Hello all,
my name is Andreas and today I have run into a problem which I am not
able to fix by myself.
In our company we have a samba file server (Version 4.3.11-Ubuntu) which
till doday did work without any problems. Unfortunately this is not the
case anymore. Since today we are no longer able to mount network shares
on this serverusing the servers dns hostname. The server complains about
wrong username or password. Using the same credentials but using the
hosts IP address instead of the DNS name does still work.
The DNS hostname is resolvable. This server is a member server in a
domain (samba-ad-dc).
Does anyone have an idea what could be the problem ?
here a part of the current smb.conf (real domain name replaced):
[global]
workgroup = EXAMPLE
realm = EXAMPLE.LOC
server string = Samba Server %v
interfaces = 127.0.0.0/8 eth0
bind interfaces only = Yes
server role = member server
security = ADS
map to guest = Bad User
obey pam restrictions = Yes
log file = /var/log/samba/log.%m
max log size = 1000
max xmit = 65535
printcap name = cups
os level = 65
preferred master = Yes
domain master = No
dns proxy = No
panic action = /usr/share/samba/panic-action %d
template homedir = /iSCSI/homes/%U
template shell = /bin/bash
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
winbind refresh tickets = Yes
idmap config EXAMPLE:backend = rid
idmap config EXAMPLE:range = 10000-20000
idmap config *:range = 10000-20000
idmap config * : backend = tdb
map acl inherit = Yes
store dos attributes = Yes
vfs objects = acl_xattr
[homes]
comment = Home Directories
valid users = %S
write list = %S +EXAMPLE\Domain-Admins
force group = "EXAMPLE\Domain-Users"
group = "EXAMPLE\Domain-Users"
create mask = 0750
directory mask = 0750
directory mode = 0750
browseable = No
[Temporary]
comment = Temporary auf EXAMPLELX09
path = /iSCSI/shares/temporary
admin users = @EXAMPLE\Domain-Admins
read only = No
[Applications]
comment = Application auf EXAMPLELX09
path = /iSCSI/shares/applications
admin users = @EXAMPLE\Domain-Admins
read only = No
Thank you for your kind help
best regards
Andreas
I would guess that it is some kind of Kerberos issue since mounting by IP does not use Kerberos authentication https://support.microsoft.com/en-ca/kb/322979 On 11/09/2016 08:46 AM, Andreas Oster via samba wrote:> Hello all, > > my name is Andreas and today I have run into a problem which I am not > able to fix by myself. > > In our company we have a samba file server (Version 4.3.11-Ubuntu) > which till doday did work without any problems. Unfortunately this is > not the case anymore. Since today we are no longer able to mount > network shares on this serverusing the servers dns hostname. The > server complains about wrong username or password. Using the same > credentials but using the hosts IP address instead of the DNS name > does still work. > The DNS hostname is resolvable. This server is a member server in a > domain (samba-ad-dc). > > Does anyone have an idea what could be the problem ? > > here a part of the current smb.conf (real domain name replaced): > > [global] > workgroup = EXAMPLE > realm = EXAMPLE.LOC > server string = Samba Server %v > interfaces = 127.0.0.0/8 eth0 > bind interfaces only = Yes > server role = member server > security = ADS > map to guest = Bad User > obey pam restrictions = Yes > log file = /var/log/samba/log.%m > max log size = 1000 > max xmit = 65535 > printcap name = cups > os level = 65 > preferred master = Yes > domain master = No > dns proxy = No > panic action = /usr/share/samba/panic-action %d > template homedir = /iSCSI/homes/%U > template shell = /bin/bash > winbind enum users = Yes > winbind enum groups = Yes > winbind use default domain = Yes > winbind refresh tickets = Yes > idmap config EXAMPLE:backend = rid > idmap config EXAMPLE:range = 10000-20000 > idmap config *:range = 10000-20000 > idmap config * : backend = tdb > map acl inherit = Yes > store dos attributes = Yes > vfs objects = acl_xattr > > > [homes] > comment = Home Directories > valid users = %S > write list = %S +EXAMPLE\Domain-Admins > force group = "EXAMPLE\Domain-Users" > group = "EXAMPLE\Domain-Users" > create mask = 0750 > directory mask = 0750 > directory mode = 0750 > browseable = No > > [Temporary] > comment = Temporary auf EXAMPLELX09 > path = /iSCSI/shares/temporary > admin users = @EXAMPLE\Domain-Admins > read only = No > > > [Applications] > comment = Application auf EXAMPLELX09 > path = /iSCSI/shares/applications > admin users = @EXAMPLE\Domain-Admins > read only = No > > > Thank you for your kind help > > best regards > Andreas > >
On Wed, 9 Nov 2016 10:15:35 -0800 Herb Lewis via samba <samba at lists.samba.org> wrote:> I would guess that it is some kind of Kerberos issue since mounting > by IP does > not use Kerberos authentication > > https://support.microsoft.com/en-ca/kb/322979 > > On 11/09/2016 08:46 AM, Andreas Oster via samba wrote: > > Hello all, > > > > my name is Andreas and today I have run into a problem which I am > > not able to fix by myself. > > > > In our company we have a samba file server (Version 4.3.11-Ubuntu) > > which till doday did work without any problems. Unfortunately this > > is not the case anymore. Since today we are no longer able to mount > > network shares on this serverusing the servers dns hostname. The > > server complains about wrong username or password. Using the same > > credentials but using the hosts IP address instead of the DNS name > > does still work. > > The DNS hostname is resolvable. This server is a member server in a > > domain (samba-ad-dc). > > > > Does anyone have an idea what could be the problem ? > > > > here a part of the current smb.conf (real domain name replaced): > > > > [global] > > workgroup = EXAMPLE > > realm = EXAMPLE.LOC > > server string = Samba Server %v > > interfaces = 127.0.0.0/8 eth0 > > bind interfaces only = Yes > > server role = member server > > security = ADS > > map to guest = Bad User > > obey pam restrictions = Yes > > log file = /var/log/samba/log.%m > > max log size = 1000 > > max xmit = 65535 > > printcap name = cups > > os level = 65 > > preferred master = Yes > > domain master = No > > dns proxy = No > > panic action = /usr/share/samba/panic-action %d > > template homedir = /iSCSI/homes/%U > > template shell = /bin/bash > > winbind enum users = Yes > > winbind enum groups = Yes > > winbind use default domain = Yes > > winbind refresh tickets = Yes > > idmap config EXAMPLE:backend = rid > > idmap config EXAMPLE:range = 10000-20000 > > idmap config *:range = 10000-20000 > > idmap config * : backend = tdb > > map acl inherit = Yes > > store dos attributes = Yes > > vfs objects = acl_xattr > > > > > > [homes] > > comment = Home Directories > > valid users = %S > > write list = %S +EXAMPLE\Domain-Admins > > force group = "EXAMPLE\Domain-Users" > > group = "EXAMPLE\Domain-Users" > > create mask = 0750 > > directory mask = 0750 > > directory mode = 0750 > > browseable = No > > > > [Temporary] > > comment = Temporary auf EXAMPLELX09 > > path = /iSCSI/shares/temporary > > admin users = @EXAMPLE\Domain-Admins > > read only = No > > > > > > [Applications] > > comment = Application auf EXAMPLELX09 > > path = /iSCSI/shares/applications > > admin users = @EXAMPLE\Domain-Admins > > read only = No > > > > > > Thank you for your kind help > > > > best regards > > Andreas > > > > > >What have you got in /etc/krb5.conf ? Has /etc/resolv.conf changed ? I would also look at this: idmap config EXAMPLE:range = 10000-20000 idmap config *:range = 10000-20000 The ranges are not supposed to overlap, yours are exactly the same. Rowland
Reasonably Related Threads
- suddenly unable to mount shares with hostname
- suddenly unable to mount shares with hostname
- folders in public namespace only visable to 2nd folder level in 2.2.29.1
- Samba panic when accessing DNS domain entry with RSAT DNS tool
- folders in public namespace only visable to 2nd folder level in 2.2.29.1