Web lists-archives.com

Re: [Samba] Shares not accessible when using FQDN




Please see inline comments:

On Tue, 29 Aug 2017 11:47:17 +0200 (CEST)
Gaetan SLONGO <gslongo@xxxxxxxxxxxxx> wrote:

> Hi guys, 
> 
> 
> Thank you for your answer. Meanwhile I have new informations, the
> problem also happen on a workstation in the domain. This should not
> be a DNS issue. I validated that and I can authenticate and list
> shares. Just cannot enter into them when i'm using the FQDN o_O 
> 
> 
> Note : It works well on Linux clients.

You surprise me ;-)
 
> 
> 
> Here is the Samba config file : 
> 
> 
> Thank you ! 
> 
> 
> 
> # Global parameters 
> [global] 
> netbios name = MOE 
> realm = ADS.DOMAIN.BE 
> workgroup = DOMAIN 
> netbios alias = CLUSTER

'CLUSTER' ?? why ? you cannot use a Samba AD DC in a cluster, for one
thing there is no need.
 
> server role = active directory domain controller 
> kerberos method = secrets and keytab 
> idmap_ldb:use rfc2307 = yes 
> winbind use default domain = false 
> winbind offline logon = false 

You should remove the above two lines, they do nothing on an AD DC

> template shell = /bin/bash 
> template homedir = /home/%u 
> ntlm auth = yes 
> log level = 4 
> 
> [netlogon] 
> path = /var/lib/samba/sysvol/ads.DOMAIN.be/scripts 
> read only = Yes 
> browsable = no 
> 
> [sysvol] 
> path = /var/lib/samba/sysvol 
> read only = Yes 
> browsable = no 
> 
> [software] 
> comment = Installed productlines 
> path = /opt/DOMAIN/actran_product 
> read only = Yes 
> create mask = 0660 
> directory mask = 0770 
> guest ok = No 
> 
> [license] 
> comment = license 
> path = /opt/licenses/msctwo 
> read only = yes 
> guest ok = No 
> 
> [homes] 
> comment = Home Directories 
> browseable = no 
> read only = No 
> create mask = 0600 
> directory mask = 0700 
> guest ok = no 
> printable = no 
> veto files = 
> hide dot files = no 

OK several things here, put the [sysvol] & [netlogon] shares back to
what they were when the smb.conf was created. [homes] doesn't work on
a DC and you CANNOT use the old Samba3 ways of setting up shares on a
DC, you MUST use Windows ACLs, see here:

https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs 

and here:

https://wiki.samba.org/index.php/User_Home_Folders

Rowland


Rowland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba