:361(allow_access) Allowed connection from 
> > 10.17.253.156 (10.17.253.156) [2017/08/29 10:59:56.109525, 
> > 3] ../source3/smbd/service.c:576(make_connection_snum) Connect path 
> > is '/opt/fft/actran_product' for service [software] [2017/08/29 
> > 10:59:56.109566, 3] ../source3/smbd/vfs.c:113(vfs_init_default) 
> > Initialising default vfs hooks [2017/08/29 10:59:56.109581, 
> > 3] ../source3/smbd/vfs.c:139(vfs_init_custom) Initialising 
> custom vfs 
> > hooks from [/[Default VFS]/] [2017/08/29 10:59:56.109652, 
> > 3] ../source3/smbd/vfs.c:139(vfs_init_custom) Initialising 
> custom vfs 
> > hooks from [acl_xattr] [2017/08/29 10:59:56.109668, 
> > 3] ../source3/smbd/vfs.c:139(vfs_init_custom) Initialising 
> custom vfs 
> > hooks from [dfs_samba4] [2017/08/29 10:59:56.109691, 
> > 2] ../source3/modules/vfs_acl_xattr.c:235(connect_acl_xattr) 
> > connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = 
> > true' and 'force unknown acl user = true' for service software 
> > [2017/08/29 10:59:56.112545, 
> > 4] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) setting sec 
> > ctx (531, 100) - sec_ctx_stack_ndx = 0 [2017/08/29 10:59:56.112595, 
> > 4] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) setting sec 
> > ctx (0, 0) - sec_ctx_stack_ndx = 0 [2017/08/29 10:59:56.112642, 
> > 2] ../source3/smbd/service.c:822(make_connection_snum) 
> 10.17.253.156 
> > (ipv4:10.17.253.156:49202) connect to service software initially as 
> > user FFT\qa (uid=531, gid=100) (pid 23058) [2017/08/29 
> > 10:59:56.114037, 
> > 4] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) setting sec 
> > ctx (531, 100) - sec_ctx_stack_ndx = 0 [2017/08/29 10:59:56.114105, 
> > 3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex) 
> > smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] 
> > status[NT_STATUS_INVALID_PARAMETER] || 
> > at ../source3/smbd/smb2_ioctl.c:309 [2017/08/29 10:59:56.114916, 
> > 4] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - 
> > already user [2017/08/29 10:59:56.114973, 
> > 3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex) 
> > smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] 
> > status[NT_STATUS_INVALID_PARAMETER] || 
> > at ../source3/smbd/smb2_ioctl.c:309 [2017/08/29 10:59:56.756703, 
> > 4] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) setting sec 
> > ctx (0, 0) - sec_ctx_stack_ndx = 0 
> > 
> > 
> > 
> > 
> > Thank you 
> 
> Go on, I give in, how have you setup Samba ? ;-) 
> 
> Or to put it another way, can you please post your smb.conf. 
> 
> Rowland 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the 
> instructions: https://lists.samba.org/mailman/options/samba 
> 
> 
> -- 
> 
> 
> 
> 
> www.it-optics.com 
> 	
> Gaëtan SLONGO | Head of Infrastructure Department 
> Boulevard Initialis, 28 - 7000 Mons, BELGIUM 
> Company : 	+32 (0)65 84 23 85 
> Direct : 	+32 (0)65 32 85 88 
> Fax : 	+32 (0)65 84 66 76 
> Skype ID : 	gslongo.pro 
> GPG Key : 	gslongo-gpg_key.asc 
> 	
> 
> - Please consider your environmental responsibility before 
> printing this e-mail - 
> 
> 
> 
> 
> 
> 
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 




More information about the samba mailing list