[Samba] Access to Windows 2016 server works with IP but not with netbios name
Rob Marshall
rob.marshall17 at gmail.com
Fri Jan 12 23:34:35 UTC 2018
Hi,
Here's a modified (to protect the customer's information) truncated
smb.conf that, for the most part, mirrors what they have:
[global]
log level = 3
os level = 1
security = ADS
server string = TEST CIFS Server
workgroup = WG
netbios name = FRED1
realm = WB.DOM-NAME.COM
idmap config * : range = 10000-20000
log file = /var/log/samba/%m.log
encrypt passwords = yes
syslog = 1
winbind enum users = no
winbind enum groups = no
winbind use default domain = yes
wins support = yes
printcap name = /dev/null
socket options = SO_RCVBUF=65536 SO_SNDBUF=65536
strict sync = yes
oplocks = yes
kernel oplocks = no
wide links = yes
deadtime = 1
case sensitive = no
map to guest = bad user
guest account = nobody
unix extensions = no
[TestShare]
comment = Test Share for further testing
path = /cifs/TestShare_test
hosts allow =ALL
hosts deny = ALL
browseable = yes
writeable = no
directory mask = 0777
force user = cifs_user
guest ok = No
valid users = @WG\dl_fred1_testshare_m, @WG\dl_fred1_testshare_r
write list = @WG\dl_fred1_testshare_m
My questions are:
1) What does the error:
string_to_sid: SID @WG\dl_fred1_testshare_r is not in a valid format
mean?
2) For the connections using the NETBIOS name, I see lots of messages
similar to:
[2018/01/12 23:10:38.716169, 2]
smbd/service.c:627(create_connection_session_info)
user 'WG\testuser01' (from session setup) not permitted to access
this share (TestShare)
[2018/01/12 23:10:38.716216, 1] smbd/service.c:805(make_connection_snum)
create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
[2018/01/12 23:10:38.716260, 3] smbd/error.c:81(error_packet_set)
error packet at smbd/reply.c(803) cmd=117 (SMBtconX) NT_STATUS_ACCESS_DENIED
Given the above smb.conf is it possible that the attempts using the IP
address, rather than the NETBIOS name, are being allowed access (in
this case read only) because Samba can't determine who the user is and
is, therefore, allowing some sort of guest access? I don't really have
any other way to explain why the access via the NETBIOS name, which
appears to correctly see that the user doesn't have access to the
share, fails and the access via the IP address works. Does that even
make sense?
Thanks,
Rob
On Fri, Jan 12, 2018 at 1:45 PM, Luke Barone via samba
<samba at lists.samba.org> wrote:
> In a perfect world, SysVol would be on an AD Domain Controller, but there
> are people on here who do things out of the perfect world ;-)
>
> If the answer was yes though, then I would be able to post the Reg Setting
> to enable access from Windows 10 and above to those shares. I needed to
> apply it as we are still running PDCs in almost every site. Trust me, I
> can't wait to roll out AD
>
> On Fri, Jan 12, 2018 at 9:29 AM, Rowland Penny via samba <
> samba at lists.samba.org> wrote:
>
>> On Fri, 12 Jan 2018 09:21:42 -0800
>> Luke Barone <lukebarone at gmail.com> wrote:
>>
>> > As well as what share... Are you trying to access the \\*\netlogon or
>> > \\*\sysvol shares of a PDC?
>> >
>>
>> There wouldn't be a sysvol share on a PDC, or do you mean a DC ?
>>
>> Rowland
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list