[Samba] samba fails to connect to windows file share joined to domain

Rowland Penny rpenny at samba.org
Tue Dec 12 17:15:24 UTC 2023 

On Tue, 12 Dec 2023 09:46:51 -0700
jacek burghardt via samba <samba at lists.samba.org> wrote:

> I am using arch linux
> This is my fstab entry using cred for windows domain user
> 
> //winnas/radio /radio cifs
> credentials=/etc/samba/credentials/radiorec,vers=2.0,uid=1000,gid=1000,iocharset=utf8,sec=krb5i,nofail
> 0 0
> 
> I run hardening kitty scripts .

Can you provide a link to those scripts ?

> 
> Windows and osx clients can mount the shares but linux has an issue.
> 
> 
> [global]
> 
>         netbios name = radiorec
> 
>         socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
>         winbind sealed pipes = false
>         require strong key = false
>         winbind sealed pipes:HEBE = true
>         require strong key:HEBE = true
>         lanman auth = no
>         ntlm auth = yes
>         ntlm auth = mschapv2-and-ntlmv2-only
>         client signing = auto
>         server signing = auto
>         winbind enum users = yes
>         winbind gid = 10000-20000
>         workgroup = hebe
>         os level = 20
>         winbind enum groups = yes
>         password server = den-dc01.hebe.us
>         preferred master = no
>         winbind separator = +
>         max log size = 50
>         log file = /var/log/samba/log.%m
>         dns proxy = no
>         realm = hebe.us
>         security = ADS
>         wins server = 192.168.1.8
>         wins proxy = no
>         client signing = auto
>         server signing = auto
>         domain master = auto
>         server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
> drepl, winbindd, ntp_signd, kcc, dnsupdate
>         idmap_ldb:use rfc2307 = yes
>         ldap server require strong auth = No
>         idmap config * : backend = tdb
>         idmap config * : range = 10000-20000
>         winbind use default domain = Yes
>         winbind enum users = Yes
>         winbind enum groups = Yes
>         winbind nested groups = Yes
>         winbind separator = +
>         winbind refresh tickets = yes
>         winbind offline logon = yes
>         winbind cache time = 300
>         template shell = /bin/bash
>         template homedir = /home/%D/%U
>         inherit acls = Yes
>         map acl inherit = Yes
>         acl group control = yes
>         load printers = no
>         debug level = 3
>         use sendfile = no
>         vfs objects = acl_xattr shadow_copy2
> 
> [sysvol]
>          path = /usr/share/samba/sysvol
>          read only = No
> 
> [netlogon]
> 

To be honest, I am surprised anything can mount the shares (which you
haven't provided), but I am more worried about your smb.conf, it
appears to be partially for a Unix domain member (but not complete),
the other part appears to be for a DC, but again not complete, what do
you think it is ?

Rowland

More information about the samba mailing list