thr3ads.net - samba - [Samba] Guest access to a foreign NT domain fail... [Feb 2018]

If this information is useful, please help other people find it:
Share via:

Marco Gaiarin

2018-Feb-01 14:44 UTC

[Samba] Guest access to a foreign NT domain fail...

I'm migrating from a (set of) NT domain, say SANVITO, to an AD domain,
say LNFFVG.

Both domain live in the same network, so there's no
firewall/routing/... in the middle.


In SANVITO domain, there's a share (say \\MEDIA\Software) with public
access enabled. In SANVITO domain, public access works as expected.
The same share are accessible with login (and password; so, non
anonymously/guest mode) and again works as expected.

In LNFFVG domain, users have the same login and password of SANVITO
domain, so if i try from a domain user in LNFFVG to access
\\MEDIA\Software share, i can access without trouble.


Neverthless, if i try, from LNFFVG domain, to access the share in guest
mode, i catch an 'access denied'.


Why?! Thanks.

-- 
dott. Marco Gaiarin				        GNUPG Key ID: 240A3D66
  Associazione ``La Nostra Famiglia''         
http://www.lanostrafamiglia.it/
  Polo FVG   -   Via della Bontà, 7 - 33078   -   San Vito al Tagliamento (PN)
  marco.gaiarin(at)lanostrafamiglia.it   t +39-0434-842711   f +39-0434-842797

		Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
      http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
	(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)

Marco Gaiarin

2018-Feb-02 14:14 UTC

head link

[Samba] Guest access to a foreign NT domain fail...

> Why?! Thanks.
A-HA! After fiddling a bit with logs, i've found that:

	_netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth
request from client KAIN machine account KAIN$

Simply, KAIN was joined to SANVITO domain, and i've not removed that
account, so the cleint tried to auth with machine account, but fail
because the machine account was from a different domain.


After doing:

	smbldap-userdel kain$

KAIN now switched correctly in guest mode, and share works as expected.


Sorry to the list.

-- 
dott. Marco Gaiarin				        GNUPG Key ID: 240A3D66
  Associazione ``La Nostra Famiglia''         
http://www.lanostrafamiglia.it/
  Polo FVG   -   Via della Bontà, 7 - 33078   -   San Vito al Tagliamento (PN)
  marco.gaiarin(at)lanostrafamiglia.it   t +39-0434-842711   f +39-0434-842797

		Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
      http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
	(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)

Apparently Analagous Threads

Search for more reasonably related threads

samba - Feb 2018 - Guest access to a foreign NT domain fail...

[Samba] Guest access to a foreign NT domain fail...

[Samba] Guest access to a foreign NT domain fail...

Apparently Analagous Threads