Web lists-archives.com

Re: [Samba] User mapping/login issue




On 24/04/19 19:51, L.P.H. van Belle wrote:
Hai,

-----Oorspronkelijk bericht-----
Van: samba [mailto:samba-bounces@xxxxxxxxxxxxxxx] Namens
Rowland Penny via samba
Verzonden: woensdag 24 april 2019 12:13
Aan: samba@xxxxxxxxxxxxxxx
Onderwerp: Re: [Samba] User mapping/login issue

On Wed, 24 Apr 2019 11:38:58 +0200
"L.P.H. van Belle via samba" <samba@xxxxxxxxxxxxxxx> wrote:

Hai,


Im wondering here.. If the client is a windows 10 pc connecting,
../source3/smbd/negprot.c:419(reply_nt1)     using SPNEGO
../source3/smbd/negprot.c:761(reply_negprot) Selected protocol NT
LM 0.12 ../source3/smbd/process.c:554(receive_smb_talloc)
    receive_smb_raw_talloc failed for client
ipv4:10.55.66.82:59271 read error = NT_STATUS_CONNECTION_RESET.
And i see this..

Then why use these settings if its win10?

I sort of wondered about that, but only way to be sure was to add it
to the smb.conf for testing purposes. If it worked, then go one way,
if it didn't then go another way ;-)
@Rowland your are mislead..  ;-)

Ah, it is a PDC
Hm, no its a stand alone, the member references in my option.

       security = user  << stand alone ?
       domain logons = yes << member ?

Nope, it is a PDC, from 'man smb.conf':

        domain master (G)

          ............

            When domain logons = Yes the default setting for this
            parameter is Yes, with the result that Samba will be a PDC.

The OP has:

       domain master = yes
       domain logons = yes

Oeps, your totaly right. I missed that.

It would appear that there may be more than one issue with my smb.conf.
The scenario is a Centos 7 Linux server with a bunch of LAN connected windows 10 clients and several remote windows 10 clients which connect via VPN.
The server firewall accepts everything from the VPN.
The server and local clients are all in workgroup BENPARTS while the remote clients are either stand-alone or in different workgroups/domains. Local SMB access works as expected but remote access does not due to password failures (as described in earlier log excerpts).
What should the domain-related entries in smb.conf be to support this scenario?
Cheers and thanks,
Stephen

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba