[Samba] Can't connect anymore a share in domain A from domain B since
Hénoch Hervé
h.henoch at isc84.org
Tue May 29 13:12:11 UTC 2018
In the server where are the shares (under samba) logs give
[2018/05/29 12:44:34.191393, 3]
../libcli/security/dom_sid.c:209(dom_sid_parse_endp)
string_to_sid: SID <share name> is not in a valid format
[2018/05/29 12:55:40.749026, 3] ../source3/lib/access.c:338(allow_access)
Allowed connection from <XXX IP> (<XXX IP>)
[2018/05/29 12:55:40.749923, 2]
../lib/util/modules.c:196(do_smb_load_module)
Module 'acl_xattr' loaded
[2018/05/29 12:55:40.749940, 2]
../source3/modules/vfs_acl_xattr.c:193(connect_acl_xattr)
connect_acl_xattr: setting 'inherit acls = true' 'dos filemode =
true' and 'force unknown acl user = true' for service IPC$
[2018/05/29 12:55:40.753925, 3]
../source3/param/loadparm.c:1440(lp_add_home)
adding home's share [<share name>] for user '<share name>' at '/opt/%S'
Le 29/05/2018 à 14:52, L.P.H. van Belle via samba a écrit :
> Try it like this.
>
> net use z: \\<computer in A.FQDN\<share> /USER:NTDOM\%username%
>
> Does that work for the samba 4.1, if not, check if you windows disabled smbv1
> See:
> https://support.microsoft.com/en-us/help/4034314/smbv1-is-not-installed-by-default-in-windows
>
> Best is, upgrade you systems so you can use samba 4.7+
>
> Greetz,
>
> Louis
>
>
>> -----Oorspronkelijk bericht-----
>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
>> Hénoch Hervé via samba
>> Verzonden: dinsdag 29 mei 2018 14:44
>> Aan: Hénoch Hervé via samba
>> Onderwerp: [Samba] Can't connect anymore a share in domain A
>> from domain B since
>>
>> Hi,
>>
>> In the past (2 months ago) : I have two AD Domain under Samba 4.1 : A
>> and B. I war able to connect a share in A from B.
>>
>> Now (after upgrade) : I have a W2016 domain (B) and a Samba
>> 4.6 domain
>> (A) but I can't connect a share in A from B. The user from B
>> which try
>> to connect the share in A has the same login in the two domains.
>>
>> So since the upgrade I don't have the same behavior ...
>>
>> From a computer named XXX in domain B I've tried this command : net
>> use z: \\<computer in A>\<share> /USER:login0 at A (where login0 is the
>> same in A and B for the user).
>>
>> If I write a wrong password I have the system error 86 but if i write
>> the good password (must write it twice) i have the system error 5.
>>
>> In Samba logs are :
>>
>> ntlm_password_check: LM password and LMv2 failed for user
>> login0, and
>> NT MD4 password in LM field not permitted
>> ntlm_password_check: Lanman passwords NOT PERMITTED for user login0
>> ntlm_password_check: LM password and LMv2 failed for user
>> login0, and
>> NT MD4 password in LM field not permitted
>> ntlm_password_check: Lanman passwords NOT PERMITTED for user login0
>> ntlm_password_check: LM password and LMv2 failed for user
>> login0, and
>> NT MD4 password in LM field not permitted
>> auth_check_password_recv: sam_ignoredomain authentication for user
>> [A\login0] FAILED with error NT_STATUS_WRONG_PASSWORD
>> auth_check_password_send: Checking password for unmapped user
>> [A]\[login0 at A]@[\\XXX]
>> auth_check_password_send: mapped user is: [A]\[login0]@[\\XXX]
>>
>> How can I do such a connection ? I've tried "map untrusted to
>> domain =
>> yes" but it is not working better ...
>>
>> Regard
>>
>> --
>> *Hervé* *HÉNOCH*
>> *Responsable informatique*
>> Tél. : 0490275744 h.henoch at isc84.org <mailto:h.henoch at isc84.org>
>>
>> /250, chemin de Baigne-Pieds ? 84 000 Avignon/
>> */www.institut-sainte-catherine.org/*
>> <http://www.institut-sainte-catherine.org/>
>>
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>>
>>
>
--
*Hervé* *HÉNOCH*
*Responsable informatique*
Tél. : 0490275744 h.henoch at isc84.org <mailto:h.henoch at isc84.org>
/250, chemin de Baigne-Pieds – 84 000 Avignon/
*/www.institut-sainte-catherine.org/*
<http://www.institut-sainte-catherine.org/>
More information about the samba
mailing list