samba - Jul 2021 - - Unable to access samba shares with ip address and CE name

Hi Team,

I have configured the Samba and am able to access the share by using
hostname, however it is not happening with CE name and IP address.

====[global]
        workgroup = Samba Server
        realm = GLOBAL.COM
        server string = Samba Server
        security = ads
        log level = 2
        log file = /var/samba/log/log.%m
        max log size = 1024
        name resolve order = wins lmhosts bcast host
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        preferred master = No
        local master = No
        domain master = no
        ldap ssl = no
        hosts allow = 192.20., 192.22., 192.30.
        username map = /etc/samba/smbusers.map
        username map script = /opt/quest/bin/vasidmap
        client use spnego = no
        client ntlmv2 auth = no
        kerberos method = dedicated keytab
        dedicated keytab file = /etc/opt/quest/vas/host.keytab
============
When running testparm am seeing the below error.

WARNING: socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
This warning is printed because you set one of the
following options: SO_SNDBUF, SO_RCVBUF, SO_SNDLOWAT,
SO_RCVLOWAT
Modern server operating systems are tuned for
high network performance in the majority of situations;
when you set 'socket options' you are overriding those
settings.
Linux in particular has an auto-tuning mechanism for
buffer sizes (SO_SNDBUF, SO_RCVBUF) that will be
disabled if you specify a socket buffer size. This can
potentially cripple your TCP/IP stack.

Getting the 'socket options' correct can make a big
difference to your performance, but getting them wrong
can degrade it by just as much. As with any other low
level setting, if you must make changes to it, make
 small changes and test the effect before making any
large changes.

idmap range not specified for domain '*'
ERROR: Invalid idmap range for domain *!

Server role: ROLE_DOMAIN_MEMBER
=======
For idmap, I need to specify the range.

While connecting over ip and CE name getting the below error:-

=============You might not have permission to access the network resource. There
are
currently no login servers available to service the login

request. The issue is with all versions of windows.
=============
Any advice appreciated.

Thanks & Regards,
B.Suresh

On Tue, 2021-07-27 at 15:07 +0530, suresh b via samba
wrote:
> Hi Team,
> 
> I have configured the Samba 
No you haven't, well not correctly.
> and am able to access the share by using
> hostname, however it is not happening with CE name and IP address.
What is a 'CE name' ?
> 
> ====> [global]
>         workgroup = Samba Server
>         realm = GLOBAL.COM
>         server string = Samba Server
>         security = ads
>         log level = 2
>         log file = /var/samba/log/log.%m
>         max log size = 1024
>         name resolve order = wins lmhosts bcast host
>         socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>         preferred master = No
>         local master = No
>         domain master = no
>         ldap ssl = no
>         hosts allow = 192.20., 192.22., 192.30.
>         username map = /etc/samba/smbusers.map
>         username map script = /opt/quest/bin/vasidmap
>         client use spnego = no
>         client ntlmv2 auth = no
>         kerberos method = dedicated keytab
>         dedicated keytab file = /etc/opt/quest/vas/host.keytab
> ============> 
> When running testparm am seeing the below error.
> 
> WARNING: socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> This warning is printed because you set one of the
> following options: SO_SNDBUF, SO_RCVBUF, SO_SNDLOWAT,
> SO_RCVLOWAT
> Modern server operating systems are tuned for
> high network performance in the majority of situations;
> when you set 'socket options' you are overriding those
> settings.
> Linux in particular has an auto-tuning mechanism for
> buffer sizes (SO_SNDBUF, SO_RCVBUF) that will be
> disabled if you specify a socket buffer size. This can
> potentially cripple your TCP/IP stack.
> 
> Getting the 'socket options' correct can make a big
> difference to your performance, but getting them wrong
> can degrade it by just as much. As with any other low
> level setting, if you must make changes to it, make
>  small changes and test the effect before making any
> large changes.
Fairly obvious, do not set the 'socket options' parameter unless you
really know what you are doing.
> 
> idmap range not specified for domain '*'
> ERROR: Invalid idmap range for domain *!
There is your biggest error, you haven't set any 'idmap config'
lines,
this is required. 
You are possibly running sssd, if so, remove it and install winbind if
you haven't already.
> 
> Server role: ROLE_DOMAIN_MEMBER
> =======> 
> For idmap, I need to specify the range.
> 
> While connecting over ip and CE name getting the below error:-
> 
> =============> You might not have permission to access the network
resource. There
> are
> currently no login servers available to service the login
> 
> request. The issue is with all versions of windows.
> =============
Have you installed winbind ?
> 
> Any advice appreciated.
Read the wiki: https://wiki.samba.org/index.php/Main_Page

Rowland