[Samba] Shares not accessible when using FQDN

Gaetan SLONGO gslongo at it-optics.com
Thu Sep 7 10:17:03 UTC 2017


Hi, 


Sorry for the late reply. Finally solved my issues by demoting these DC (which should not be DC, that was just a quick workarround) and joined that linux servers to the domain and use nss-ldap as passwd backend. 


Now the situation looks quite stable and we are looking at upgrade Unix ID of the users which are not "correct" (some are under 1000...) and put everyone > 10000. But this implies a lot of TB of files where we need to change ownership, ACL, and so on... 


Thank you guys 

----- Mail original -----

De: "L.P.H. van Belle via samba" <samba at lists.samba.org> 
À: samba at lists.samba.org 
Envoyé: Mercredi 30 Août 2017 15:06:52 
Objet : Re: [Samba] Shares not accessible when using FQDN 

Ok, on the subject, shares not acceccable when using fqdn. 

The server must have a A and PTR record for the real hostname within the REALM, 
then any CNAME should work. 

But if the Primary domain or the search domain is incorrect ( on the client) then, 
\\FQDN(CNAME)\share wont work, since it cannot find the "real" hostname 
Which resolve to A/PTR. 

I did ask for an IPCONFIG /all from a working and not working pc. 
But .. .. I cant check it, i've not seen anything. 

The cluster part, thats not yet my thing, so i cant tell anything about that. 


Greetz, 

Louis 

> -----Oorspronkelijk bericht----- 
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> mathias dufresne via samba 
> Verzonden: woensdag 30 augustus 2017 14:57 
> Aan: Rowland Penny 
> CC: samba 
> Onderwerp: Re: [Samba] Shares not accessible when using FQDN 
> 
> 2017-08-30 14:49 GMT+02:00 Rowland Penny via samba 
> <samba at lists.samba.org>: 
> 
> > On Wed, 30 Aug 2017 14:32:40 +0200 
> > mathias dufresne via samba <samba at lists.samba.org> wrote: 
> > 
> > > To have users accessibles from UNIX side (ie your member server) 
> > > with any tool (winbind, sssd...) you must (ie that's 
> mandatory) to 
> > > have all needed informations to build a UNIX user in LDAP 
> tree. What 
> > > I mean here is you must have uidNumber, gidNumber but 
> also something 
> > > to fill login shell, home directory and perhaps gecos too (but I 
> > > expect that last one is not mandatory). 
> > > 
> > 
> > Sorry but that is wrong, the only rfc2307 attribute you 
> must have in a 
> > users AD object is uidNumber. You can set the shell and 
> unix homedir 
> > via template lines in smb.conf. The 'Domain Users' group 
> must have a 
> > gidNumber attribute. 
> > 
> 
> That's not wrong as template are here replace the missing 
> information in AD. In any case the tool (winbind or anything) 
> must have these information available to build the UNIX user. 
> 
> But we're playing with words and we are drifting away from 
> the subject. 
> 
> 
> > 
> > Rowland 
> > 
> > -- 
> > To unsubscribe from this list go to the following URL and read the 
> > instructions: https://lists.samba.org/mailman/options/samba 
> > 
> -- 
> To unsubscribe from this list go to the following URL and read the 
> instructions: https://lists.samba.org/mailman/options/samba 
> 


-- 
To unsubscribe from this list go to the following URL and read the 
instructions: https://lists.samba.org/mailman/options/samba 









More information about the samba mailing list