Shivappa
2018-Sep-18 15:43 UTC
[Samba] Share cannot be accessed when samba is in Domain with security enabled
Hi Rowland, Sorry, I shall post such questions to mailing list in future. Here is my smb.conf #############My smb.conf########## [global] workgroup=SAMBADFS server string=SMB Server netbios name=Shivatest realm=SAMBADFS.LOCAL log level=1 log file= max log size=2000 max smbd processes=100 security=ADS password server=10.10.1.1 wins support=no client NTLMv2 auth=Yes wins proxy=no server max protocol=SMB3 client max protocol=SMB3 dns proxy=no wins server=0.0.0.0, 0.0.0.0 name resolve order=lmhosts host wins bcast map to guest=bad uid guest only=yes guest account=root local master=no encrypt passwords=yes ntlm auth=yes deadtime=60 server signing=auto client signing=auto dos charset=CP932 #my share [SHIVA_SHARE] path=/etc/test browseable=yes writeable=no public=no guest ok=yes available=1 ##############END########### Regards, Shivappa> On Sep 18, 2018, at 12:46, Rowland Penny <rpenny at samba.org> wrote: > > On Tue, 18 Sep 2018 07:56:43 +0100 > Rowland Penny via samba <samba at lists.samba.org> wrote: > >> >> >> Begin forwarded message: >> >> Date: Mon, 17 Sep 2018 22:36:21 -0500 (CDT) >> From: shivappa Sangapur via samba-technical >> <samba-technical at lists.samba.org> To: samba-technical at lists.samba.org >> Subject: Share cannot be accessed when samba is in Domain with >> security enabled >> >> >> Hi, >> >> I'm using samba-4.7.4. >> I have put my samba server in Domain. (Not using winbind) using NT >> domain with user test. >> /etc/password has 'test' user and pdbedit shows only 'test' user, >> since I've joined this samba server to Windows domain. >> domain server is Win2k12 R2. >> In windows domain server, >> I have enabled "Microsoft network client: Digitally sign >> communications (Always)" in domain Policy. >> >> I logged as 'Administrator' to Windows domain server PC and >> I tried to access share of my samba server(samba-4.7.4) from windows >> domain, but i get below error. >> *"The account is not authorized to login from this station"* >> >> Any idea why so ? >> >> If I joined my other Windows 7 PC to domain using domain user 'test2' >> and access samba-4.7.4 share, >> same error occurs. >> If I joined my other Windows 7 PC to domain using domain user 'test' >> and access samba-4.7.4 share, >> the share access successfully. >> >> test,test2 have full rights as domain users, Administrator and >> etc..... >> >> Any suggestions ?? >> > > OK, as I said yesterday it sounds like you are running an NT domain on > a win2k12R2 server, this isn't possible, so it sounds like a > misconfiguration somewhere. > > Please post your smb.conf > > Post it here on the 'samba' mailing list, not on the 'samba technical' > list, that is not the correct place to post this type of question. > > I think I know what your problem is, but until I see your smb.conf, I > cannot be sure. > > Rowland Penny > Samba team member
Rowland Penny
2018-Sep-18 16:13 UTC
[Samba] Share cannot be accessed when samba is in Domain with security enabled
On Tue, 18 Sep 2018 21:13:08 +0530 Shivappa <ssangapur3 at gmail.com> wrote:> Hi Rowland, > > Sorry, I shall post such questions to mailing list in future. > > Here is my smb.conf > > #############My smb.conf########## > [global] > workgroup=SAMBADFS > server string=SMB Server > netbios name=Shivatest > realm=SAMBADFS.LOCAL > log level=1 > log file= > max log size=2000 > max smbd processes=100 > security=ADS > password server=10.10.1.1 > wins support=no > client NTLMv2 auth=Yes > wins proxy=no > server max protocol=SMB3 > client max protocol=SMB3 > dns proxy=no > wins server=0.0.0.0, 0.0.0.0 > name resolve order=lmhosts host wins bcast > map to guest=bad uid > guest only=yes > guest account=root > local master=no > encrypt passwords=yes > ntlm auth=yes > deadtime=60 > server signing=auto > client signing=auto > dos charset=CP932 > #my share > [SHIVA_SHARE] > path=/etc/test > browseable=yes > writeable=no > public=no > guestok=yes> available=1 > ##############END########### >WOW, you are trying to run a Unix domain member as a standalone server. security=ADS map to guest=bad uid guest only=yes guest account=root There are no authentication lines Can I suggest you install and run winbind and then read this: https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member Either that, or run Samba as a standalone server, see here: https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Standalone_Server Rowland
Shivappa
2018-Sep-24 08:14 UTC
[Samba] Share cannot be accessed when samba is in Domain with security enabled
Rowland, Thanks for ur suggestions. I have used “map to guest=never” and I no longer getting that original error. Do you guess any other issues I may face with keeping stand-alone server and above parameter. So far it is working fine for me in Domain environment.> > -----Original Message----- > From: samba [mailto:samba-bounces at lists.samba.org] On Behalf Of Rowland Penny via samba > Sent: 18 September 2018 21:44 > To: samba at lists.samba.org > Subject: Re: [Samba] Share cannot be accessed when samba is in Domain with security enabled > > On Tue, 18 Sep 2018 21:13:08 +0530 > Shivappa <ssangapur3 at gmail.com> wrote: > >> Hi Rowland, >> >> Sorry, I shall post such questions to mailing list in future. >> >> Here is my smb.conf >> >> #############My smb.conf########## >> [global] >> workgroup=SAMBADFS >> server string=SMB Server >> netbios name=Shivatest >> realm=SAMBADFS.LOCAL >> log level=1 >> log file>> max log size=2000 >> max smbd processes=100 >> security=ADS >> password server=10.10.1.1 >> wins support=no >> client NTLMv2 auth=Yes >> wins proxy=no >> server max protocol=SMB3 >> client max protocol=SMB3 >> dns proxy=no >> wins server=0.0.0.0, 0.0.0.0 >> name resolve order=lmhosts host wins bcast map to guest=bad uid guest >> only=yes guest account=root local master=no encrypt passwords=yes ntlm >> auth=yes >> deadtime=60 >> server signing=auto >> client signing=auto >> dos charset=CP932 >> #my share >> [SHIVA_SHARE] >> path=/etc/test >> browseable=yes >> writeable=no >> public=no >> guest > > ok=yes >> available=1 >> ##############END########### >> > > WOW, you are trying to run a Unix domain member as a standalone server. > > security=ADS > > map to guest=bad uid > guest only=yes > guest account=root > > There are no authentication lines > > Can I suggest you install and run winbind and then read this: > > https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member > > Either that, or run Samba as a standalone server, see here: > > https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Standalone_Server > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
Rowland Penny
2018-Sep-24 08:57 UTC
[Samba] Share cannot be accessed when samba is in Domain with security enabled
On Mon, 24 Sep 2018 13:44:29 +0530 Shivappa <ssangapur3 at gmail.com> wrote:> Rowland, > > Thanks for ur suggestions. > I have used “map to guest=never” and I no longer getting that > original error. > > Do you guess any other issues I may face with keeping stand-alone > server and above parameter. > > So far it is working fine for me in Domain environment.If that is all you have changed, then I am surprised. If you just want a standalone server without users, then I would expect your smb.conf to look similar to this: [global] workgroup = NOTSAMBADFS security = user server string = SMB Standalone Server log level = 1 max log size = 2000 max smbd processes = 100 dns proxy = no guest only = yes map to guest = Bad User ntlm auth = yes deadtime = 60 dos charset = CP932 #my share [SHIVA_SHARE] path = /etc/test guest ok = yes The computer must not be joined to the domain and you would not create any users on the standalone server and winbind doesn't need to run. If however you want Domain users to log into the computer, it will need to be a domain member and the smb.conf will need to be similar to this: [global] workgroup = SAMBADFS security = ADS server string = SMB ADS Server realm = SAMBADFS.LOCAL log level = 1 max log size = 2000 max smbd processes = 100 ntlm auth = yes deadtime = 60 dos charset = CP932 idmap config *:backend = tdb idmap config *:range = 3000-7999 idmap config SAMBADFS : backend = rid idmap config SAMBADFS : range = 10000-999999 template shell = /bin/bash template homedir = /home/%U #my share [SHIVA_SHARE] path = /etc/test The computer will need to be joined to the domain, the users will come from AD and winbind must be running. I would also suggest you read 'man smb.conf', most of your smb.conf lines were defaults (as is 'map to guest = yes') Rowland
Possibly Parallel Threads
- Share cannot be accessed when samba is in Domain with security enabled
- Fw: Share cannot be accessed when samba is in Domain with security enabled
- print issue from command prompt when jobs submit simultaneously
- SMB Signing with "map to guest = " options
- Share cannot be accessed when samba is in Domain with security enabled