Hello all, my name is Andreas and today I have run into a problem which I am not able to fix by myself. In our company we have a samba file server (Version 4.3.11-Ubuntu) which till doday did work without any problems. Unfortunately this is not the case anymore. Since today we are no longer able to mount network shares on this serverusing the servers dns hostname. The server complains about wrong username or password. Using the same credentials but using the hosts IP address instead of the DNS name does still work. The DNS hostname is resolvable. This server is a member server in a domain (samba-ad-dc). Does anyone have an idea what could be the problem ? here a part of the current smb.conf (real domain name replaced): [global] workgroup = EXAMPLE realm = EXAMPLE.LOC server string = Samba Server %v interfaces = 127.0.0.0/8 eth0 bind interfaces only = Yes server role = member server security = ADS map to guest = Bad User obey pam restrictions = Yes log file = /var/log/samba/log.%m max log size = 1000 max xmit = 65535 printcap name = cups os level = 65 preferred master = Yes domain master = No dns proxy = No panic action = /usr/share/samba/panic-action %d template homedir = /iSCSI/homes/%U template shell = /bin/bash winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes winbind refresh tickets = Yes idmap config EXAMPLE:backend = rid idmap config EXAMPLE:range = 10000-20000 idmap config *:range = 10000-20000 idmap config * : backend = tdb map acl inherit = Yes store dos attributes = Yes vfs objects = acl_xattr [homes] comment = Home Directories valid users = %S write list = %S +EXAMPLE\Domain-Admins force group = "EXAMPLE\Domain-Users" group = "EXAMPLE\Domain-Users" create mask = 0750 directory mask = 0750 directory mode = 0750 browseable = No [Temporary] comment = Temporary auf EXAMPLELX09 path = /iSCSI/shares/temporary admin users = @EXAMPLE\Domain-Admins read only = No [Applications] comment = Application auf EXAMPLELX09 path = /iSCSI/shares/applications admin users = @EXAMPLE\Domain-Admins read only = No Thank you for your kind help best regards Andreas
I would guess that it is some kind of Kerberos issue since mounting by IP does not use Kerberos authentication https://support.microsoft.com/en-ca/kb/322979 On 11/09/2016 08:46 AM, Andreas Oster via samba wrote:> Hello all, > > my name is Andreas and today I have run into a problem which I am not > able to fix by myself. > > In our company we have a samba file server (Version 4.3.11-Ubuntu) > which till doday did work without any problems. Unfortunately this is > not the case anymore. Since today we are no longer able to mount > network shares on this serverusing the servers dns hostname. The > server complains about wrong username or password. Using the same > credentials but using the hosts IP address instead of the DNS name > does still work. > The DNS hostname is resolvable. This server is a member server in a > domain (samba-ad-dc). > > Does anyone have an idea what could be the problem ? > > here a part of the current smb.conf (real domain name replaced): > > [global] > workgroup = EXAMPLE > realm = EXAMPLE.LOC > server string = Samba Server %v > interfaces = 127.0.0.0/8 eth0 > bind interfaces only = Yes > server role = member server > security = ADS > map to guest = Bad User > obey pam restrictions = Yes > log file = /var/log/samba/log.%m > max log size = 1000 > max xmit = 65535 > printcap name = cups > os level = 65 > preferred master = Yes > domain master = No > dns proxy = No > panic action = /usr/share/samba/panic-action %d > template homedir = /iSCSI/homes/%U > template shell = /bin/bash > winbind enum users = Yes > winbind enum groups = Yes > winbind use default domain = Yes > winbind refresh tickets = Yes > idmap config EXAMPLE:backend = rid > idmap config EXAMPLE:range = 10000-20000 > idmap config *:range = 10000-20000 > idmap config * : backend = tdb > map acl inherit = Yes > store dos attributes = Yes > vfs objects = acl_xattr > > > [homes] > comment = Home Directories > valid users = %S > write list = %S +EXAMPLE\Domain-Admins > force group = "EXAMPLE\Domain-Users" > group = "EXAMPLE\Domain-Users" > create mask = 0750 > directory mask = 0750 > directory mode = 0750 > browseable = No > > [Temporary] > comment = Temporary auf EXAMPLELX09 > path = /iSCSI/shares/temporary > admin users = @EXAMPLE\Domain-Admins > read only = No > > > [Applications] > comment = Application auf EXAMPLELX09 > path = /iSCSI/shares/applications > admin users = @EXAMPLE\Domain-Admins > read only = No > > > Thank you for your kind help > > best regards > Andreas > >
On Wed, 9 Nov 2016 10:15:35 -0800 Herb Lewis via samba <samba at lists.samba.org> wrote:> I would guess that it is some kind of Kerberos issue since mounting > by IP does > not use Kerberos authentication > > https://support.microsoft.com/en-ca/kb/322979 > > On 11/09/2016 08:46 AM, Andreas Oster via samba wrote: > > Hello all, > > > > my name is Andreas and today I have run into a problem which I am > > not able to fix by myself. > > > > In our company we have a samba file server (Version 4.3.11-Ubuntu) > > which till doday did work without any problems. Unfortunately this > > is not the case anymore. Since today we are no longer able to mount > > network shares on this serverusing the servers dns hostname. The > > server complains about wrong username or password. Using the same > > credentials but using the hosts IP address instead of the DNS name > > does still work. > > The DNS hostname is resolvable. This server is a member server in a > > domain (samba-ad-dc). > > > > Does anyone have an idea what could be the problem ? > > > > here a part of the current smb.conf (real domain name replaced): > > > > [global] > > workgroup = EXAMPLE > > realm = EXAMPLE.LOC > > server string = Samba Server %v > > interfaces = 127.0.0.0/8 eth0 > > bind interfaces only = Yes > > server role = member server > > security = ADS > > map to guest = Bad User > > obey pam restrictions = Yes > > log file = /var/log/samba/log.%m > > max log size = 1000 > > max xmit = 65535 > > printcap name = cups > > os level = 65 > > preferred master = Yes > > domain master = No > > dns proxy = No > > panic action = /usr/share/samba/panic-action %d > > template homedir = /iSCSI/homes/%U > > template shell = /bin/bash > > winbind enum users = Yes > > winbind enum groups = Yes > > winbind use default domain = Yes > > winbind refresh tickets = Yes > > idmap config EXAMPLE:backend = rid > > idmap config EXAMPLE:range = 10000-20000 > > idmap config *:range = 10000-20000 > > idmap config * : backend = tdb > > map acl inherit = Yes > > store dos attributes = Yes > > vfs objects = acl_xattr > > > > > > [homes] > > comment = Home Directories > > valid users = %S > > write list = %S +EXAMPLE\Domain-Admins > > force group = "EXAMPLE\Domain-Users" > > group = "EXAMPLE\Domain-Users" > > create mask = 0750 > > directory mask = 0750 > > directory mode = 0750 > > browseable = No > > > > [Temporary] > > comment = Temporary auf EXAMPLELX09 > > path = /iSCSI/shares/temporary > > admin users = @EXAMPLE\Domain-Admins > > read only = No > > > > > > [Applications] > > comment = Application auf EXAMPLELX09 > > path = /iSCSI/shares/applications > > admin users = @EXAMPLE\Domain-Admins > > read only = No > > > > > > Thank you for your kind help > > > > best regards > > Andreas > > > > > >What have you got in /etc/krb5.conf ? Has /etc/resolv.conf changed ? I would also look at this: idmap config EXAMPLE:range = 10000-20000 idmap config *:range = 10000-20000 The ranges are not supposed to overlap, yours are exactly the same. Rowland
Apparently Analagous Threads
- suddenly unable to mount shares with hostname
- suddenly unable to mount shares with hostname
- folders in public namespace only visable to 2nd folder level in 2.2.29.1
- Samba panic when accessing DNS domain entry with RSAT DNS tool
- folders in public namespace only visable to 2nd folder level in 2.2.29.1