Rowland Penny
2018-Jan-12 17:29 UTC
[Samba] Access to Windows 2016 server works with IP but not with netbios name
On Fri, 12 Jan 2018 09:21:42 -0800 Luke Barone <lukebarone at gmail.com> wrote:> As well as what share... Are you trying to access the \\*\netlogon or > \\*\sysvol shares of a PDC? >There wouldn't be a sysvol share on a PDC, or do you mean a DC ? Rowland
Rob Marshall
2018-Jan-12 17:41 UTC
[Samba] Access to Windows 2016 server works with IP but not with netbios name
Hi, I'm working on getting copies of the smb.conf and log files off the site. It's complicated...I'm just trying to connect to a share that's defined in the smb.conf. If I open a Windows Explorer and do: \\10.x.x.x I see the available shares and can click on them and open them. However if I do \\fred, i.e. the short (I've also tried the fully qualified) name, I can see the shares but I get the "Access is denied" and the logon window when I try to open them. Rob On Fri, Jan 12, 2018 at 12:29 PM, Rowland Penny via samba < samba at lists.samba.org> wrote:> On Fri, 12 Jan 2018 09:21:42 -0800 > Luke Barone <lukebarone at gmail.com> wrote: > > > As well as what share... Are you trying to access the \\*\netlogon or > > \\*\sysvol shares of a PDC? > > > > There wouldn't be a sysvol share on a PDC, or do you mean a DC ? > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
Luke Barone
2018-Jan-12 18:45 UTC
[Samba] Access to Windows 2016 server works with IP but not with netbios name
In a perfect world, SysVol would be on an AD Domain Controller, but there are people on here who do things out of the perfect world ;-) If the answer was yes though, then I would be able to post the Reg Setting to enable access from Windows 10 and above to those shares. I needed to apply it as we are still running PDCs in almost every site. Trust me, I can't wait to roll out AD On Fri, Jan 12, 2018 at 9:29 AM, Rowland Penny via samba < samba at lists.samba.org> wrote:> On Fri, 12 Jan 2018 09:21:42 -0800 > Luke Barone <lukebarone at gmail.com> wrote: > > > As well as what share... Are you trying to access the \\*\netlogon or > > \\*\sysvol shares of a PDC? > > > > There wouldn't be a sysvol share on a PDC, or do you mean a DC ? > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
Rob Marshall
2018-Jan-12 23:34 UTC
[Samba] Access to Windows 2016 server works with IP but not with netbios name
Hi, Here's a modified (to protect the customer's information) truncated smb.conf that, for the most part, mirrors what they have: [global] log level = 3 os level = 1 security = ADS server string = TEST CIFS Server workgroup = WG netbios name = FRED1 realm = WB.DOM-NAME.COM idmap config * : range = 10000-20000 log file = /var/log/samba/%m.log encrypt passwords = yes syslog = 1 winbind enum users = no winbind enum groups = no winbind use default domain = yes wins support = yes printcap name = /dev/null socket options = SO_RCVBUF=65536 SO_SNDBUF=65536 strict sync = yes oplocks = yes kernel oplocks = no wide links = yes deadtime = 1 case sensitive = no map to guest = bad user guest account = nobody unix extensions = no [TestShare] comment = Test Share for further testing path = /cifs/TestShare_test hosts allow =ALL hosts deny = ALL browseable = yes writeable = no directory mask = 0777 force user = cifs_user guest ok = No valid users = @WG\dl_fred1_testshare_m, @WG\dl_fred1_testshare_r write list = @WG\dl_fred1_testshare_m My questions are: 1) What does the error: string_to_sid: SID @WG\dl_fred1_testshare_r is not in a valid format mean? 2) For the connections using the NETBIOS name, I see lots of messages similar to: [2018/01/12 23:10:38.716169, 2] smbd/service.c:627(create_connection_session_info) user 'WG\testuser01' (from session setup) not permitted to access this share (TestShare) [2018/01/12 23:10:38.716216, 1] smbd/service.c:805(make_connection_snum) create_connection_session_info failed: NT_STATUS_ACCESS_DENIED [2018/01/12 23:10:38.716260, 3] smbd/error.c:81(error_packet_set) error packet at smbd/reply.c(803) cmd=117 (SMBtconX) NT_STATUS_ACCESS_DENIED Given the above smb.conf is it possible that the attempts using the IP address, rather than the NETBIOS name, are being allowed access (in this case read only) because Samba can't determine who the user is and is, therefore, allowing some sort of guest access? I don't really have any other way to explain why the access via the NETBIOS name, which appears to correctly see that the user doesn't have access to the share, fails and the access via the IP address works. Does that even make sense? Thanks, Rob On Fri, Jan 12, 2018 at 1:45 PM, Luke Barone via samba <samba at lists.samba.org> wrote:> In a perfect world, SysVol would be on an AD Domain Controller, but there > are people on here who do things out of the perfect world ;-) > > If the answer was yes though, then I would be able to post the Reg Setting > to enable access from Windows 10 and above to those shares. I needed to > apply it as we are still running PDCs in almost every site. Trust me, I > can't wait to roll out AD > > On Fri, Jan 12, 2018 at 9:29 AM, Rowland Penny via samba < > samba at lists.samba.org> wrote: > >> On Fri, 12 Jan 2018 09:21:42 -0800 >> Luke Barone <lukebarone at gmail.com> wrote: >> >> > As well as what share... Are you trying to access the \\*\netlogon or >> > \\*\sysvol shares of a PDC? >> > >> >> There wouldn't be a sysvol share on a PDC, or do you mean a DC ? >> >> Rowland >> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >> > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba