Web lists-archives.com

Re: [Samba] Access to Windows 2016 server works with IP but not with netbios name




If Windows is the domain controller, then it is an AD domain.       If you are running Samba 3 domain controller then it would be emulating an NT4-type domain controller. I am presuming samba 3.x machine is configured as a domain member?

Last year when the BADLOCK vulnerability came out, Microsoft issued various patches that were likely to break compatibility with Samba 3.x.      Samba did not release a minor version upgrade for Samba 3.x to include this patch.      So you would have to compile the patch your self.


You can run a WINS server on Windows or Samba.      WINS is the equivalent of a DNS server for Netbios names in a TCP/IP environment.



Can you run "testparm -v" on your samba system?  You may  see

            smb ports = 445 139
            disable netbios = No
            wins server = (the ip address of your wins server, if you have one)



I found in a classic samba domain, that explicitly setting the smb ports value to 139 only created problems.    I don't know what would happen if you set to 445 only.   I don't know if the "disable netbios" option is available with samba 3.x.        I had a classic domain that I migrated to an AD domain, but I haven't tried disabling all the netbios stuff yet.     I would think if you could then this might get simpler.

You may also want to do some packet captures on the samba server to compare compare connection attempts.


Assuming the client DNS is setup that both "ping shortname" and "nslookup shortname" work?

What version OS is the samba system running on?





On 01/12/2018 11:16 AM, Rob Marshall wrote:
The client is a Windows 2008 R2 server. I don't know what you mean by classic vs. AD. I assume it's AD, but how would I check?

I see the same problem, i.e. "Access is denied" and a window to enter the username/password, if I use the fully qualified name.

Thanks,

Rob

On Fri, Jan 12, 2018 at 10:58 AM, Gaiseric Vandal via samba <samba@xxxxxxxxxxxxxxx <mailto:samba@xxxxxxxxxxxxxxx>> wrote:

    Can you clarify -  are they trying to access the samba server from
    a Win 2016 machine?     Is this a classic domain or AD domain?

    Do you have a WINS server defined?      Can you access via a fully
    qualified domain name (e.g. myserver.mydomain.com
    <http://myserver.mydomain.com>.) I had an issue several years back
    where users connecting over VPN could access by IP but not my
    short name.       The problem was that the VPN was blocking at
    least some netbios traffic (137-139) which meant that anything
    relying on netbios names failed.    If you could connect via IP
    address of fully qualified domain  name then you were by passing
    netbios name resolution issues and connecting directly to port 445.



    I have run into several issues with classic domains with SMB3 and
    Windows 10 (which presumably would apply to Win 2016 as well.)
    Windows 10 would try to negotiate SMBv3 with some servers and
    would fail.  (This may have been samba 4 servers so I don't think
    this applies to you.)     I also had problems with Win 7 and
    Windows 2008 and SMB v2, especially with multiple users connecting
    via remote desktop to Windows 2008.      The first use could map a
    drive but not successive users.        You may want to explicitly
    set your samba servers to use SMB v2 as the max protocol or even
    Samba 1.x.



    I also run into an issue with drive mapping using short name vs
    long name in a classic domain.   If my DNS domain is mycompany.com
    <http://mycompany.com>, and my samba domain is  TECH, then if I
    may a drive to myserver.mydomain.com
    <http://myserver.mydomain.com> there is a discrepancy between the
    Samba domain name and the DNS domain name.     This didn't cause
    problems with Windows itself but it did with Office 2013 after
    some updates. Office would not open files determined to be from an
    untrusted source.


    I migrated away from a classic domain to a true AD domain so a lot
    of my netbios and name resolution issues went away.



    On 01/12/2018 10:19 AM, Rob Marshall via samba wrote:

        Hi,

        I have a customer who is able to access shares using the IP
        address of the
        Samba server (running 3.6.x - sorry, can't upgrade) but when
        they try to
        access the share using the short (netbios) name, they get
        "access denied"
        and are prompted for a username/password.

        Where would I look to figure out what's going wrong?

        Thanks,

        Rob




-- To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/options/samba
    <https://lists.samba.org/mailman/options/samba>



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba