[Samba] authn timeouts enumerating (and connecting to) shares
Rowland Penny
rpenny at samba.org
Mon Aug 22 19:27:40 UTC 2022
On Mon, 2022-08-22 at 18:56 +0000, Aaron Johnson via samba wrote:
> Hello Samba users!
>
> I’m experiencing an odd (hopefully, it’s odd to everyone and not just
> me) issue with Alma Linux 8.6’s samba-4.15.5-8.el8_6.x86_64 (and
> related) release.
>
> In short, I have a domain member Samba server with just the magic
> [homes] share defined in smb.conf. Mildly sanitized “testparm -s”
> output:
>
> Load smb config files from /etc/samba/smb.conf
> Loaded services file OK.
> Weak crypto is allowed
>
> Server role: ROLE_DOMAIN_MEMBER
>
> # Global parameters
> [global]
> ldap connection timeout = 3
> ldap timeout = 3
> load printers = No
> log file = /var/log/samba/%m.log
> log level = kerberos:10 auth:10 auth_audit:10 winbind:10
> ntlm auth = ntlmv1-permitted
> printcap name = /dev/null
> realm = MYDOMAIN.MYORG.COM
> security = ADS
> server role = member server
> winbind max domain connections = 10
> workgroup = MYDOMAIN
> idmap config MYDOMAIN : range = 100000-9999999
> idmap config MYDOMAIN : schema_mode = rfc2307
> idmap config MYDOMAIN : backend = ad
> idmap config * : range = 0-99999
> idmap config * : backend = tdb
>
> [homes]
> browseable = No
> comment = Home Directories
> inherit acls = Yes
> read only = No
> valid users = %S %D%w%S
>
> (I’ve added the “log level” setting in there as testparm didn’t print
> it.)
>
> Trying to list out any shares on this server results in an
> NT_STATUS_IO_TIMEOUT like so:
>
> [myuser at myserver ~]$ time smbclient -d 2 -U MYDOMAIN\\myuser -L
> myserver.myorg.com
That command is interesting, you are trying to connect to
'myserver.myorg.com' , yet your realm is 'MYDOMAIN.MYORG.COM', so
presumably your dns domain will be 'mydomain.myorg.com'. I think you
should be connecting to 'myserver.mydomain.myorg.com'
Rowland
More information about the samba
mailing list