sharpec
(EnzoC)
October 4, 2017, 3:08pm
1
Buongiorno,
I continue to not solve this problem.
now I’m on the remote site.
I installed a second nethserver, with a vpn tunnel I published the 2 net directly
1.x with samba services
and 18.x the network that must access remotely
(i remove completly alias 12.x)
the folders without authentication navigate, those protected no, keep asking me for the password.
I’m looking at all the logs
message / firewall / log.smb
but I find nothing.
Where should I look? do you have some advice?
Thanks
in prompt i have run
net use * /delete
and retry connection
192.168.18.130 my pc
192.168.1.241 samba server
davidep
(Davide Principi)
October 4, 2017, 4:29pm
2
Any error from smbd or nmbd in /var/log/messages
?
sharpec
(EnzoC)
October 4, 2017, 4:56pm
3
any
can a Windows Active Directory domain interfere with authentication?
to avoid dns problems I have put on pc in
c: \ windows \ system32 \ etc \ hosts
192.168.1.2 nsdc-samba.domain.it domain.it domain
192.168.1.241 samba.domain.it
sharpec
(EnzoC)
October 4, 2017, 5:29pm
4
no! i have try with only my pc…
sharpec
(EnzoC)
October 5, 2017, 6:12am
5
i have try from another network through another tunnel vpn.
same result.
autentication dosen’t work!
someone uses shared folder with ACL through the vpn tunnel?
my pc -> nethserver -> internet <- nethserver <- samba server
192.168.18.130 192.168.18.254 192.168.1.254 192.168.1.241
davidep
(Davide Principi)
October 5, 2017, 7:04am
6
Hi Enzo,
what do you think about this?
STATUS_ACCESS_DENIED sounds as if a program on the client tried to open or create a file to which the account being used for the SMB connection did not have access - i.e., it’s not a networking problem or an SMB packet-signing problem, it’s a file permissions problem.
https://ask.wireshark.org/questions/71/smb-troubleshooting
sharpec
(EnzoC)
October 5, 2017, 8:10am
7
Isn’t permission problem, i have check via GUI and Reset Permission on folder.
I have try with my user and admin user.
yet I am convinced that it is a name resolution problem.
I tried to insert the entry into the LMHOST file in ipv4 protocol
192.168.1.2 DOMAIN
1.2 is the nsdc ip
for once it has been authenticated,
I restarted the pc and you no longer logged in
davidep
(Davide Principi)
October 5, 2017, 8:24am
8
once? Can you test it from smbclient
? I prefer it because has no “caching” and error messages are more useful
sharpec
(EnzoC)
October 5, 2017, 8:43am
9
connection through OpenVpn Gui via OpenVPN roadwarrior
work perfectly.
sharpec
(EnzoC)
October 5, 2017, 9:49am
10
[root@dbo ~]# smbclient //192.168.1.241/officina -U enzo@domain.it
Enter enzo@domain.it's password:
OS=[Windows 6.1] Server=[Samba 4.4.4]
tree connect failed: NT_STATUS_ACCESS_DENIED
[root@dbo ~]# smbclient //192.168.1.241/officina -U enzo -W domain
Enter DOMAIN\enzo's password:
session setup failed: NT_STATUS_LOGON_FAILURE
davidep
(Davide Principi)
October 5, 2017, 10:21am
11
Do those commands work if the client is in the same LAN of the file server?
Ctek
(Bogdan C)
October 5, 2017, 11:13am
12
Just a silly questions. I did not understand very well the setup so:
Is the client using the DNS of the server ?
Also is the second NS joined to the AD ?
what format is the username you use?:
DOMAIN\username or username@domain.suffix
try using only “domain” and do not apend the suffix ".it"
Example username@domain
Also a good thing will be to check what level of protocol is used by the client to negociate NT/SMB/SMB2/SMB3 etc
sharpec
(EnzoC)
October 5, 2017, 1:35pm
13
they actually do not seem to run, I did a lot of tests, but I do not find any errors in the logs, I also checked in sssd. host-specific samba logs are empty (0 kb)
no and no, but I’ve tried all the combinations of dns (local NS, remote NS, remote SAMBA)
in primary network (not vpn) both work well. I use it indiscriminately for joining in the domain
wireshark say SMB2
i have try but dont solve
davidep
(Davide Principi)
October 5, 2017, 1:57pm
14
sharpec:
they actually do not seem to run, I did a lot of tests, but I do not find any errors in the logs, I also checked in sssd
I’m quite confused… can we focus on a File Server (with remote AD account provider) scenario? Can we ignore the VPN?
This is puzzling! Ensure your remote network is considered “trusted” (see Trusted networks page).
sharpec
(EnzoC)
October 5, 2017, 2:17pm
15
i have setup in remote dns client only ip of VB-nsdc
client now login, both > domain\user and > user@domain.it
obviously not a solution, but maybe it’s the explanation of the problem
i have insert remote network vpn tunnel in trusted network, since he did not see anything
maybe I’m wrong with the commands in smbclient, now I’m looking for the right combination
sharpec
(EnzoC)
October 13, 2017, 6:30am
16
ok i found solution.
for correct name resolution in remote vpn tunnel fw i have insert as a secondary dns the ip of my primary fw
in samba server i have added ip subnet of vpn tunnel into the trusted network
now domain authentication work right with DOMAIN\username over vpn tunnel
hoping they will
3 Likes
davidep
(Davide Principi)
June 7, 2018, 8:02pm
17
You’re lucky: mixing private and public DNS forwarding leads to weird issues! I’d not recommend it at all!
dnutan
(Marc)
Split this topic
May 30, 2021, 9:00am
18