Web lists-archives.com

[Samba] Access to sharing by hostname but not by its IP




Hi Samba user's,

I've update a domain member smb server to samba 4.6.5.
I don't want to use winbind for this upgrade so i'm trying with sssd.
After a long informative reading on this subject, i've finaly success to
connect using the hostname.

The domain member is well join to AD-DC :
# net ads testjoin
Join is OK

Another test :
# adcli info -D local.mydomain
[domain]
domain-name = local.mydomain
domain-short = MYDOMAIN
domain-forest = local.mydomain
domain-controller = hera.local.mydomain
domain-controller-site = Laval
domain-controller-flags = pdc gc ldap ds kdc timeserv closest writable
good-timeserv full-secret
domain-controller-usable = yes
domain-controllers = hera.local.mydomain
[computer]
computer-site = Laval

From the Domain member server (RHEA), i can view the main sharing using
my account but not when using the administrator account. By the way, i
belive i made some limitation on this account because nobody have to use
this one :)

# smbclient -L //RHEA -U myident
Enter MYDOMAIN\myident's password:

	Sharename       Type      Comment
	---------       ----      -------
	IPC$            IPC       IPC Service (Samba 4.6.5-Debian)
	projets         Disk      Gestion des projets
	public          Disk      Public Stuff
	myident         Disk      Repertoire Personnel
Domain=[MYDOMAIN] OS=[] Server=[]

	Server               Comment
	---------            -------
	RHEA                 Samba 4.6.5-Debian

	Workgroup            Master
	---------            -------
	MYDOMAIN             RHEA

From the AD-DC server (HERA), i can see the same thing using my account.
Stil on the AD-DC, i've try another method :

# smbclient -L //192.168.1.2 -U myident
Enter MYDOMAIN\myident's password:
Domain=[MYDOMAIN] OS=[] Server=[]

	Sharename       Type      Comment
	---------       ----      -------
	IPC$            IPC       IPC Service (Samba 4.6.5-Debian)
	projets         Disk      Gestion des projets
	public          Disk      Public Stuff
	myident         Disk      Repertoire Personnel
Domain=[MYDOMAIN] OS=[] Server=[]

	Server               Comment
	---------            -------
	RHEA                 Samba 4.6.5-Debian

	Workgroup            Master
	---------            -------
	MYDOMAIN             RHEA

Well...
Everything seems to work.
Now i want to test an access from a windows client. I have open the
session on the domain using my account. Now i open windows explorer and
i type //RHEA in the address bar. I can see the share that i can use.
So, why do i post on this mailing list ?

Because when I use address //192.168.1.2, the operating system asks me
to identify myself. But i'have already done this when i've open this
session. I am surprised because it is usually the opposite error that
occurs. Let's go to the log on RHEA Host (192.168.1.2) :

[2017/07/25 02:46:15.286177,  0]
../source3/auth/auth_domain.c:226(domain_client_validate)
  domain_client_validate: unable to validate password for user myident
in domain MYDOMAIN to Domain controller HERA.LOCAL.MYDOMAIN. Error was
NT_STATUS_WRONG_PASSWORD.
[2017/07/25 02:46:15.288928,  2]
../source3/auth/auth.c:315(auth_check_ntlm_password)
  check_ntlm_password:  Authentication for user [myident] -> [myident]
FAILED with error NT_STATUS_WRONG_PASSWORD
[2017/07/25 02:46:15.296364,  2]
../auth/gensec/spnego.c:768(gensec_spnego_server_negTokenTarg)
  SPNEGO login failed: NT_STATUS_WRONG_PASSWORD

Ok, but this error occurred even before I specified an identifier.
I removed the Windows-based workstation from the domain and then, i join
it again. In this regard, i have noticed that a computer can not join a
Windows Active Directory domain if the Netbios over TCP / IP option is
not enabled. Too bad !

RSAT is installed on this computer and i still can login and maintain
Active Directory and DNS zone from this computer. But now, i cannot see
RHEA share anymore. I've got the same error even if i use IP or hostname.

sssd seems to work fine because the command getent passwd give me a result :

# getent passwd myident
myident:*:1072:513:Marc-Henri Pamiseux:/home/MYDOMAIN/myident:/bin/bash

Does someone can help me to investigate ?

Thanks in advance.
-- 
Marc-Henri Pamiseux - SARL Libricks - www.libricks.fr
6 rue Léonard de Vinci - CS 20119, 53001 LAVAL Cedex
Tel. : 02.30.96.15.24 / Mobile : 06.26.71.30.97


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba