[Samba] Can't connect anymore a share in domain A from domain B since

Hénoch Hervé h.henoch at isc84.org
Tue May 29 13:12:11 UTC 2018


In the server where are the shares (under samba) logs give


[2018/05/29 12:44:34.191393,  3] 
../libcli/security/dom_sid.c:209(dom_sid_parse_endp)
   string_to_sid: SID <share name> is not in a valid format
[2018/05/29 12:55:40.749026,  3] ../source3/lib/access.c:338(allow_access)
   Allowed connection from <XXX IP> (<XXX IP>)
[2018/05/29 12:55:40.749923,  2] 
../lib/util/modules.c:196(do_smb_load_module)
   Module 'acl_xattr' loaded
[2018/05/29 12:55:40.749940,  2] 
../source3/modules/vfs_acl_xattr.c:193(connect_acl_xattr)
   connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = 
true' and 'force unknown acl user = true' for service IPC$
[2018/05/29 12:55:40.753925,  3] 
../source3/param/loadparm.c:1440(lp_add_home)
   adding home's share [<share name>] for user '<share name>' at '/opt/%S'


Le 29/05/2018 à 14:52, L.P.H. van Belle via samba a écrit :
> Try it like this.
>
> net use z: \\<computer in A.FQDN\<share> /USER:NTDOM\%username%
>
> Does that work for the samba 4.1, if not, check if you windows disabled smbv1
> See:
> https://support.microsoft.com/en-us/help/4034314/smbv1-is-not-installed-by-default-in-windows
>
> Best is, upgrade you systems so you can use samba 4.7+
>
> Greetz,
>
> Louis
>
>
>> -----Oorspronkelijk bericht-----
>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
>> Hénoch Hervé via samba
>> Verzonden: dinsdag 29 mei 2018 14:44
>> Aan: Hénoch Hervé via samba
>> Onderwerp: [Samba] Can't connect anymore a share in domain A
>> from domain B since
>>
>> Hi,
>>
>> In the past (2 months ago) : I have two AD Domain under Samba 4.1 : A
>> and B. I war able to  connect a share in A from B.
>>
>> Now (after upgrade) : I have a W2016 domain (B) and a Samba
>> 4.6 domain
>> (A) but I can't connect a share in A from B. The user from B
>> which try
>> to connect the share in A has the same login in the two domains.
>>
>> So since the upgrade I don't have the same behavior ...
>>
>>   From a computer named XXX in domain B I've tried  this command : net
>> use z: \\<computer in A>\<share> /USER:login0 at A (where login0 is the
>> same in A and B for the user).
>>
>> If I write a wrong password I have the system error 86 but if i write
>> the good password (must write it twice) i have the system error 5.
>>
>> In Samba logs are :
>>
>>     ntlm_password_check: LM password and LMv2 failed for user
>> login0, and
>> NT MD4 password in LM field not permitted
>>     ntlm_password_check: Lanman passwords NOT PERMITTED for user login0
>>     ntlm_password_check: LM password and LMv2 failed for user
>> login0, and
>> NT MD4 password in LM field not permitted
>>     ntlm_password_check: Lanman passwords NOT PERMITTED for user login0
>>     ntlm_password_check: LM password and LMv2 failed for user
>> login0, and
>> NT MD4 password in LM field not permitted
>>     auth_check_password_recv: sam_ignoredomain authentication for user
>> [A\login0] FAILED with error NT_STATUS_WRONG_PASSWORD
>>     auth_check_password_send: Checking password for unmapped user
>> [A]\[login0 at A]@[\\XXX]
>>     auth_check_password_send: mapped user is: [A]\[login0]@[\\XXX]
>>
>> How can I do such a connection ? I've tried "map untrusted to
>> domain =
>> yes" but it is not working better ...
>>
>> Regard
>>
>> -- 
>> 		*Hervé* *HÉNOCH*
>> *Responsable informatique*
>> Tél. : 0490275744 h.henoch at isc84.org <mailto:h.henoch at isc84.org>
>>
>> /250, chemin de Baigne-Pieds ? 84 000 Avignon/
>> */www.institut-sainte-catherine.org/*
>> <http://www.institut-sainte-catherine.org/>
>>
>>
>>
>> -- 
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>>
>

-- 
		*Hervé* *HÉNOCH*
*Responsable informatique*
Tél. : 0490275744 h.henoch at isc84.org <mailto:h.henoch at isc84.org>

/250, chemin de Baigne-Pieds – 84 000 Avignon/
*/www.institut-sainte-catherine.org/* 
<http://www.institut-sainte-catherine.org/>





More information about the samba mailing list