Web lists-archives.com

Re: [Samba] Access to Windows 2016 server works with IP but not with netbios name




On Sat, 13 Jan 2018 19:12:14 -0500
Rob Marshall via samba <samba@xxxxxxxxxxxxxxx> wrote:

> Hi,
> 
> When I initially tested the "getent passwd testuser01" I got nothing
> back. I then did: "getent passwd "wg\testuser01"" and got the entry. A
> "troubleshooting" wiki I was reading suggested adding: "winbind use
> default domain = yes" to fix that. I added that and was then able to
> lookup the user without needing the "wg\".
> 
> In looking at the sources for libcli/security/dom_sid.c, which is
> where the "invalid format" messages are displayed, I'm a bit confused.
> That function seems to be assuming it's received an actual SID and not
> the group designation. Does anyone know why it would be checking the
> @WG\dl_fred1_testshare_r?
> 
> Also, as I mentioned earlier, I only see the NT_STATUS_ACCESS_DENIED
> when using the NETBIOS name to try and access the share. When using
> the IP address it doesn't seem to be checking much of anything, but
> allows access (at least read access) to the share. For example when
> using the NETBIOS name I see it checking the kerberos ticket, which is
> NOT happening when using the IP address.
> 
> Again, does the assumption make any sense that when using the IP
> address the user is being granted some sort of "guest" access but when
> using the NETBIOS (or FQDN) name the authentication is actually being
> checked and failing for some reason?
> 
> Thanks,
> 
> Rob
> 

I will say it again, your smb.conf is incorrect, you are putting
EVERYTHING into the '*' domain, please read this:

https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member

and this:

https://wiki.samba.org/index.php/Idmap_config_rid

Rowland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba