Hi!
Please verify, that in both cases kerberos authentication is used.
I'm not shure, if this the reason on your case, but maybe it's worth a
look - as I found completly different behaviour, when using ip-addresses
or hostnames to access a member server:
When joining the AD domain, a ticket with the hostname of the Samba
machine is created on the AD-Server.
When you connect to the server via \\ip-address\sharename, the client
tries to receive a ticket for a server with the name "ip-address (e.g.
192.168.3.188)".
The server does not have a ticket for this name (only for the hostname)
and returns a "have no ticket for this" error to the client.
Now your client tries the next method: NTLM, which might succeed.
In the other case, the AD-Server might pass your client a ticket, which
fails to be used for some reason. In this case, your client cannot get
its required access rights.
I've had cases where AD was completly broken - but I didn't recongize it
because I allways used \\ip-address\ to connect to the server.
Bye,
Martin
Hamish wrote:
Hi all
This is a bit of a continuation of an old thread, which I have had no joy in
fixing. We have a samba server authenticating against a W2k3 server in
security = ADS mode.
If there is a file in a share, owned by user."domain users" and chmod 700, it
would normally be ONLY readable by that user.
This is true only if the user goes to \\ip.add.of.srv\share - if he goes to
\\servername\share, he cannot read the file.
If the user goes to \\servername\share and creates a file, it is owned by him,
so the server can distinguish the username.
If i set the permissions g+r on the file, then the user can see the file just
fine. Unfortunately so can anyone in "domain users" - this is not good for
files which need to be readable only for the user.
I am completely stumped, can anyone shed any light on this?
Setup:
SuSE Linux 9.0 (i586)
samba Version 3.0.14a-SUSE
winbindd Version 3.0.14a-SUSE
Cheers,
Hamish
--
Martin Zielinski [EMAIL PROTECTED]
Software Development
SEH Computertechnik GmbH www.seh.de
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba