[Samba] smbclient can access sysvol Windows clients cannot
Sebastian Lisic
lisic at uw.edu
Thu Jan 9 23:06:24 UTC 2020
Hi everyone,
I have two domains with a two way trust (DomA and DomB).
When users from DomA (on a DomB Linux PC) access sysvol on DomB's DC using smbclient everything works:
# smbclient //DomB /sysvol -Udoma\\user -c 'ls' -k
. D 0 Thu Jan 9 13:53:03 2020
.. D 0 Thu Jan 9 14:28:29 2020
domb D 0 Thu Jan 9 13:52:26 2020
20511312 blocks of size 1024. 18330504 blocks available
However, on a Windows Server 2019 machine joined to DomB when I use explorer to browse to the share as DomA\user I receive the error "Access is denied".
Users from DomB can access sysvol from Windows without issue.
When DomA\user tries to connect to DomB's DC\sysvol, authentication is working as I get this in the logs:
Successful AuthZ: [srvsvc,ncacn_np] user [DomA]\[user] [SID] at [Thu, 09 Jan 2020 14:52:05.969891 PST] Remote host [ipv4:xxx.xxx.xxx.xxx:60237] local host [ipv4:xxx.xxx.xxx.xxx:445]
DomB DC's smb.conf is as follows:
# Global parameters
[global]
workgroup = DOMB
realm = domb
netbios name = DC
interfaces = lo eth0
bind interfaces only = Yes
server role = active directory domain controller
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate
idmap_ldb:use rfc2307 = yes
[netlogon]
path = /usr/local/samba/var/locks/sysvol/domb/scripts
read only = No
[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = No
acl_xattr:ignore system acls = yes
More information about the samba
mailing list