Hi this is starting to drive me a little nuts, clean fresh install of NS, added samba and file sharing. Setup everything and it appears to be working. I have connected to the same workgroup with a client PC.
I can access shares which allow guest access (for testing) but anything using permissions does not allow me access with any username. I can connect to the AD and my credentials work ok, what am I missing?
This is one area that is not working as I would have expected. If I try to connect to the domain lacloue.local I cannot access the shares. if I connect to workgroup lacloue, I can see the shares. But only access those Iâve set to guest access.
If I try connecting as user@lacloue.local still no joy
Hereâs the domain accounts page grab, which to me reads as everything should be running ok
NetBIOS domain name: LACLOUE
LDAP server: 192.168.2.3
LDAP server name: nsdc-server.lacloue.local
Realm: LACLOUE.LOCAL
Bind Path: dc=LACLOUE,dc=LOCAL
LDAP port: 389
Server time: Mon, 30 Jan 2017 15:08:58 CET
KDC server: 192.168.2.3
Server time offset: 0
Last machine account password change: Fri, 27 Jan 2017 18:41:57 CET
Join is OK
name: SERVER
objectSid: S-1-5-21-853824779-2190824322-2453242918-1103
accountExpires: 9223372036854775807
sAMAccountName: SERVER$
pwdLastSet: 131300125160000000
dNSHostName: server.lacloue.local
servicePrincipalName: HOST/SERVER
servicePrincipalName: HOST/server.lacloue.local
whenChanged: 20170127174158.0Z
lastLogon: 131302589482527770
distinguishedName: CN=SERVER,CN=Computers,DC=lacloue,DC=local
âŚshould return the IP addresses youâve choosen for NSDC and NethServer itself.
There are many shares with different permissions. Those owned by ârootâ seems to require a âReset permissionsâ from the âShared foldersâ page: did you create them before installing nethserver-dc (Samba Active Directory local account provider)?
It wouldnât be anything on the smb.conf side of things would it?
I know this is templated and updates automatically so I have not altered anything. But it gives the impression to me that itâs not resolving security properly so falling back to acl permissions.
I may try a wipe and re-install tomorrow in case itâs a random glitch. Any thoughts in the meantime are welcome
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[global]"
Processing section "[global]"
added interface lo ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0
interpret_interface: using netmask value 16 from config file on interface enp4s0
added interface enp4s0 ip=192.168.1.18 bcast=192.168.1.255 netmask=255.255.0.0
Client started (version 4.4.4).
Enter LACLOUE\ryan's password:
resolve_hosts: Attempting host lookup for name server.lacloue.local<0x20>
Connecting to 192.168.2.4 at port 445
E2BIG: convert_string(UTF-8,CP850): srclen=21 destlen=16 - 'SERVER.LACLOUE.LOCAL'
Connecting to 192.168.2.4 at port 139
Connection to server.lacloue.local failed (Error NT_STATUS_CONNECTION_REFUSED)
Iâm not 100% on syntax to use with smbclient as guest so correct if wrong:
[root@server ~]# smbclient -d 3 -U 'LACLOUE\guest%' -W LACLOUE //server.lacloue.local/spare
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[global]"
Processing section "[global]"
added interface lo ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0
interpret_interface: using netmask value 16 from config file on interface enp4s0
added interface enp4s0 ip=192.168.1.18 bcast=192.168.1.255 netmask=255.255.0.0
Client started (version 4.4.4).
Connecting to 192.168.2.4 at port 445
E2BIG: convert_string(UTF-8,CP850): srclen=21 destlen=16 - 'SERVER.LACLOUE.LOCAL'
Connecting to 192.168.2.4 at port 139
Connection to server.lacloue.local failed (Error NT_STATUS_CONNECTION_REFUSED)
I decided to do a wipe and re-install. will let you know how it goes, especially if certain aspects are ongoing, i.e. the security issue over sftp, I will let you know.
Iâm sorry to report that I gave-up on Nethserver and installed a different linux server. Which after a slight hiccup worked out of the box for samba shares and does not have the sftp security vulnerability (as I see it).
I liked the CentOS distro but I donât mean any of the following in a harsh way, as your product is aimed at people who want a gui to allow simple management and setup. Of the two based on CentOS I tested yours was better. But both failed at samba, maybe itâs something you should look into closer and re-evaluate the security aspects.