Re: [Samba] Can't connect anymore a share in domain A from domain B since
- Date: Tue, 29 May 2018 15:06:08 +0200
- From: Hénoch Hervé via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] Can't connect anymore a share in domain A from domain B since
It say user %unsername% is unknown !!!
But if i try :
net use z: \\<computer in A.FQDN\<share> /USER:A\username
In samba logs change :
Kerberos: AS-REQ login0@A from ipv4:<ip XXX>:51583 for krbtgt/A@A
Kerberos: Looking for PKINIT pa-data -- login0@A
Kerberos: Looking for ENC-TS pa-data -- login0@A
Kerberos: Failed to decrypt PA-DATA -- login0@A (enctype arcfour-hmac-md5) error Decrypt integrity check failed
Kerberos: Failed to decrypt PA-DATA -- login0@A
Kerberos: AS-REQ login0@A from ipv4:<ip XXX>:51585 for krbtgt/A@A
Kerberos: Looking for PKINIT pa-data -- login0@A
Kerberos: Looking for ENC-TS pa-data -- login0@A
Kerberos: No preauth found, returning PREAUTH-REQUIRED -- login0@A
Kerberos: AS-REQ login0@A from ipv4:<ip XXX>:51586 for krbtgt/A@A
Kerberos: Looking for PKINIT pa-data -- login0@A
Kerberos: Looking for ENC-TS pa-data -- login0@A
Kerberos: ENC-TS Pre-authentication succeeded -- login0@A using aes256-cts-hmac-sha1-96
Kerberos: TGS-REQ login0@A.LOCAL from ipv4:<ip XXX>:51587 for cifs/<file server in A.FQDN@A.LOCAL [canonicalize, renewable, forwardable]
Note : if i try :
net use z: \\<computer in A.FQDN\<share> /USER:A\username*password*
the password is not asked (twice otherwise)
Le 29/05/2018 à 14:52, L.P.H. van Belle via samba a écrit :
Try it like this.
net use z: \\<computer in A.FQDN\<share> /USER:NTDOM\%username%
Does that work for the samba 4.1, if not, check if you windows disabled smbv1
See:
https://support.microsoft.com/en-us/help/4034314/smbv1-is-not-installed-by-default-in-windows
Best is, upgrade you systems so you can use samba 4.7+
Greetz,
Louis
-----Oorspronkelijk bericht-----
Van: samba [mailto:samba-bounces@xxxxxxxxxxxxxxx] Namens
Hénoch Hervé via samba
Verzonden: dinsdag 29 mei 2018 14:44
Aan: Hénoch Hervé via samba
Onderwerp: [Samba] Can't connect anymore a share in domain A
from domain B since
Hi,
In the past (2 months ago) : I have two AD Domain under Samba 4.1 : A
and B. I war able to connect a share in A from B.
Now (after upgrade) : I have a W2016 domain (B) and a Samba
4.6 domain
(A) but I can't connect a share in A from B. The user from B
which try
to connect the share in A has the same login in the two domains.
So since the upgrade I don't have the same behavior ...
From a computer named XXX in domain B I've tried this command : net
use z: \\<computer in A>\<share> /USER:login0@A (where login0 is the
same in A and B for the user).
If I write a wrong password I have the system error 86 but if i write
the good password (must write it twice) i have the system error 5.
In Samba logs are :
ntlm_password_check: LM password and LMv2 failed for user
login0, and
NT MD4 password in LM field not permitted
ntlm_password_check: Lanman passwords NOT PERMITTED for user login0
ntlm_password_check: LM password and LMv2 failed for user
login0, and
NT MD4 password in LM field not permitted
ntlm_password_check: Lanman passwords NOT PERMITTED for user login0
ntlm_password_check: LM password and LMv2 failed for user
login0, and
NT MD4 password in LM field not permitted
auth_check_password_recv: sam_ignoredomain authentication for user
[A\login0] FAILED with error NT_STATUS_WRONG_PASSWORD
auth_check_password_send: Checking password for unmapped user
[A]\[login0@A]@[\\XXX]
auth_check_password_send: mapped user is: [A]\[login0]@[\\XXX]
How can I do such a connection ? I've tried "map untrusted to
domain =
yes" but it is not working better ...
Regard
--
*Hervé* *HÉNOCH*
*Responsable informatique*
Tél. : 0490275744 h.henoch@xxxxxxxxx <mailto:h.henoch@xxxxxxxxx>
/250, chemin de Baigne-Pieds ? 84 000 Avignon/
*/www.institut-sainte-catherine.org/*
<http://www.institut-sainte-catherine.org/>
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
--
*Hervé* *HÉNOCH*
*Responsable informatique*
Tél. : 0490275744 h.henoch@xxxxxxxxx <mailto:h.henoch@xxxxxxxxx>
/250, chemin de Baigne-Pieds – 84 000 Avignon/
*/www.institut-sainte-catherine.org/*
<http://www.institut-sainte-catherine.org/>
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba