[Samba] - Unable to access samba shares with ip address and CE name

Tue Jul 27 09:57:26 UTC 2021

On Tue, 2021-07-27 at 15:07 +0530, suresh b via samba wrote:
> Hi Team,
> 
> I have configured the Samba 

No you haven't, well not correctly.

> and am able to access the share by using
> hostname, however it is not happening with CE name and IP address.

What is a 'CE name' ?

> 
> =====
> [global]
>         workgroup = Samba Server
>         realm = GLOBAL.COM
>         server string = Samba Server
>         security = ads
>         log level = 2
>         log file = /var/samba/log/log.%m
>         max log size = 1024
>         name resolve order = wins lmhosts bcast host
>         socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>         preferred master = No
>         local master = No
>         domain master = no
>         ldap ssl = no
>         hosts allow = 192.20., 192.22., 192.30.
>         username map = /etc/samba/smbusers.map
>         username map script = /opt/quest/bin/vasidmap
>         client use spnego = no
>         client ntlmv2 auth = no
>         kerberos method = dedicated keytab
>         dedicated keytab file = /etc/opt/quest/vas/host.keytab
> =============
> 
> When running testparm am seeing the below error.
> 
> WARNING: socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> This warning is printed because you set one of the
> following options: SO_SNDBUF, SO_RCVBUF, SO_SNDLOWAT,
> SO_RCVLOWAT
> Modern server operating systems are tuned for
> high network performance in the majority of situations;
> when you set 'socket options' you are overriding those
> settings.
> Linux in particular has an auto-tuning mechanism for
> buffer sizes (SO_SNDBUF, SO_RCVBUF) that will be
> disabled if you specify a socket buffer size. This can
> potentially cripple your TCP/IP stack.
> 
> Getting the 'socket options' correct can make a big
> difference to your performance, but getting them wrong
> can degrade it by just as much. As with any other low
> level setting, if you must make changes to it, make
>  small changes and test the effect before making any
> large changes.

Fairly obvious, do not set the 'socket options' parameter unless you
really know what you are doing.

> 
> idmap range not specified for domain '*'
> ERROR: Invalid idmap range for domain *!

There is your biggest error, you haven't set any 'idmap config' lines,
this is required. 
You are possibly running sssd, if so, remove it and install winbind if
you haven't already.

> 
> Server role: ROLE_DOMAIN_MEMBER
> ========
> 
> For idmap, I need to specify the range.
> 
> While connecting over ip and CE name getting the below error:-
> 
> ==============
> You might not have permission to access the network resource. There
> are
> currently no login servers available to service the login
> 
> request. The issue is with all versions of windows.
> ==============

Have you installed winbind ?
> 
> Any advice appreciated.

Read the wiki: https://wiki.samba.org/index.php/Main_Page

Rowland