[Samba] Unable to access shares by server alias

Lorenzo Milesi maxxer at yetopen.it
Fri May 8 22:31:52 UTC 2020

Attaching logs during an attempt of browsing \\server from CM-WM-W7$ 


----- Original Message ----- 
> From: "samba" <samba at lists.samba.org> 
> To: "Alex MacCuish" <alex at maccuish.org.uk>, "samba" <samba at lists.samba.org> 
> Sent: Saturday, May 9, 2020 12:03:58 AM 
> Subject: Re: [Samba] Unable to access shares by server alias 

> By default, we should just be doing 'match by key' based on our secret 
> (machine account password), so I hope that isn't it. 
> The server logs may be enlightening. 
> Andrew Bartlett 
> On Fri, 2020-05-08 at 22:42 +0100, Alex MacCuish via samba wrote: 
>> Did you update the keytab on the fileserver after changing the SPNs 
>> on 
>> the computer object? If not, the fileserver won't have the correct 
>> SPNs 
>> in its keytab file so will fail at negotiating kerberos. NTLM should 
>> have still saved you however... 
>> On 08/05/2020 22:27, Lorenzo Milesi via samba wrote: 
>> > Hi. 
>> > We migrated a S4 workgroup to S4 AD DC, I'm trying to allow users 
>> > to access the new \\fileserver with the old host name \\server. I 
>> > added a CNAME record to the AD DNS zone, created alias for 
>> > fileserver with 
>> > samba-tool spn add ldap/SERVER fileserver$ 
>> > samba-tool spn add HOST/SERVER fileserver$ 
>> > 
>> > I also added 
>> > netbios aliases = server 
>> > to smb.conf but this should be useless, as they're now all using 
>> > Windows10 and 7. But I'm still unable to browse the server as 
>> > \\server. 
>> > 
>> > Am I missing something? 
>> > thanks 
> -- 
> Andrew Bartlett https://samba.org/~abartlet/ 
> Authentication Developer, Samba Team https://samba.org 
> Samba Developer, Catalyst IT 
> https://catalyst.net.nz/services/samba 
> -- 
> To unsubscribe from this list go to the following URL and read the 
> instructions: https://lists.samba.org/mailman/options/samba 

Lorenzo Milesi - lorenzo.milesi at yetopen.it 
GPG/PGP Key-Id: 0xE704E230 

YetOpen S.r.l. - https://www.yetopen.it/
Via Salerno 18 - 23900 Lecco - ITALY -
Tel +39 0341 220 205 - Fax +39 178 6070 222

Think green - Non stampare questa e-mail se non necessario / Don't print this email unless necessary

-------- D.Lgs. 196/2003 e GDPR 679/2016 --------
Tutte le informazioni contenute in questo messaggio sono riservate ed a uso esclusivo del destinatario.
Tutte le informazioni ivi contenute, compresi eventuali allegati, sono da ritenere confidenziali e riservate secondo i termini
del vigente D.Lgs. 196/2003 in materia di privacy e del Regolamento europeo 679/2016 - GDPR - e quindi ne e' proibita l'utilizzazione ulteriore non autorizzata.
Nel caso in cui questo messaggio Le fosse pervenuto per errore, La invitiamo ad eliminarlo senza copiarlo, stamparlo, a non inoltrarlo a terzi e ad avvertirci non appena possibile.

Confidentiality notice: this email message including any attachment is for the sole use of the intended recipient and may contain confidential and privileged information;
pursuant to Legislative Decree 196/2003 and the European General Data Protection Regulation 679/2016 - GDPR - any unauthorized review, use, disclosure or distribution
is prohibited. If you are not the intended recepient please delete this message without copying, printing or forwarding it to others, and alert us as soon as possible.
Thank you.

More information about the samba mailing list