[Freeipa-users] Can't access share SMB from Windows but can on macOS.

Thu, 27 Apr 2023 20:55:27 -0700 

Hello,

I have both RHEL 8 and 9 file servers that are authenticated to IPA and setup 
to export samba shares using the "Samba on an IdM domain member" method.
I can access these shares via smb:// on macOS without issue.  When I try to 
access them via Windows 10 or 11, it will prompt for credentials and then 
reject them.   The windows machines are setup standalone, no domain, no AD.  
I'm only trying to access the share, via //192.XXX.XXX.XX.

Below is my samba config.  Any help would be greatly appreciated.

[global]
    # Limit number of forked processes to avoid SMBLoris attack
    max smbd processes = 1000
    # Use dedicated Samba keytab. The key there must be synchronized
    # with Samba tdb databases or nothing will work
    dedicated keytab file = FILE:/etc/samba/samba.keytab
    kerberos method = dedicated keytab
    # Set up logging per machine and Samba process
    log file = /var/log/samba/log.%m
    log level = 1
    # We force 'member server' role to allow winbind automatically
    # discover what is supported by the domain controller side
    server role = member server
    realm = XXX.LOCAL
    netbios name = NAS02
    workgroup = XXX
    # Local writable range for IDs not coming from IPA or trusted domains
    idmap config * : range = 0 - 0
    idmap config * : backend = tdb


    idmap config XXX : range = 540600000 - 540799999
    idmap config XXX : backend = sss
    

    #Additional sutff for macOS
     #min protocol = SMB2
     vfs objects = fruit streams_xattr
     ea support = yes
     fruit:metadata = stream
     fruit:nfs_aces = no
     fruit:aapl = yes
     fruit:model = MacSamba
     fruit:posix_rename = yes
     #fruit:veto_appledouble = no
     #fruit:zero_file_id = yes
     #fruit:wipe_intentionally_left_blank_rfork = yes
     #fruit:delete_empty_adfiles = yes

[nas02]
        path = /mnt/nas02/active
        browseable = yes
        read only = no
        inherit acls = yes
        inherit permissions = yes
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Reply via email to