Re: [Samba] Strange winbind behavior with netbios name, perfect with ip address

Mon, 11 Jul 2005 01:58:46 -0700 

Hi!
Please verify, that in both cases kerberos authentication is used.
I'm not shure, if this the reason on your case, but maybe it's worth a look - as I found completly different behaviour, when using ip-addresses or hostnames to access a member server: 


When joining the AD domain, a ticket with the hostname of the Samba 
machine is created on the AD-Server.
When you connect to the server via \\ip-address\sharename, the client 
tries to receive a ticket for a server with the name "ip-address (e.g. 
192.168.3.188)".
The server does not have a ticket for this name (only for the hostname) 
and returns a "have no ticket for this" error to the client.

Now your client tries the next method: NTLM, which might succeed.

In the other case, the AD-Server might pass your client a ticket, which

fails to be used for some reason. In this case, your client cannot get 
its required access rights.



I've had cases where AD was completly broken - but I didn't recongize it 
because I allways used \\ip-address\ to connect to the server.


Bye,
Martin

Hamish wrote:

Hi all

This is a bit of a continuation of an old thread, which I have had no joy in 
fixing. We have a samba server authenticating against a W2k3 server in 
security = ADS mode.



If there is a file in a share, owned by user."domain users" and chmod 700, it 
would normally be ONLY readable by that user.



This is true only if the user goes to \\ip.add.of.srv\share - if he goes to 
\\servername\share, he cannot read the file. 

If the user goes to \\servername\share and creates a file, it is owned by him, 
so the server can distinguish the username.



If i set the permissions g+r on the file, then the user can see the file just 
fine. Unfortunately so can anyone in "domain users" - this is not good for 
files which need to be readable only for the user.


I am completely stumped, can anyone shed any light on this?

Setup:
SuSE Linux 9.0 (i586)
samba Version 3.0.14a-SUSE
winbindd Version 3.0.14a-SUSE

Cheers,
Hamish




--
Martin Zielinski             [EMAIL PROTECTED]
Software Development
SEH Computertechnik GmbH     www.seh.de
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba














    











					Reply via email to