Re: [Samba] Access to sharing by hostname but not by its IP
- Date: Tue, 25 Jul 2017 13:36:43 +0200
- From: "L.P.H. van Belle via samba" <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] Access to sharing by hostname but not by its IP
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces@xxxxxxxxxxxxxxx] Namens
> Marc-Henri Pamiseux via samba
> Verzonden: dinsdag 25 juli 2017 12:57
> Aan: samba@xxxxxxxxxxxxxxx
> Onderwerp: Re: [Samba] Access to sharing by hostname but not by its IP
> Well, it's time for a checkpoint...
> Andrew Bartlett, in another thread on this list, give another
> approach :
> "Because Kerberos can't be done to an IP address."
> And this link from Microsoft too :
> By the way, "IP addresses are not names, so Kerberos is not
> used" does not mean Samba could not connect to IP, but it
> mean Samba will not use Kerberos to do it. Is it only possible ?
If the Kerberos protocol is not negotiated for some reason, Active Directory uses LM, NTLM, or NTLM version 2 (NTLMv2).
some reason = \\ip\share ) and if you hostname (+search domain) and hostname.domain.tld and PTR resolving does not work correct,
yes, then you have this problem .
And in this case, windows fals back to NTLM and then you accessing the server as user guest.
You can try the GPo setting :
Network security: LAN Manager Authentication Level setting to Send NTLMv2 responses only.
But this was already in the links i did send you.
But i suggest you fix you dns resolving.
I can say.
These all work for me. ( samba 4.5.x and samba 4.6.x on all DC and members )
> Marc-Henri Pamiseux - SARL Libricks - www.libricks.fr
> 6 rue Léonard de Vinci - CS 20119, 53001 LAVAL Cedex Tel. :
> 02.30.96.15.24 / Mobile : 06.26.71.30.97
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
To unsubscribe from this list go to the following URL and read the