[Samba] Unable to access shares by server alias

Fri May 8 23:00:04 UTC 2020

I'm configuring a single host with AD DC and file server

----- Original Message -----
> From: "Andrew Bartlett" <abartlet at samba.org>
> To: "Lorenzo Milesi" <lorenzo.milesi at yetopen.it>
> Cc: "Alex MacCuish" <alex at maccuish.org.uk>, "samba" <samba at lists.samba.org>
> Sent: Saturday, May 9, 2020 12:59:09 AM
> Subject: Re: [Samba] Unable to access shares by server alias

> I'm confused, the logs look like AD DC logs, but you say you were
> configuring the separate Samba file-server.
> 
> Can you clarify?
> 
> Andrew Bartlett
> 
> On Sat, 2020-05-09 at 00:30 +0200, Lorenzo Milesi wrote:
>> Attaching logs during an attempt of browsing \\server from CM-WM-W7$
>> 
>> thanks
>> 
>> ----- Original Message -----
>> > From: "samba" <samba at lists.samba.org>
>> > To: "Alex MacCuish" <alex at maccuish.org.uk>, "samba" <
>> > samba at lists.samba.org>
>> > Sent: Saturday, May 9, 2020 12:03:58 AM
>> > Subject: Re: [Samba] Unable to access shares by server alias
>> > By default, we should just be doing 'match by key' based on our
>> > secret
>> > (machine account password), so I hope that isn't it.
>> > 
>> > The server logs may be enlightening.
>> > 
>> > Andrew Bartlett
>> > 
>> > On Fri, 2020-05-08 at 22:42 +0100, Alex MacCuish via samba wrote:
>> > > Did you update the keytab on the fileserver after changing the
>> > > SPNs
>> > > on
>> > > the computer object? If not, the fileserver won't have the
>> > > correct
>> > > SPNs
>> > > in its keytab file so will fail at negotiating kerberos. NTLM
>> > > should
>> > > have still saved you however...
>> > > 
>> > > On 08/05/2020 22:27, Lorenzo Milesi via samba wrote:
>> > > > Hi.
>> > > > We migrated a S4 workgroup to S4 AD DC, I'm trying to allow
>> > > > users
>> > > > to access the new \\fileserver with the old host name \\server.
>> > > > I
>> > > > added a CNAME record to the AD DNS zone, created alias for
>> > > > fileserver with
>> > > > samba-tool  spn add ldap/SERVER fileserver$
>> > > > samba-tool  spn add HOST/SERVER fileserver$
>> > > > 
>> > > > I also added
>> > > >          netbios aliases = server
>> > > > to smb.conf but this should be useless, as they're now all
>> > > > using
>> > > > Windows10 and 7. But I'm still unable to browse the server as
>> > > > \\server.
>> > > > 
>> > > > Am I missing something?
>> > > > thanks
>> > > 
>> > > 
>> > 
>> > --
>> > Andrew Bartlett                       https://samba.org/~abartlet/
>> > Authentication Developer, Samba Team  https://samba.org
>> > Samba Developer, Catalyst IT
>> > https://catalyst.net.nz/services/samba
>> > 
>> > 
>> > 
>> > 
>> > --
>> > To unsubscribe from this list go to the following URL and read the
>> > instructions:  https://lists.samba.org/mailman/options/samba
>> 
>> 
> --
> Andrew Bartlett                       https://samba.org/~abartlet/
> Authentication Developer, Samba Team  https://samba.org
> Samba Developer, Catalyst IT
> https://catalyst.net.nz/services/samba

-- 
Lorenzo Milesi - lorenzo.milesi at yetopen.it

YetOpen S.r.l. - https://www.yetopen.it/
Via Salerno 18 - 23900 Lecco - ITALY -
Tel +39 0341 220 205 - Fax +39 178 6070 222

Think green - Non stampare questa e-mail se non necessario / Don't print this email unless necessary

-------- D.Lgs. 196/2003 e GDPR 679/2016 --------
Tutte le informazioni contenute in questo messaggio sono riservate ed a uso esclusivo del destinatario.
Tutte le informazioni ivi contenute, compresi eventuali allegati, sono da ritenere confidenziali e riservate secondo i termini
del vigente D.Lgs. 196/2003 in materia di privacy e del Regolamento europeo 679/2016 - GDPR - e quindi ne e' proibita l'utilizzazione ulteriore non autorizzata.
Nel caso in cui questo messaggio Le fosse pervenuto per errore, La invitiamo ad eliminarlo senza copiarlo, stamparlo, a non inoltrarlo a terzi e ad avvertirci non appena possibile.
Grazie.

Confidentiality notice: this email message including any attachment is for the sole use of the intended recipient and may contain confidential and privileged information;
pursuant to Legislative Decree 196/2003 and the European General Data Protection Regulation 679/2016 - GDPR - any unauthorized review, use, disclosure or distribution
is prohibited. If you are not the intended recepient please delete this message without copying, printing or forwarding it to others, and alert us as soon as possible.
Thank you.