[Samba] Shares not accessible when using FQDN
mathias dufresne
infractory at gmail.com
Tue Aug 29 10:39:41 UTC 2017
>From windows, using cmd.exe you can copy text. Then you can paste that
copied text into text file.
Then you can paste that new file content here.
2017-08-29 12:29 GMT+02:00 Gaetan SLONGO via samba <samba at lists.samba.org>:
>
> Hi,
>
>
> Time is OK
> I found some more informations: it seems the problem appears when I use an
> alias (DNS and netbios alias). So it is working for principal names (moe,
> in this case). Maybe it si not related but the setup is still in 2003 mode?
>
>
> CLUSTER is and alias of MOE (in the config and also in DNS servers =>
> CNAME (resolution is OK)). And accessing to the shares using \\cluster is
> not working.
>
>
> Regarding the ipconfig setup. Difficult to send it right now as I'm
> working remotely (and with a Linux workstation :)). I could make
> screenshots but I think I cannot paste them in the list. But maybe if you
> tell me what you want to validate I can do it. I assume it is the DNS
> search list
>
>
> Thank you guys
>
> ----- Mail original -----
>
> De: "L.P.H. van Belle via samba" <samba at lists.samba.org>
> À: samba at lists.samba.org
> Envoyé: Mardi 29 Août 2017 12:01:50
> Objet : Re: [Samba] Shares not accessible when using FQDN
>
> If DNS is setup correct, then and your sure,
> then show ipconfig /all from a working and failing pc.
>
> And for i forget to mention.
> Did you check if the time is in sync? ( sorry must ask )
>
> Greetz,
>
> Louis
>
>
> > -----Oorspronkelijk bericht-----
> > Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> > Gaetan SLONGO via samba
> > Verzonden: dinsdag 29 augustus 2017 11:47
> > Aan: Rowland Penny
> > CC: samba at lists.samba.org
> > Onderwerp: Re: [Samba] Shares not accessible when using FQDN
> >
> > Hi guys,
> >
> >
> > Thank you for your answer. Meanwhile I have new informations,
> > the problem also happen on a workstation in the domain.
> > This should not be a DNS issue. I validated that and I can
> > authenticate and list shares. Just cannot enter into them
> > when i'm using the FQDN o_O
> >
> >
> > Note : It works well on Linux clients.
> >
> >
> > Here is the Samba config file :
> >
> >
> > Thank you !
> >
> >
> >
> > # Global parameters
> > [global]
> > netbios name = MOE
> > realm = ADS.DOMAIN.BE
> > workgroup = DOMAIN
> > netbios alias = CLUSTER
> > server role = active directory domain controller kerberos
> > method = secrets and keytab idmap_ldb:use rfc2307 = yes
> > winbind use default domain = false winbind offline logon =
> > false template shell = /bin/bash template homedir = /home/%u
> > ntlm auth = yes log level = 4
> >
> >
> >
> >
> > [netlogon]
> > path = /var/lib/samba/sysvol/ads.DOMAIN.be/scripts
> > read only = Yes
> > browsable = no
> >
> >
> > [sysvol]
> > path = /var/lib/samba/sysvol
> > read only = Yes
> > browsable = no
> >
> >
> >
> >
> > [software]
> > comment = Installed productlines
> > path = /opt/DOMAIN/actran_product
> > read only = Yes
> > create mask = 0660
> > directory mask = 0770
> > guest ok = No
> >
> >
> > [license]
> > comment = license
> > path = /opt/licenses/msctwo
> > read only = yes
> > guest ok = No
> >
> >
> >
> >
> > [homes]
> > comment = Home Directories
> > ;;valid users = root @smbusers
> > browseable = no
> > read only = No
> > ;create mask = 0640 ; Changé à la demande d'Eloi create mask
> > = 0600 ;directory mask = 0750 ; Changé à la demande d'Eloi
> > directory mask = 0700 guest ok = no printable = no veto files
> > = hide dot files = no
> >
> >
> > ----- Mail original -----
> >
> > De: "Rowland Penny via samba" <samba at lists.samba.org>
> > À: samba at lists.samba.org
> > Envoyé: Mardi 29 Août 2017 11:31:37
> > Objet : Re: [Samba] Shares not accessible when using FQDN
> >
> > On Tue, 29 Aug 2017 11:16:12 +0200 (CEST) Gaetan SLONGO via
> > samba <samba at lists.samba.org> wrote:
> >
> > >
> > >
> > > Hi,
> > >
> > >
> > > I'm facing to an issue where I cannot find solution.
> > >
> > >
> > > Here is the test case :
> > >
> > >
> > >
> > >
> > > * Samba 4.7, multi-server setup (multiple DC)
> > > * Windows 7 and Windows 10 client (not domain member)
> > > * Shares can be listed but no access to them in some case
> > >
> > >
> > >
> > > From my workstation if I access to
> > \\myserver.domain\myshare I get an
> > > error like "//UNC// is not accessible . you might nit have
> > > permissions ... bla bla ... The parameter is incorrect"
> > >
> > >
> > > On my samba server we can see the log below (at the end of that
> > > mail).
> > >
> > >
> > > However, it works when I do not append domain name to the UNC :
> > > \\myserver\myshare ... Even more strange, it works on some
> > > workstations but not all.. Client clients are OK.
> > >
> > >
> > > Do you have any idea ?!?
> > >
> > >
> > >
> > >
> > >
> > > ==> /var/log/samba/log.smbd <==
> > > [2017/08/29 10:59:55.925684,
> > > 4] ../source3/smbd/uid.c:384(change_to_user) Skipping user change -
> > > already user [2017/08/29 10:59:55.925776,
> > > 3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex)
> > > smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1]
> > > status[NT_STATUS_INVALID_PARAMETER] ||
> > > at ../source3/smbd/smb2_ioctl.c:309 [2017/08/29 10:59:55.926835,
> > > 4] ../source3/smbd/uid.c:384(change_to_user) Skipping user change -
> > > already user [2017/08/29 10:59:55.926892,
> > > 3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex)
> > > smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1]
> > > status[NT_STATUS_INVALID_PARAMETER] ||
> > > at ../source3/smbd/smb2_ioctl.c:309 [2017/08/29 10:59:56.088688,
> > > 4] ../source3/smbd/uid.c:384(change_to_user) Skipping user change -
> > > already user [2017/08/29 10:59:56.088746,
> > > 3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex)
> > > smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1]
> > > status[NT_STATUS_INVALID_PARAMETER] ||
> > > at ../source3/smbd/smb2_ioctl.c:309 [2017/08/29 10:59:56.098659,
> > > 4] ../source3/smbd/uid.c:384(change_to_user) Skipping user change -
> > > already user [2017/08/29 10:59:56.098717,
> > > 3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex)
> > > smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1]
> > > status[NT_STATUS_INVALID_PARAMETER] ||
> > > at ../source3/smbd/smb2_ioctl.c:309 [2017/08/29 10:59:56.104899,
> > > 4] ../source3/smbd/uid.c:384(change_to_user) Skipping user change -
> > > already user [2017/08/29 10:59:56.104957,
> > > 3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex)
> > > smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1]
> > > status[NT_STATUS_INVALID_PARAMETER] ||
> > > at ../source3/smbd/smb2_ioctl.c:309 [2017/08/29 10:59:56.105755,
> > > 4] ../source3/smbd/uid.c:384(change_to_user) Skipping user change -
> > > already user [2017/08/29 10:59:56.105811,
> > > 3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex)
> > > smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1]
> > > status[NT_STATUS_INVALID_PARAMETER] ||
> > > at ../source3/smbd/smb2_ioctl.c:309 [2017/08/29 10:59:56.106671,
> > > 4] ../source3/smbd/uid.c:384(change_to_user) Skipping user change -
> > > already user [2017/08/29 10:59:56.106727,
> > > 3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex)
> > > smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1]
> > > status[NT_STATUS_INVALID_PARAMETER] ||
> > > at ../source3/smbd/smb2_ioctl.c:309 [2017/08/29 10:59:56.108001,
> > > 4] ../source3/smbd/uid.c:384(change_to_user) Skipping user change -
> > > already user [2017/08/29 10:59:56.108058,
> > > 3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex)
> > > smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1]
> > > status[NT_STATUS_INVALID_PARAMETER] ||
> > > at ../source3/smbd/smb2_ioctl.c:309 [2017/08/29 10:59:56.109246,
> > > 4] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) setting sec
> > > ctx (0, 0) - sec_ctx_stack_ndx = 0 [2017/08/29 10:59:56.109401,
> > > 3] ../lib/util/access.c:361(allow_access) Allowed connection from
> > > 10.17.253.156 (10.17.253.156) [2017/08/29 10:59:56.109525,
> > > 3] ../source3/smbd/service.c:576(make_connection_snum) Connect path
> > > is '/opt/fft/actran_product' for service [software] [2017/08/29
> > > 10:59:56.109566, 3] ../source3/smbd/vfs.c:113(vfs_init_default)
> > > Initialising default vfs hooks [2017/08/29 10:59:56.109581,
> > > 3] ../source3/smbd/vfs.c:139(vfs_init_custom) Initialising
> > custom vfs
> > > hooks from [/[Default VFS]/] [2017/08/29 10:59:56.109652,
> > > 3] ../source3/smbd/vfs.c:139(vfs_init_custom) Initialising
> > custom vfs
> > > hooks from [acl_xattr] [2017/08/29 10:59:56.109668,
> > > 3] ../source3/smbd/vfs.c:139(vfs_init_custom) Initialising
> > custom vfs
> > > hooks from [dfs_samba4] [2017/08/29 10:59:56.109691,
> > > 2] ../source3/modules/vfs_acl_xattr.c:235(connect_acl_xattr)
> > > connect_acl_xattr: setting 'inherit acls = true' 'dos filemode =
> > > true' and 'force unknown acl user = true' for service software
> > > [2017/08/29 10:59:56.112545,
> > > 4] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) setting sec
> > > ctx (531, 100) - sec_ctx_stack_ndx = 0 [2017/08/29 10:59:56.112595,
> > > 4] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) setting sec
> > > ctx (0, 0) - sec_ctx_stack_ndx = 0 [2017/08/29 10:59:56.112642,
> > > 2] ../source3/smbd/service.c:822(make_connection_snum)
> > 10.17.253.156
> > > (ipv4:10.17.253.156:49202) connect to service software initially as
> > > user FFT\qa (uid=531, gid=100) (pid 23058) [2017/08/29
> > > 10:59:56.114037,
> > > 4] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) setting sec
> > > ctx (531, 100) - sec_ctx_stack_ndx = 0 [2017/08/29 10:59:56.114105,
> > > 3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex)
> > > smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1]
> > > status[NT_STATUS_INVALID_PARAMETER] ||
> > > at ../source3/smbd/smb2_ioctl.c:309 [2017/08/29 10:59:56.114916,
> > > 4] ../source3/smbd/uid.c:384(change_to_user) Skipping user change -
> > > already user [2017/08/29 10:59:56.114973,
> > > 3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex)
> > > smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1]
> > > status[NT_STATUS_INVALID_PARAMETER] ||
> > > at ../source3/smbd/smb2_ioctl.c:309 [2017/08/29 10:59:56.756703,
> > > 4] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) setting sec
> > > ctx (0, 0) - sec_ctx_stack_ndx = 0
> > >
> > >
> > >
> > >
> > > Thank you
> >
> > Go on, I give in, how have you setup Samba ? ;-)
> >
> > Or to put it another way, can you please post your smb.conf.
> >
> > Rowland
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
> >
> >
> > --
> >
> >
> >
> >
> > www.it-optics.com
> >
> > Gaëtan SLONGO | Head of Infrastructure Department
> > Boulevard Initialis, 28 - 7000 Mons, BELGIUM
> > Company : +32 (0)65 84 23 85
> > Direct : +32 (0)65 32 85 88
> > Fax : +32 (0)65 84 66 76
> > Skype ID : gslongo.pro
> > GPG Key : gslongo-gpg_key.asc
> >
> >
> > - Please consider your environmental responsibility before
> > printing this e-mail -
> >
> >
> >
> >
> >
> >
> >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
> >
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list