Rob Marshall
2018-Jan-12 16:16 UTC
[Samba] Access to Windows 2016 server works with IP but not with netbios name
The client is a Windows 2008 R2 server. I don't know what you mean by classic vs. AD. I assume it's AD, but how would I check? I see the same problem, i.e. "Access is denied" and a window to enter the username/password, if I use the fully qualified name. Thanks, Rob On Fri, Jan 12, 2018 at 10:58 AM, Gaiseric Vandal via samba < samba at lists.samba.org> wrote:> Can you clarify - are they trying to access the samba server from a Win > 2016 machine? Is this a classic domain or AD domain? > > Do you have a WINS server defined? Can you access via a fully > qualified domain name (e.g. myserver.mydomain.com.) I had an issue > several years back where users connecting over VPN could access by IP but > not my short name. The problem was that the VPN was blocking at least > some netbios traffic (137-139) which meant that anything relying on netbios > names failed. If you could connect via IP address of fully qualified > domain name then you were by passing netbios name resolution issues and > connecting directly to port 445. > > > > I have run into several issues with classic domains with SMB3 and Windows > 10 (which presumably would apply to Win 2016 as well.) Windows 10 would try > to negotiate SMBv3 with some servers and would fail. (This may have been > samba 4 servers so I don't think this applies to you.) I also had > problems with Win 7 and Windows 2008 and SMB v2, especially with multiple > users connecting via remote desktop to Windows 2008. The first use > could map a drive but not successive users. You may want to > explicitly set your samba servers to use SMB v2 as the max protocol or even > Samba 1.x. > > > > I also run into an issue with drive mapping using short name vs long name > in a classic domain. If my DNS domain is mycompany.com, and my samba > domain is TECH, then if I may a drive to myserver.mydomain.com there is > a discrepancy between the Samba domain name and the DNS domain name. > This didn't cause problems with Windows itself but it did with Office 2013 > after some updates. Office would not open files determined to be from an > untrusted source. > > > I migrated away from a classic domain to a true AD domain so a lot of my > netbios and name resolution issues went away. > > > > On 01/12/2018 10:19 AM, Rob Marshall via samba wrote: > >> Hi, >> >> I have a customer who is able to access shares using the IP address of the >> Samba server (running 3.6.x - sorry, can't upgrade) but when they try to >> access the share using the short (netbios) name, they get "access denied" >> and are prompted for a username/password. >> >> Where would I look to figure out what's going wrong? >> >> Thanks, >> >> Rob >> > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
Rob Marshall
2018-Jan-12 16:20 UTC
[Samba] Access to Windows 2016 server works with IP but not with netbios name
Hi, I just tried again and there's a window that says something about "looking for credentials file..." that pops up before I get the "Access is denied" and the login window. I don't know what that means, but since the window is only there very briefly I probably missed it on my earlier attempts. Thanks, Rob On Fri, Jan 12, 2018 at 11:16 AM, Rob Marshall <rob.marshall17 at gmail.com> wrote:> The client is a Windows 2008 R2 server. I don't know what you mean by > classic vs. AD. I assume it's AD, but how would I check? > > I see the same problem, i.e. "Access is denied" and a window to enter the > username/password, if I use the fully qualified name. > > Thanks, > > Rob > > On Fri, Jan 12, 2018 at 10:58 AM, Gaiseric Vandal via samba < > samba at lists.samba.org> wrote: > >> Can you clarify - are they trying to access the samba server from a Win >> 2016 machine? Is this a classic domain or AD domain? >> >> Do you have a WINS server defined? Can you access via a fully >> qualified domain name (e.g. myserver.mydomain.com.) I had an issue >> several years back where users connecting over VPN could access by IP but >> not my short name. The problem was that the VPN was blocking at least >> some netbios traffic (137-139) which meant that anything relying on netbios >> names failed. If you could connect via IP address of fully qualified >> domain name then you were by passing netbios name resolution issues and >> connecting directly to port 445. >> >> >> >> I have run into several issues with classic domains with SMB3 and Windows >> 10 (which presumably would apply to Win 2016 as well.) Windows 10 would try >> to negotiate SMBv3 with some servers and would fail. (This may have been >> samba 4 servers so I don't think this applies to you.) I also had >> problems with Win 7 and Windows 2008 and SMB v2, especially with multiple >> users connecting via remote desktop to Windows 2008. The first use >> could map a drive but not successive users. You may want to >> explicitly set your samba servers to use SMB v2 as the max protocol or even >> Samba 1.x. >> >> >> >> I also run into an issue with drive mapping using short name vs long name >> in a classic domain. If my DNS domain is mycompany.com, and my samba >> domain is TECH, then if I may a drive to myserver.mydomain.com there is >> a discrepancy between the Samba domain name and the DNS domain name. >> This didn't cause problems with Windows itself but it did with Office 2013 >> after some updates. Office would not open files determined to be from an >> untrusted source. >> >> >> I migrated away from a classic domain to a true AD domain so a lot of my >> netbios and name resolution issues went away. >> >> >> >> On 01/12/2018 10:19 AM, Rob Marshall via samba wrote: >> >>> Hi, >>> >>> I have a customer who is able to access shares using the IP address of >>> the >>> Samba server (running 3.6.x - sorry, can't upgrade) but when they try to >>> access the share using the short (netbios) name, they get "access denied" >>> and are prompted for a username/password. >>> >>> Where would I look to figure out what's going wrong? >>> >>> Thanks, >>> >>> Rob >>> >> >> >> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >> > >
Rowland Penny
2018-Jan-12 16:25 UTC
[Samba] Access to Windows 2016 server works with IP but not with netbios name
On Fri, 12 Jan 2018 11:20:37 -0500 Rob Marshall via samba <samba at lists.samba.org> wrote:> Hi, > > I just tried again and there's a window that says something about > "looking for credentials file..." that pops up before I get the > "Access is denied" and the login window. I don't know what that > means, but since the window is only there very briefly I probably > missed it on my earlier attempts. > > Thanks, > > Rob > > On Fri, Jan 12, 2018 at 11:16 AM, Rob Marshall > <rob.marshall17 at gmail.com> wrote: > > > The client is a Windows 2008 R2 server. I don't know what you mean > > by classic vs. AD. I assume it's AD, but how would I check? > > > > I see the same problem, i.e. "Access is denied" and a window to > > enter the username/password, if I use the fully qualified name. > >It might help if you posted the smb.conf from the Samba machine. Rowland
Gaiseric Vandal
2018-Jan-12 23:32 UTC
[Samba] Access to Windows 2016 server works with IP but not with netbios name
If Windows is the domain controller, then it is an AD domain. If you are running Samba 3 domain controller then it would be emulating an NT4-type domain controller. I am presuming samba 3.x machine is configured as a domain member? Last year when the BADLOCK vulnerability came out, Microsoft issued various patches that were likely to break compatibility with Samba 3.x. Samba did not release a minor version upgrade for Samba 3.x to include this patch. So you would have to compile the patch your self. You can run a WINS server on Windows or Samba. WINS is the equivalent of a DNS server for Netbios names in a TCP/IP environment. Can you run "testparm -v" on your samba system? You may see smb ports = 445 139 disable netbios = No wins server = (the ip address of your wins server, if you have one) I found in a classic samba domain, that explicitly setting the smb ports value to 139 only created problems. I don't know what would happen if you set to 445 only. I don't know if the "disable netbios" option is available with samba 3.x. I had a classic domain that I migrated to an AD domain, but I haven't tried disabling all the netbios stuff yet. I would think if you could then this might get simpler. You may also want to do some packet captures on the samba server to compare compare connection attempts. Assuming the client DNS is setup that both "ping shortname" and "nslookup shortname" work? What version OS is the samba system running on? On 01/12/2018 11:16 AM, Rob Marshall wrote:> The client is a Windows 2008 R2 server. I don't know what you mean by > classic vs. AD. I assume it's AD, but how would I check? > > I see the same problem, i.e. "Access is denied" and a window to enter > the username/password, if I use the fully qualified name. > > Thanks, > > Rob > > On Fri, Jan 12, 2018 at 10:58 AM, Gaiseric Vandal via samba > <samba at lists.samba.org <mailto:samba at lists.samba.org>> wrote: > > Can you clarify - are they trying to access the samba server from > a Win 2016 machine? Is this a classic domain or AD domain? > > Do you have a WINS server defined? Can you access via a fully > qualified domain name (e.g. myserver.mydomain.com > <http://myserver.mydomain.com>.) I had an issue several years back > where users connecting over VPN could access by IP but not my > short name. The problem was that the VPN was blocking at > least some netbios traffic (137-139) which meant that anything > relying on netbios names failed. If you could connect via IP > address of fully qualified domain name then you were by passing > netbios name resolution issues and connecting directly to port 445. > > > > I have run into several issues with classic domains with SMB3 and > Windows 10 (which presumably would apply to Win 2016 as well.) > Windows 10 would try to negotiate SMBv3 with some servers and > would fail. (This may have been samba 4 servers so I don't think > this applies to you.) I also had problems with Win 7 and > Windows 2008 and SMB v2, especially with multiple users connecting > via remote desktop to Windows 2008. The first use could map a > drive but not successive users. You may want to explicitly > set your samba servers to use SMB v2 as the max protocol or even > Samba 1.x. > > > > I also run into an issue with drive mapping using short name vs > long name in a classic domain. If my DNS domain is mycompany.com > <http://mycompany.com>, and my samba domain is TECH, then if I > may a drive to myserver.mydomain.com > <http://myserver.mydomain.com> there is a discrepancy between the > Samba domain name and the DNS domain name. This didn't cause > problems with Windows itself but it did with Office 2013 after > some updates. Office would not open files determined to be from an > untrusted source. > > > I migrated away from a classic domain to a true AD domain so a lot > of my netbios and name resolution issues went away. > > > > On 01/12/2018 10:19 AM, Rob Marshall via samba wrote: > > Hi, > > I have a customer who is able to access shares using the IP > address of the > Samba server (running 3.6.x - sorry, can't upgrade) but when > they try to > access the share using the short (netbios) name, they get > "access denied" > and are prompted for a username/password. > > Where would I look to figure out what's going wrong? > > Thanks, > > Rob > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > <https://lists.samba.org/mailman/options/samba> > >
Gaiseric Vandal
2018-Jan-12 23:34 UTC
[Samba] Access to Windows 2016 server works with IP but not with netbios name
That implies that samba system is not properly joined to the domain anymore. On 01/12/2018 11:20 AM, Rob Marshall wrote:> Hi, > > I just tried again and there's a window that says something about > "looking for credentials file..." that pops up before I get the > "Access is denied" and the login window. I don't know what that means, > but since the window is only there very briefly I probably missed it > on my earlier attempts. > > Thanks, > > Rob > > On Fri, Jan 12, 2018 at 11:16 AM, Rob Marshall > <rob.marshall17 at gmail.com <mailto:rob.marshall17 at gmail.com>> wrote: > > The client is a Windows 2008 R2 server. I don't know what you mean > by classic vs. AD. I assume it's AD, but how would I check? > > I see the same problem, i.e. "Access is denied" and a window to > enter the username/password, if I use the fully qualified name. > > Thanks, > > Rob > > On Fri, Jan 12, 2018 at 10:58 AM, Gaiseric Vandal via samba > <samba at lists.samba.org <mailto:samba at lists.samba.org>> wrote: > > Can you clarify - are they trying to access the samba server > from a Win 2016 machine? Is this a classic domain or AD > domain? > > Do you have a WINS server defined? Can you access via a > fully qualified domain name (e.g. myserver.mydomain.com > <http://myserver.mydomain.com>.) I had an issue several years > back where users connecting over VPN could access by IP but > not my short name. The problem was that the VPN was > blocking at least some netbios traffic (137-139) which meant > that anything relying on netbios names failed. If you could > connect via IP address of fully qualified domain name then > you were by passing netbios name resolution issues and > connecting directly to port 445. > > > > I have run into several issues with classic domains with SMB3 > and Windows 10 (which presumably would apply to Win 2016 as > well.) Windows 10 would try to negotiate SMBv3 with some > servers and would fail. (This may have been samba 4 servers > so I don't think this applies to you.) I also had problems > with Win 7 and Windows 2008 and SMB v2, especially with > multiple users connecting via remote desktop to Windows 2008. > The first use could map a drive but not successive users. > You may want to explicitly set your samba servers to use SMB > v2 as the max protocol or even Samba 1.x. > > > > I also run into an issue with drive mapping using short name > vs long name in a classic domain. If my DNS domain is > mycompany.com <http://mycompany.com>, and my samba domain is > TECH, then if I may a drive to myserver.mydomain.com > <http://myserver.mydomain.com> there is a discrepancy between > the Samba domain name and the DNS domain name. This didn't > cause problems with Windows itself but it did with Office 2013 > after some updates. Office would not open files determined > to be from an untrusted source. > > > I migrated away from a classic domain to a true AD domain so a > lot of my netbios and name resolution issues went away. > > > > On 01/12/2018 10:19 AM, Rob Marshall via samba wrote: > > Hi, > > I have a customer who is able to access shares using the > IP address of the > Samba server (running 3.6.x - sorry, can't upgrade) but > when they try to > access the share using the short (netbios) name, they get > "access denied" > and are prompted for a username/password. > > Where would I look to figure out what's going wrong? > > Thanks, > > Rob > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > <https://lists.samba.org/mailman/options/samba> > > >
Reasonably Related Threads
- Access to Windows 2016 server works with IP but not with netbios name
- Access to Windows 2016 server works with IP but not with netbios name
- Access to Windows 2016 server works with IP but not with netbios name
- Access to Windows 2016 server works with IP but not with netbios name
- Access to Windows 2016 server works with IP but not with netbios name