Should NS be the DHCPserver of my LAN to let shared folders function?

NethServer Version:
Module:
Hi all,
I’m still struggling to have shared folders with authentication work on NS7b2.
What have I done:
installed from iso in a virtualbox, udate/upgrade via yum this morning, set NIC to promiscuous mode.
Configure a smb controller on a free IP in the range.
Config says:

NetBIOS domain name: ROLFB
LDAP server: 192.168.1.25
LDAP server name: nsdc-7b2-bis.rolfb.cc
Realm: ROLFB.CC
Bind Path: dc=ROLFB,dc=CC
LDAP port: 389
Server time: Wed, 12 Oct 2016 10:50:58 CEST
KDC server: 192.168.1.25
Server time offset: 0

Join is OK
name: 7B2-BIS
objectSid: S-1-5-21-3300205204-531182651-1777573829-1103
accountExpires: 9223372036854775807
sAMAccountName: 7B2-BIS$
pwdLastSet: 131202481330000000
dNSHostName: 7b2-bis.rolfb.cc
servicePrincipalName: HOST/7B2-BIS
servicePrincipalName: HOST/7b2-bis.rolfb.cc
servicePrincipalName: smtp/7b2-bis
servicePrincipalName: smtp/7b2-bis.rolfb.cc
servicePrincipalName: pop/7b2-bis
servicePrincipalName: pop/7b2-bis.rolfb.cc
servicePrincipalName: imap/7b2-bis
servicePrincipalName: imap/7b2-bis.rolfb.cc
whenChanged: 20161010191351.0Z
lastLogon: 131207358584562770
distinguishedName: CN=7B2-BIS,CN=Computers,DC=rolfb,DC=cc

(anonimised a bit, don’t know it this is sensitive?)

set up users and 2 shared folders, with authentication to 1) domain users and 2) members of a group.
In both cases, I can see the shared folders in windows, and when I try to open them, I’m asked for username/pw.
But then I get an access denied.
The secure-log in NS says:
Oct 12 10:47:50 7b2-bis smbd[4530]: pam_unix(samba:session): session closed for user nobody
Oct 12 10:47:50 7b2-bis smbd[4530]: pam_sss(samba:session): Request to sssd failed. Connection refused

In a post located here it is said that NS should be configured as DHCPserver to let things work. But my fritzbox is doing a good job at that, and I prefer to leave it like so. I can tell fritz to announce NS as the DNS server though. Is that as good as the NS as DHCP? Or is there another fault in my setup?
Please advice?
(if any more info is needed, I can provide. CLI on linux is no problem. Windows is more problematic to me :wink:

First thing that comes up to me is that it shouldn’t be a problem to have another DHCP server enabled. Only thing I can imagine that could have some impact is DHCP clients not being registered in DNS automatically when your fritzbox is being used. But that shouldn’t fail authentication to a Sambashare.

Thanks.
At this moment I’m not able to check a NS install that takes over the DHCP/DNS role for my LAN (since it runs on a virtual machine on my workstation, that’s not 24*7 available).
Any other suggestions?

Hi Rolf,
You can add to the Fritzbox the NS machine as server.
Also I think you can add the domain in the DHCP settings.

Another point is to add the Domain suffix(s) to your client. And / or add the NS host to the hosts file (with the FQDN )
Read here: https://technet.microsoft.com/en-us/library/cc794784(v=ws.10).aspx

It should get rid of the need to use DOMAIN\Username or username@domain when you try to access the shares.

Try it like this and tell us if it works.

Thx, unfortunately, that didn’t help…
Domain accounts said just the same as before (see above).

also the error in /var/log/secure is the same:
Oct 13 21:10:01 7b2-bis smbd[2379]: pam_unix(samba:session): session closed for user nobody
Oct 13 21:10:01 7b2-bis smbd[2379]: pam_sss(samba:session): Request to sssd failed. Connection refused

I just don’t have a clue. Why is user ‘nobody’ referenced, when I try to logon with user rolf (or even root).

You have more in your logs than I do. I have the first line but not the second.

Know this one: The actual share (/etc/lib/nethserver/ibay/[share] is owned by “nobody”. :yum:

Can’t answer the rest :disappointed:

You must do it! When Active Directory account provider is installed, NS must be the LAN DNS.

Perhaps this is a guest access attempt. I should verify it.

EDIT: when you installed the File server module, did you create an ibay before doing the “START DC” procedure?

If your windows machine didn’t join the AD domain, the NetBIOS workgroup/domain name field must be set when connecting to the share (actually “ROLFB”). The user name must be provided without the @rolfbb.cc (realm) suffix.

To sum up:

  • workgroup/domain: ROLFB
  • username without domain suffix

Ok, as I said before, my Linux is better than my windows.
I tried logging on rolf@rolfb.cc, rolf@rolfb, etc.
Wasn’t aware of the ROLFB\rolf convention…
I can use shared folders now, for me, that’s enough windows!

Thnx all

1 Like

When you are used to the logic of Linux, Windows is a puzzle of illogical parts…