[Samba] authn timeouts enumerating (and connecting to) shares

Rowland Penny rpenny at samba.org
Mon Aug 22 19:27:40 UTC 2022


On Mon, 2022-08-22 at 18:56 +0000, Aaron Johnson via samba wrote:
> Hello Samba users!
> 
> I’m experiencing an odd (hopefully, it’s odd to everyone and not just
> me) issue with Alma Linux 8.6’s samba-4.15.5-8.el8_6.x86_64 (and
> related) release.
> 
> In short, I have a domain member Samba server with just the magic
> [homes] share defined in smb.conf.  Mildly sanitized “testparm -s”
> output:
> 
> Load smb config files from /etc/samba/smb.conf
> Loaded services file OK.
> Weak crypto is allowed
> 
> Server role: ROLE_DOMAIN_MEMBER
> 
> # Global parameters
> [global]
>                 ldap connection timeout = 3
>                 ldap timeout = 3
>                 load printers = No
>                 log file = /var/log/samba/%m.log
> log level = kerberos:10 auth:10 auth_audit:10 winbind:10
>                 ntlm auth = ntlmv1-permitted
>                 printcap name = /dev/null
>                 realm = MYDOMAIN.MYORG.COM
>                 security = ADS
>                 server role = member server
>                 winbind max domain connections = 10
>                 workgroup = MYDOMAIN
>                 idmap config MYDOMAIN : range = 100000-9999999
>                 idmap config MYDOMAIN : schema_mode = rfc2307
>                 idmap config MYDOMAIN : backend = ad
>                 idmap config * : range = 0-99999
>                 idmap config * : backend = tdb
> 
> [homes]
>                 browseable = No
>                 comment = Home Directories
>                 inherit acls = Yes
>                read only = No
>                 valid users = %S %D%w%S
> 
> (I’ve added the “log level” setting in there as testparm didn’t print
> it.)
> 
> Trying to list out any shares on this server results in an
> NT_STATUS_IO_TIMEOUT like so:
> 
> [myuser at myserver ~]$ time smbclient -d 2 -U MYDOMAIN\\myuser -L
> myserver.myorg.com

That command is interesting, you are trying to connect to
'myserver.myorg.com' , yet your realm is 'MYDOMAIN.MYORG.COM', so
presumably your dns domain will be 'mydomain.myorg.com'. I think you
should be connecting to 'myserver.mydomain.myorg.com'

Rowland







More information about the samba mailing list