[Samba] Share cannot be accessed when samba is in Domain with security enabled

Tue Sep 18 15:43:08 UTC 2018

Hi Rowland,

Sorry, I shall post such questions to mailing list in future.

Here is my smb.conf

#############My smb.conf##########
[global]
workgroup=SAMBADFS
server string=SMB Server
netbios name=Shivatest
realm=SAMBADFS.LOCAL 
log level=1 
log file= 
max log size=2000 
max smbd processes=100 
security=ADS 
password server=10.10.1.1 
wins support=no 
client NTLMv2 auth=Yes 
wins proxy=no 
server max protocol=SMB3 
client max protocol=SMB3 
dns proxy=no 
wins server=0.0.0.0, 0.0.0.0
name resolve order=lmhosts host wins bcast  
map to guest=bad uid
guest only=yes 
guest account=root
local master=no 
encrypt passwords=yes 
ntlm auth=yes 
deadtime=60 
server signing=auto 
client signing=auto 
dos charset=CP932 
#my share
[SHIVA_SHARE] 
path=/etc/test 
browseable=yes 
writeable=no
public=no 
guest ok=yes
available=1
##############END###########

Regards,
Shivappa

> On Sep 18, 2018, at 12:46, Rowland Penny <rpenny at samba.org> wrote:
> 
> On Tue, 18 Sep 2018 07:56:43 +0100
> Rowland Penny via samba <samba at lists.samba.org> wrote:
> 
>> 
>> 
>> Begin forwarded message:
>> 
>> Date: Mon, 17 Sep 2018 22:36:21 -0500 (CDT)
>> From: shivappa Sangapur via samba-technical
>> <samba-technical at lists.samba.org> To: samba-technical at lists.samba.org
>> Subject: Share cannot be accessed when samba is in Domain with
>> security enabled
>> 
>> 
>> Hi,
>> 
>> I'm using samba-4.7.4.
>> I have put my samba server in Domain. (Not using winbind) using NT
>> domain with user test.
>> /etc/password has 'test' user and pdbedit shows only 'test' user,
>> since I've joined this samba server to Windows domain.
>> domain server is Win2k12 R2.
>> In windows domain server,
>> I have enabled "Microsoft network client: Digitally sign
>> communications (Always)" in domain Policy.
>> 
>> I logged as 'Administrator' to Windows domain server PC and
>> I tried to access share of my samba server(samba-4.7.4) from windows
>> domain, but i get below error.
>> *"The account is not authorized to login from this station"*
>> 
>> Any idea why so ?
>> 
>> If I joined my other Windows 7 PC to domain using domain user 'test2'
>> and access samba-4.7.4 share, 
>> same error occurs.
>> If I joined my other Windows 7 PC to domain using domain user 'test'
>> and access samba-4.7.4 share, 
>> the share access successfully.
>> 
>> test,test2 have full rights as domain users, Administrator and
>> etc.....
>> 
>> Any suggestions ??
>> 
> 
> OK, as I said yesterday it sounds like you are running an NT domain on
> a win2k12R2 server, this isn't possible, so it sounds like a
> misconfiguration somewhere.
> 
> Please post your smb.conf
> 
> Post it here on the 'samba' mailing list, not on the 'samba technical'
> list, that is not the correct place to post this type of question.
> 
> I think I know what your problem is, but until I see your smb.conf, I
> cannot be sure.
> 
> Rowland Penny
> Samba team member