Home / server / Questions / 162752
In Process
MrMahgu
Asked: 2010-07-22 10:22:05 +0800 CST

Unable to access SAMBA from domain workstations

  • 772

I have a rather interesting problem, hopefully someone here may be able to point me in the right direction in order to solve it.

Basics:

  • Windows 2003 R2 Domain
  • Windows XP SP3 Pro Workstation joined to said domain
  • Windows XP SP3 Pro Workstation NOT joined to said domain but on same network, just not a domain member computer.
  • OpenSUSE 11.2 SAMBA SHARE

Now the problem is this.

The NON-JOINED Workstation can access the SAMBA share via IP and/or HOSTNAME. The joined computer can not and receives the following message:

"Windows cannot find '\\10.0.0.15'. Check the spelling and try again, or try search for the item by clicking the Start button and then clicking Search."

I'm a little confused. Both computers (and domain) are connected to the same switch, access the same firewall and run the same software. The only difference is that one computer is a member of a domain, the other is not.

The GPO for the domain has many options. Are there some security options that I have setup that could be causing this problem?

Note : The Samba share is 100% setup correctly, does not access the domain, does not care about the domain, is not a member, and works for non domain joined computers on the same network.

Update : All firewalls (on samba box, windows xp boxes, domain) are off. There is no firewall between the SAMBA box and the windows machines. (to just clear that up now)

Update #2 : Here is not only the global section, but my entire smb.conf

[global]
        printing = cups
        printcap name = cups
        printcap cache time = 750
        cups options = raw
        map to guest = Bad User
        usershare allow guests = No
        domain logons = No
        domain master = No
        security = user
        netbios name = mctdev
        passdb backend = smbpasswd
        server name = MCTDEV
        server string = MCTDEV
        comment = MCTDEV
        workgroup = MCTSHINE


[dump]
        comment = Dump
        inherit acls = Yes
        path = /srv/dump
        read only = No
        force group = dump
        force user = dump
        guest ok = Yes
        username = dump
samba

1 Answers

  1. You didn't state the version of Samba you're using....

    The GPO for the domain has many options. Are there some security options that I have setup that could be causing this problem?

    Short answer: Yes.
    Most likely is a setting that requires high security settings (such as encryption, SPNEGO etc.) for all connections to shares of remote fileservers.

    Longer answer:
    I also noted that your [dump] share requests username = dump as the connecting username for the clients. An AD member client machine will always supply the current user's domain account name for each initial connection request to a remote fileserver. I assume this one is not dump. That would mean, Samba sees a bad user, which it will map to guest per quoted smb.conf. So, the question is: is there a guest account on your Samba system?

    Advice:
    Temporarily add settings of log level = 3 (you can increase to 10 if you like verbose logs) and log file = /tmp/smbd.log.%m to your [global] section in smb.conf. That should give you some clues about what Samba sees happening, once you investigate your smbd.log.* files. Each client will have its own logfile, and you can easily compare what's the difference between connection attempts by AD and by non-AD clients.

    • 2