[Samba] Shares not accessible when using FQDN

Gaetan SLONGO gslongo at it-optics.com
Tue Aug 29 10:29:52 UTC 2017 

Hi, 


Time is OK 
I found some more informations: it seems the problem appears when I use an alias (DNS and netbios alias). So it is working for principal names (moe, in this case). Maybe it si not related but the setup is still in 2003 mode? 


CLUSTER is and alias of MOE (in the config and also in DNS servers => CNAME (resolution is OK)). And accessing to the shares using \\cluster is not working. 


Regarding the ipconfig setup. Difficult to send it right now as I'm working remotely (and with a Linux workstation :)). I could make screenshots but I think I cannot paste them in the list. But maybe if you tell me what you want to validate I can do it. I assume it is the DNS search list 


Thank you guys 

----- Mail original -----

De: "L.P.H. van Belle via samba" <samba at lists.samba.org> 
À: samba at lists.samba.org 
Envoyé: Mardi 29 Août 2017 12:01:50 
Objet : Re: [Samba] Shares not accessible when using FQDN 

If DNS is setup correct, then and your sure, 
then show ipconfig /all from a working and failing pc. 

And for i forget to mention. 
Did you check if the time is in sync? ( sorry must ask ) 

Greetz, 

Louis 


> -----Oorspronkelijk bericht----- 
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Gaetan SLONGO via samba 
> Verzonden: dinsdag 29 augustus 2017 11:47 
> Aan: Rowland Penny 
> CC: samba at lists.samba.org 
> Onderwerp: Re: [Samba] Shares not accessible when using FQDN 
> 
> Hi guys, 
> 
> 
> Thank you for your answer. Meanwhile I have new informations, 
> the problem also happen on a workstation in the domain. 
> This should not be a DNS issue. I validated that and I can 
> authenticate and list shares. Just cannot enter into them 
> when i'm using the FQDN o_O 
> 
> 
> Note : It works well on Linux clients. 
> 
> 
> Here is the Samba config file : 
> 
> 
> Thank you ! 
> 
> 
> 
> # Global parameters 
> [global] 
> netbios name = MOE 
> realm = ADS.DOMAIN.BE 
> workgroup = DOMAIN 
> netbios alias = CLUSTER 
> server role = active directory domain controller kerberos 
> method = secrets and keytab idmap_ldb:use rfc2307 = yes 
> winbind use default domain = false winbind offline logon = 
> false template shell = /bin/bash template homedir = /home/%u 
> ntlm auth = yes log level = 4 
> 
> 
> 
> 
> [netlogon] 
> path = /var/lib/samba/sysvol/ads.DOMAIN.be/scripts 
> read only = Yes 
> browsable = no 
> 
> 
> [sysvol] 
> path = /var/lib/samba/sysvol 
> read only = Yes 
> browsable = no 
> 
> 
> 
> 
> [software] 
> comment = Installed productlines 
> path = /opt/DOMAIN/actran_product 
> read only = Yes 
> create mask = 0660 
> directory mask = 0770 
> guest ok = No 
> 
> 
> [license] 
> comment = license 
> path = /opt/licenses/msctwo 
> read only = yes 
> guest ok = No 
> 
> 
> 
> 
> [homes] 
> comment = Home Directories 
> ;;valid users = root @smbusers 
> browseable = no 
> read only = No 
> ;create mask = 0640 ; Changé à la demande d'Eloi create mask 
> = 0600 ;directory mask = 0750 ; Changé à la demande d'Eloi 
> directory mask = 0700 guest ok = no printable = no veto files 
> = hide dot files = no 
> 
> 
> ----- Mail original ----- 
> 
> De: "Rowland Penny via samba" <samba at lists.samba.org> 
> À: samba at lists.samba.org 
> Envoyé: Mardi 29 Août 2017 11:31:37 
> Objet : Re: [Samba] Shares not accessible when using FQDN 
> 
> On Tue, 29 Aug 2017 11:16:12 +0200 (CEST) Gaetan SLONGO via 
> samba <samba at lists.samba.org> wrote: 
> 
> > 
> > 
> > Hi, 
> > 
> > 
> > I'm facing to an issue where I cannot find solution. 
> > 
> > 
> > Here is the test case : 
> > 
> > 
> > 
> > 
> > * Samba 4.7, multi-server setup (multiple DC) 
> > * Windows 7 and Windows 10 client (not domain member) 
> > * Shares can be listed but no access to them in some case 
> > 
> > 
> > 
> > From my workstation if I access to 
> \\myserver.domain\myshare I get an 
> > error like "//UNC// is not accessible . you might nit have 
> > permissions ... bla bla ... The parameter is incorrect" 
> > 
> > 
> > On my samba server we can see the log below (at the end of that 
> > mail). 
> > 
> > 
> > However, it works when I do not append domain name to the UNC : 
> > \\myserver\myshare ... Even more strange, it works on some 
> > workstations but not all.. Client clients are OK. 
> > 
> > 
> > Do you have any idea ?!? 
> > 
> > 
> > 
> > 
> > 
> > ==> /var/log/samba/log.smbd <== 
> > [2017/08/29 10:59:55.925684, 
> > 4] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - 
> > already user [2017/08/29 10:59:55.925776, 
> > 3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex) 
> > smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] 
> > status[NT_STATUS_INVALID_PARAMETER] || 
> > at ../source3/smbd/smb2_ioctl.c:309 [2017/08/29 10:59:55.926835, 
> > 4] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - 
> > already user [2017/08/29 10:59:55.926892, 
> > 3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex) 
> > smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] 
> > status[NT_STATUS_INVALID_PARAMETER] || 
> > at ../source3/smbd/smb2_ioctl.c:309 [2017/08/29 10:59:56.088688, 
> > 4] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - 
> > already user [2017/08/29 10:59:56.088746, 
> > 3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex) 
> > smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] 
> > status[NT_STATUS_INVALID_PARAMETER] || 
> > at ../source3/smbd/smb2_ioctl.c:309 [2017/08/29 10:59:56.098659, 
> > 4] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - 
> > already user [2017/08/29 10:59:56.098717, 
> > 3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex) 
> > smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] 
> > status[NT_STATUS_INVALID_PARAMETER] || 
> > at ../source3/smbd/smb2_ioctl.c:309 [2017/08/29 10:59:56.104899, 
> > 4] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - 
> > already user [2017/08/29 10:59:56.104957, 
> > 3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex) 
> > smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] 
> > status[NT_STATUS_INVALID_PARAMETER] || 
> > at ../source3/smbd/smb2_ioctl.c:309 [2017/08/29 10:59:56.105755, 
> > 4] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - 
> > already user [2017/08/29 10:59:56.105811, 
> > 3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex) 
> > smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] 
> > status[NT_STATUS_INVALID_PARAMETER] || 
> > at ../source3/smbd/smb2_ioctl.c:309 [2017/08/29 10:59:56.106671, 
> > 4] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - 
> > already user [2017/08/29 10:59:56.106727, 
> > 3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex) 
> > smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] 
> > status[NT_STATUS_INVALID_PARAMETER] || 
> > at ../source3/smbd/smb2_ioctl.c:309 [2017/08/29 10:59:56.108001, 
> > 4] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - 
> > already user [2017/08/29 10:59:56.108058, 
> > 3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex) 
> > smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] 
> > status[NT_STATUS_INVALID_PARAMETER] || 
> > at ../source3/smbd/smb2_ioctl.c:309 [2017/08/29 10:59:56.109246, 
> > 4] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) setting sec 
> > ctx (0, 0) - sec_ctx_stack_ndx = 0 [2017/08/29 10:59:56.109401, 
> > 3] ../lib/util/access.c:361(allow_access) Allowed connection from 
> > 10.17.253.156 (10.17.253.156) [2017/08/29 10:59:56.109525, 
> > 3] ../source3/smbd/service.c:576(make_connection_snum) Connect path 
> > is '/opt/fft/actran_product' for service [software] [2017/08/29 
> > 10:59:56.109566, 3] ../source3/smbd/vfs.c:113(vfs_init_default) 
> > Initialising default vfs hooks [2017/08/29 10:59:56.109581, 
> > 3] ../source3/smbd/vfs.c:139(vfs_init_custom) Initialising 
> custom vfs 
> > hooks from [/[Default VFS]/] [2017/08/29 10:59:56.109652, 
> > 3] ../source3/smbd/vfs.c:139(vfs_init_custom) Initialising 
> custom vfs 
> > hooks from [acl_xattr] [2017/08/29 10:59:56.109668, 
> > 3] ../source3/smbd/vfs.c:139(vfs_init_custom) Initialising 
> custom vfs 
> > hooks from [dfs_samba4] [2017/08/29 10:59:56.109691, 
> > 2] ../source3/modules/vfs_acl_xattr.c:235(connect_acl_xattr) 
> > connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = 
> > true' and 'force unknown acl user = true' for service software 
> > [2017/08/29 10:59:56.112545, 
> > 4] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) setting sec 
> > ctx (531, 100) - sec_ctx_stack_ndx = 0 [2017/08/29 10:59:56.112595, 
> > 4] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) setting sec 
> > ctx (0, 0) - sec_ctx_stack_ndx = 0 [2017/08/29 10:59:56.112642, 
> > 2] ../source3/smbd/service.c:822(make_connection_snum) 
> 10.17.253.156 
> > (ipv4:10.17.253.156:49202) connect to service software initially as 
> > user FFT\qa (uid=531, gid=100) (pid 23058) [2017/08/29 
> > 10:59:56.114037, 
> > 4] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) setting sec 
> > ctx (531, 100) - sec_ctx_stack_ndx = 0 [2017/08/29 10:59:56.114105, 
> > 3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex) 
> > smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] 
> > status[NT_STATUS_INVALID_PARAMETER] || 
> > at ../source3/smbd/smb2_ioctl.c:309 [2017/08/29 10:59:56.114916, 
> > 4] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - 
> > already user [2017/08/29 10:59:56.114973, 
> > 3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex) 
> > smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] 
> > status[NT_STATUS_INVALID_PARAMETER] || 
> > at ../source3/smbd/smb2_ioctl.c:309 [2017/08/29 10:59:56.756703, 
> > 4] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) setting sec 
> > ctx (0, 0) - sec_ctx_stack_ndx = 0 
> > 
> > 
> > 
> > 
> > Thank you 
> 
> Go on, I give in, how have you setup Samba ? ;-) 
> 
> Or to put it another way, can you please post your smb.conf. 
> 
> Rowland 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the 
> instructions: https://lists.samba.org/mailman/options/samba 
> 
> 
> -- 
> 
> 
> 
> 
> www.it-optics.com 
> 
> Gaëtan SLONGO | Head of Infrastructure Department 
> Boulevard Initialis, 28 - 7000 Mons, BELGIUM 
> Company : +32 (0)65 84 23 85 
> Direct : +32 (0)65 32 85 88 
> Fax : +32 (0)65 84 66 76 
> Skype ID : gslongo.pro 
> GPG Key : gslongo-gpg_key.asc 
> 
> 
> - Please consider your environmental responsibility before 
> printing this e-mail - 
> 
> 
> 
> 
> 
> 
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the 
> instructions: https://lists.samba.org/mailman/options/samba 
> 


-- 
To unsubscribe from this list go to the following URL and read the 
instructions: https://lists.samba.org/mailman/options/samba

More information about the samba mailing list