[Samba] User mapping/login issue
sdavies at sdc.com.au
Thu Apr 25 06:34:18 UTC 2019
On 24/04/19 19:51, L.P.H. van Belle wrote:
>> -----Oorspronkelijk bericht-----
>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
>> Rowland Penny via samba
>> Verzonden: woensdag 24 april 2019 12:13
>> Aan: samba at lists.samba.org
>> Onderwerp: Re: [Samba] User mapping/login issue
>> On Wed, 24 Apr 2019 11:38:58 +0200
>> "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote:
>>> Im wondering here.. If the client is a windows 10 pc connecting,
>>>> ../source3/smbd/negprot.c:419(reply_nt1) using SPNEGO
>>>> ../source3/smbd/negprot.c:761(reply_negprot) Selected protocol NT
>>>> LM 0.12 ../source3/smbd/process.c:554(receive_smb_talloc)
>>>> receive_smb_raw_talloc failed for client
>>>> ipv4:10.55.66.82:59271 read error = NT_STATUS_CONNECTION_RESET.
>>> And i see this..
>>> Then why use these settings if its win10?
>> I sort of wondered about that, but only way to be sure was to add it
>> to the smb.conf for testing purposes. If it worked, then go one way,
>> if it didn't then go another way ;-)
>>> @Rowland your are mislead.. ;-)
>>>>> Ah, it is a PDC
>>> Hm, no its a stand alone, the member references in my option.
>>>>>> security = user << stand alone ?
>>>>>> domain logons = yes << member ?
>> Nope, it is a PDC, from 'man smb.conf':
>> domain master (G)
>> When domain logons = Yes the default setting for this
>> parameter is Yes, with the result that Samba will be a PDC.
>> The OP has:
>> domain master = yes
>> domain logons = yes
> Oeps, your totaly right. I missed that.
It would appear that there may be more than one issue with my smb.conf.
The scenario is a Centos 7 Linux server with a bunch of LAN connected windows
10 clients and several remote windows 10 clients which connect via VPN.
The server firewall accepts everything from the VPN.
The server and local clients are all in workgroup BENPARTS while the remote
clients are either stand-alone or in different workgroups/domains.
Local SMB access works as expected but remote access does not due to password
failures (as described in earlier log excerpts).
What should the domain-related entries in smb.conf be to support this scenario?
Cheers and thanks,
More information about the samba