similar to: Win 10 cannot connect with (some variations of) 'smb encrypt = desired'

On Fri, Dec 23, 2016 at 02:21:16PM -0600, Chad William Seys via samba wrote: > Hi all, > > There are some surprises when trying to connect Windows 10 (up to date circa > Dec 2016) to Samba (4.5.2) with 'smb encrypt = desired' as a config option. > > I've made a grid of some of the combinations 'smb encrypt = desired' > settings below. > > The

On Fri, Dec 23, 2016 at 02:21:16PM -0600, Chad William Seys via samba wrote: > There are some surprises when trying to connect Windows 10 (up to date circa > Dec 2016) to Samba (4.5.2) with 'smb encrypt = desired' as a config option. > > ... > > browse | select | direct > smb encrypt (no G, no S) = '' Y | Y |

On Tue, Jan 24, 2017 at 02:02:46PM -0600, Chad William Seys wrote: > I did one test and was able to reproduce a line again with a freshly booted > (and long time off) Win 10 client: > > browse | select | direct > smb encrypt (no G, S) = desired Y[4] | N[1] | Y > > Did you authenticate by kerberos? That seems to be the most likely

Hi Rowland, > Are you using sssd or nslcd ? I am using sssd. I can ssh into the server using credentials from either kerberos realm. E.g. ssh cwseys at PHYSICS.WISC.EDU@smb01.physics.wisc.edu (works) ssh seys at AD.WISC.EDU@smb01.physics.wisc.edu (works) PHYSICS.WISC.EDU is an MIT kerberos KDC. AD.WISC.EDU is a active directory KDC (etc). The reason I thought sssd would be best is because

(Let's keep this on the list) Aurélien Aptel via samba <samba at lists.samba.org> writes: > Chad William Seys <cwseys at physics.wisc.edu> writes: >> Somehow the destination having 'msdfsroot yes' prevents the cifs kernel >> module from following the link. I've taken a look at your traces and right off the bat I see things like this: [...]

Hi Rowland et al, > > The reason I thought sssd would be best is because I want to use the > > /etc/passwd file for user existence and was easy to set up. > > You cannot have the same user in /etc/passwd and AD i.e. user 'foo' in > /etc/passwd could, and probably would, be seen as the the AD user 'foo'. The way the system is set up, username existance and

Hello all, I'm trying enable vfs_fruit. One problem I've noticed is that when a file or directory is created on a Macintosh the "other" mode is 'r--' (file) or 'r-x' (directory) even though the parent directory is '---'. On Windows, Linux, and Macintosh with vfs_fruit not loaded all create files and directories with mode for other set to

Hi Rowland, Below is output of testparm. Samba is set up as standalone server. # testparm Load smb config files from /etc/samba/smb.conf Processing section "[generic]" Loaded services file OK. Server role: ROLE_DOMAIN_MEMBER Press enter to see a dump of your service definitions [global] realm = PHYSICS.WISC.EDU server string = %h server server role =

Re-sending with right email... msdfs root is set to "no" by default and is per-share. [myshare] msdfs root = no path = ... Should do the trick. Otherwise if mounting on linux you can also use the 'nodfs' mount option (mount.cifs //host/share/... /mnt/ -o ...,nodfs) to disable DFS resolving and automatic sub-mounting. Chad W Seys <cwseys at

Hi all, We're having trouble with Macintosh clients (at least) being disconnected from Samba. Below is one macintosh console output when this happens, filtered by "smb". (Yeah, maybe some clues are missing...) ATM I don't see anything that stands out in the Samba log file. However one thing I don't see in the samba log file is session disconnects. Does anyone

On 02/03/16 20:12, Chad William Seys wrote: > Hi Rowland et al, > >>> The reason I thought sssd would be best is because I want to use the >>> /etc/passwd file for user existence and was easy to set up. >> You cannot have the same user in /etc/passwd and AD i.e. user 'foo' in >> /etc/passwd could, and probably would, be seen as the the AD user

> Which smb version are you using (mount option)? Support for DFS on smb2+ > was only added in linux 4.11. smbstatus shows the connection as NT1. DFS links do work like this: serverA_msdfsrootYES => serverB_msdfsrootNO But not like this: serverA_msdfsrootYES => serverB_msdfsrootYES Somehow the destination having 'msdfsroot yes' prevents the cifs kernel module from

On 01/03/16 23:16, Chad William Seys wrote: > Hi Rowland, > >> Are you using sssd or nslcd ? > I am using sssd. I can ssh into the server using credentials from either > kerberos realm. > E.g. > ssh cwseys at PHYSICS.WISC.EDU@smb01.physics.wisc.edu > (works) > ssh seys at AD.WISC.EDU@smb01.physics.wisc.edu > (works) > > PHYSICS.WISC.EDU is an MIT kerberos

Hi Ralph, > it's a global option. Have you put it in the global or a share section? Thanks for the hint! After putting it in the global options the create mode mimics the parent directory as one would expect from " inherit permissions = yes inherit acls = yes " If possible it would be less dangerous (securitywise) not to have fruit:nfs_aces setting interact with

Hello, On Debian 9 (stretch prerelease) I am able to mount with the following command with root using the following command: mount -t cifs //smb.physics.wisc.edu/smb /smb -osec=krb5,multiuser,username=smbadmin at PHYSICS.WISC.EDU --verbose root can also access files as expected However, when cifs-utils 6.6-5 is installed, a different user cannot access as expected: ls /smb ls: cannot

The main change in this release is to address some regressions that crept in when we switched to a scheme that does not rely on walking /tmp to look for credcaches. We now will use the information from the kernel about the initiating pid, reach into that task's environment and scrape out the $KRB5CCNAME variable. This can be problematic in setuid situations, so we avoid doing that for the

On Fri, 2017-02-10 at 11:15 -0600, Chad William Seys wrote: > Hi Jeff, > > > So we have a default credcache for the user for whom we are operating > > as, but we can't get the default principal name from it. My guess is > > that it's not finding the > > This mount is run by root UID=0 and seems to be find that credential > cache without problem (earlier

Hi All, The man page for smb.conf says that 'client max protocol = default' is the same as 'client max protocol = NT1' for the HEAD samba version. Is there some reason I should not change that to SMB3? Thanks! Chad.

Hi Chad, Sorry for the late reply. Looking at this now. Chad William Seys <cwseys at physics.wisc.edu> writes: > I've attached traces and logs of these situations: > > msdfs root = yes, link points to share, link CAN be followed > trace_msdfsrootyes_share.* > > msdfs root = yes, link points to path, link CANNOT be followed > trace_msdfsrootyes_path.* In this one I

Am 23.01.2017 um 19:54 schrieb Ralph Böhme via samba: > On Mon, Jan 23, 2017 at 11:49:15AM -0600, Chad William Seys wrote: >> Hi Ralph, >>> it's a global option. Have you put it in the global or a share section? >> >> Thanks for the hint! After putting it in the global options the create >> mode mimics the parent directory as one would expect from