Samba share not accessable from other subnets
up vote
0
down vote
favorite
Thanks for taking a look to my issue and think with me for a solution.
I have a samba server on a subnet 172.23.3.55/23 (2.0 --> 3.255) and within that subnet I can access the server no problem.
Also the 172.23.4.0/23 subnet that lives on the same Core Switch can access the server no problem.
Even our Office Subnet 129.228.114.0/23 can access the system through the firewall with no issue. But when I connect to our VPN network, 172.23.45.0/24 or when I come from a different office with totally different ranges I cannot access the server. The server responds, and I need to login, but the login is rejected always.
Here is my [global] and [share] section of the smb.conf
workgroup = localdomain.nmc
netbios name = AMS-QTGW02
server string = %h server (Samba %v)
# hosts allow = 172.23.202.0/24 172.23.45.0/24 129.228.114.0/23
129.228.70.0/24 129.228.109.42 129.228.109.83
force user = nobody
force group = nobody
force create mode = 0666
force directory mode = 0777
create mode = 0666
directory mode = 0777
guest account = vimn
security = user
passdb backend = tdbsam
ntlm auth = yes
log file = /var/log/samba/log.%m
log level = 2 passdb:5 auth:5
max log size = 50M
#Performance Tuning:
use sendfile = true
kernel oplocks = no
strict locking = no
#FUCK OSX!
veto files = /.DS_Store/.AppleDesktop/.AppleDB/.AppleDouble/.Temporary Items/
delete veto files = yes
printing = cups
printcap name = cups
load printers = no
cups options = raw
[AMS-HATCH]
comment = HATCH Storage Share (AutoCleaned 30 Days)
path = /quantum/AMS-HATCH
browseable = yes
writable = yes
guest ok = yes
force user = nobody
force group = nobody
valid users = @LinuxAdmins, vimn, mll
As you can see I outhashed the line "hosts allow" so that all IP's can access them, later when all is working I would like to limit access through that (or "hosts deny").
The credentials are checked already multiple times, and they are enterred correctly.
I red something about samba-winbond for non-domain servers to be disabled, but I did not install it, is there a setting I don't know about that I mis or should use?
In the log file of this session I have this:
[2018/02/19 11:21:07.724423, 5]
../source3/auth/server_info_sam.c:122(make_server_info_sam)
make_server_info_sam: made server info for user vimn -> vimn
[2018/02/19 11:21:07.724461, 3]
../source3/auth/auth.c:249(auth_check_ntlm_password)
check_ntlm_password: sam authentication for user [vimn] succeeded
[2018/02/19 11:21:07.724516, 5]
../source3/auth/auth.c:292(auth_check_ntlm_password)
check_ntlm_password: PAM Account for user [vimn] succeeded
[2018/02/19 11:21:07.724537, 2]
../source3/auth/auth.c:305(auth_check_ntlm_password)
check_ntlm_password: authentication for user [vimn] -> [vimn] -> [vimn]
succeeded
[2018/02/19 11:21:07.725216, 5]
../source3/passdb/pdb_interface.c:1749(lookup_global_sam_rid)
lookup_global_sam_rid: looking up RID 513.
[2018/02/19 11:21:07.725264, 5]
../source3/passdb/pdb_tdb.c:658(tdbsam_getsampwrid)
pdb_getsampwrid (TDB): error looking up RID 513 by key RID_00000201.
[2018/02/19 11:21:07.725300, 5]
../source3/passdb/pdb_interface.c:1825(lookup_global_sam_rid)
Can't find a unix id for an unmapped group
[2018/02/19 11:21:07.725317, 5]
../source3/passdb/pdb_interface.c:1535(pdb_default_sid_to_id)
SID S-1-5-21-3363938291-73671434-3978610123-513 belongs to our domain, but
there is no corresponding object in the database.
Password is authenticated correctly, but still the connection is cut-off.
Thanks a lot people.
edit: added the log section.
linux centos samba subnets
asked Feb 19 at 10:37
SHLelieveld
1211213
add a comment |
up vote
0
down vote
favorite
Thanks for taking a look to my issue and think with me for a solution.
I have a samba server on a subnet 172.23.3.55/23 (2.0 --> 3.255) and within that subnet I can access the server no problem.
Also the 172.23.4.0/23 subnet that lives on the same Core Switch can access the server no problem.
Even our Office Subnet 129.228.114.0/23 can access the system through the firewall with no issue. But when I connect to our VPN network, 172.23.45.0/24 or when I come from a different office with totally different ranges I cannot access the server. The server responds, and I need to login, but the login is rejected always.
Here is my [global] and [share] section of the smb.conf
workgroup = localdomain.nmc
netbios name = AMS-QTGW02
server string = %h server (Samba %v)
# hosts allow = 172.23.202.0/24 172.23.45.0/24 129.228.114.0/23
129.228.70.0/24 129.228.109.42 129.228.109.83
force user = nobody
force group = nobody
force create mode = 0666
force directory mode = 0777
create mode = 0666
directory mode = 0777
guest account = vimn
security = user
passdb backend = tdbsam
ntlm auth = yes
log file = /var/log/samba/log.%m
log level = 2 passdb:5 auth:5
max log size = 50M
#Performance Tuning:
use sendfile = true
kernel oplocks = no
strict locking = no
#FUCK OSX!
veto files = /.DS_Store/.AppleDesktop/.AppleDB/.AppleDouble/.Temporary Items/
delete veto files = yes
printing = cups
printcap name = cups
load printers = no
cups options = raw
[AMS-HATCH]
comment = HATCH Storage Share (AutoCleaned 30 Days)
path = /quantum/AMS-HATCH
browseable = yes
writable = yes
guest ok = yes
force user = nobody
force group = nobody
valid users = @LinuxAdmins, vimn, mll
As you can see I outhashed the line "hosts allow" so that all IP's can access them, later when all is working I would like to limit access through that (or "hosts deny").
The credentials are checked already multiple times, and they are enterred correctly.
I red something about samba-winbond for non-domain servers to be disabled, but I did not install it, is there a setting I don't know about that I mis or should use?
In the log file of this session I have this:
[2018/02/19 11:21:07.724423, 5]
../source3/auth/server_info_sam.c:122(make_server_info_sam)
make_server_info_sam: made server info for user vimn -> vimn
[2018/02/19 11:21:07.724461, 3]
../source3/auth/auth.c:249(auth_check_ntlm_password)
check_ntlm_password: sam authentication for user [vimn] succeeded
[2018/02/19 11:21:07.724516, 5]
../source3/auth/auth.c:292(auth_check_ntlm_password)
check_ntlm_password: PAM Account for user [vimn] succeeded
[2018/02/19 11:21:07.724537, 2]
../source3/auth/auth.c:305(auth_check_ntlm_password)
check_ntlm_password: authentication for user [vimn] -> [vimn] -> [vimn]
succeeded
[2018/02/19 11:21:07.725216, 5]
../source3/passdb/pdb_interface.c:1749(lookup_global_sam_rid)
lookup_global_sam_rid: looking up RID 513.
[2018/02/19 11:21:07.725264, 5]
../source3/passdb/pdb_tdb.c:658(tdbsam_getsampwrid)
pdb_getsampwrid (TDB): error looking up RID 513 by key RID_00000201.
[2018/02/19 11:21:07.725300, 5]
../source3/passdb/pdb_interface.c:1825(lookup_global_sam_rid)
Can't find a unix id for an unmapped group
[2018/02/19 11:21:07.725317, 5]
../source3/passdb/pdb_interface.c:1535(pdb_default_sid_to_id)
SID S-1-5-21-3363938291-73671434-3978610123-513 belongs to our domain, but
there is no corresponding object in the database.
Password is authenticated correctly, but still the connection is cut-off.
Thanks a lot people.
edit: added the log section.
linux centos samba subnets
asked Feb 19 at 10:37
SHLelieveld
1211213
add a comment |
up vote
0
down vote
favorite
up vote
0
down vote
favorite
Thanks for taking a look to my issue and think with me for a solution.
I have a samba server on a subnet 172.23.3.55/23 (2.0 --> 3.255) and within that subnet I can access the server no problem.
Also the 172.23.4.0/23 subnet that lives on the same Core Switch can access the server no problem.
Even our Office Subnet 129.228.114.0/23 can access the system through the firewall with no issue. But when I connect to our VPN network, 172.23.45.0/24 or when I come from a different office with totally different ranges I cannot access the server. The server responds, and I need to login, but the login is rejected always.
Here is my [global] and [share] section of the smb.conf
workgroup = localdomain.nmc
netbios name = AMS-QTGW02
server string = %h server (Samba %v)
# hosts allow = 172.23.202.0/24 172.23.45.0/24 129.228.114.0/23
129.228.70.0/24 129.228.109.42 129.228.109.83
force user = nobody
force group = nobody
force create mode = 0666
force directory mode = 0777
create mode = 0666
directory mode = 0777
guest account = vimn
security = user
passdb backend = tdbsam
ntlm auth = yes
log file = /var/log/samba/log.%m
log level = 2 passdb:5 auth:5
max log size = 50M
#Performance Tuning:
use sendfile = true
kernel oplocks = no
strict locking = no
#FUCK OSX!
veto files = /.DS_Store/.AppleDesktop/.AppleDB/.AppleDouble/.Temporary Items/
delete veto files = yes
printing = cups
printcap name = cups
load printers = no
cups options = raw
[AMS-HATCH]
comment = HATCH Storage Share (AutoCleaned 30 Days)
path = /quantum/AMS-HATCH
browseable = yes
writable = yes
guest ok = yes
force user = nobody
force group = nobody
valid users = @LinuxAdmins, vimn, mll
As you can see I outhashed the line "hosts allow" so that all IP's can access them, later when all is working I would like to limit access through that (or "hosts deny").
The credentials are checked already multiple times, and they are enterred correctly.
I red something about samba-winbond for non-domain servers to be disabled, but I did not install it, is there a setting I don't know about that I mis or should use?
In the log file of this session I have this:
[2018/02/19 11:21:07.724423, 5]
../source3/auth/server_info_sam.c:122(make_server_info_sam)
make_server_info_sam: made server info for user vimn -> vimn
[2018/02/19 11:21:07.724461, 3]
../source3/auth/auth.c:249(auth_check_ntlm_password)
check_ntlm_password: sam authentication for user [vimn] succeeded
[2018/02/19 11:21:07.724516, 5]
../source3/auth/auth.c:292(auth_check_ntlm_password)
check_ntlm_password: PAM Account for user [vimn] succeeded
[2018/02/19 11:21:07.724537, 2]
../source3/auth/auth.c:305(auth_check_ntlm_password)
check_ntlm_password: authentication for user [vimn] -> [vimn] -> [vimn]
succeeded
[2018/02/19 11:21:07.725216, 5]
../source3/passdb/pdb_interface.c:1749(lookup_global_sam_rid)
lookup_global_sam_rid: looking up RID 513.
[2018/02/19 11:21:07.725264, 5]
../source3/passdb/pdb_tdb.c:658(tdbsam_getsampwrid)
pdb_getsampwrid (TDB): error looking up RID 513 by key RID_00000201.
[2018/02/19 11:21:07.725300, 5]
../source3/passdb/pdb_interface.c:1825(lookup_global_sam_rid)
Can't find a unix id for an unmapped group
[2018/02/19 11:21:07.725317, 5]
../source3/passdb/pdb_interface.c:1535(pdb_default_sid_to_id)
SID S-1-5-21-3363938291-73671434-3978610123-513 belongs to our domain, but
there is no corresponding object in the database.
Password is authenticated correctly, but still the connection is cut-off.
Thanks a lot people.
edit: added the log section.
linux centos samba subnets
asked Feb 19 at 10:37
SHLelieveld
1211213
Thanks for taking a look to my issue and think with me for a solution.
I have a samba server on a subnet 172.23.3.55/23 (2.0 --> 3.255) and within that subnet I can access the server no problem.
Also the 172.23.4.0/23 subnet that lives on the same Core Switch can access the server no problem.
Even our Office Subnet 129.228.114.0/23 can access the system through the firewall with no issue. But when I connect to our VPN network, 172.23.45.0/24 or when I come from a different office with totally different ranges I cannot access the server. The server responds, and I need to login, but the login is rejected always.
Here is my [global] and [share] section of the smb.conf
workgroup = localdomain.nmc
netbios name = AMS-QTGW02
server string = %h server (Samba %v)
# hosts allow = 172.23.202.0/24 172.23.45.0/24 129.228.114.0/23
129.228.70.0/24 129.228.109.42 129.228.109.83
force user = nobody
force group = nobody
force create mode = 0666
force directory mode = 0777
create mode = 0666
directory mode = 0777
guest account = vimn
security = user
passdb backend = tdbsam
ntlm auth = yes
log file = /var/log/samba/log.%m
log level = 2 passdb:5 auth:5
max log size = 50M
#Performance Tuning:
use sendfile = true
kernel oplocks = no
strict locking = no
#FUCK OSX!
veto files = /.DS_Store/.AppleDesktop/.AppleDB/.AppleDouble/.Temporary Items/
delete veto files = yes
printing = cups
printcap name = cups
load printers = no
cups options = raw
[AMS-HATCH]
comment = HATCH Storage Share (AutoCleaned 30 Days)
path = /quantum/AMS-HATCH
browseable = yes
writable = yes
guest ok = yes
force user = nobody
force group = nobody
valid users = @LinuxAdmins, vimn, mll
As you can see I outhashed the line "hosts allow" so that all IP's can access them, later when all is working I would like to limit access through that (or "hosts deny").
The credentials are checked already multiple times, and they are enterred correctly.
I red something about samba-winbond for non-domain servers to be disabled, but I did not install it, is there a setting I don't know about that I mis or should use?
In the log file of this session I have this:
[2018/02/19 11:21:07.724423, 5]
../source3/auth/server_info_sam.c:122(make_server_info_sam)
make_server_info_sam: made server info for user vimn -> vimn
[2018/02/19 11:21:07.724461, 3]
../source3/auth/auth.c:249(auth_check_ntlm_password)
check_ntlm_password: sam authentication for user [vimn] succeeded
[2018/02/19 11:21:07.724516, 5]
../source3/auth/auth.c:292(auth_check_ntlm_password)
check_ntlm_password: PAM Account for user [vimn] succeeded
[2018/02/19 11:21:07.724537, 2]
../source3/auth/auth.c:305(auth_check_ntlm_password)
check_ntlm_password: authentication for user [vimn] -> [vimn] -> [vimn]
succeeded
[2018/02/19 11:21:07.725216, 5]
../source3/passdb/pdb_interface.c:1749(lookup_global_sam_rid)
lookup_global_sam_rid: looking up RID 513.
[2018/02/19 11:21:07.725264, 5]
../source3/passdb/pdb_tdb.c:658(tdbsam_getsampwrid)
pdb_getsampwrid (TDB): error looking up RID 513 by key RID_00000201.
[2018/02/19 11:21:07.725300, 5]
../source3/passdb/pdb_interface.c:1825(lookup_global_sam_rid)
Can't find a unix id for an unmapped group
[2018/02/19 11:21:07.725317, 5]
../source3/passdb/pdb_interface.c:1535(pdb_default_sid_to_id)
SID S-1-5-21-3363938291-73671434-3978610123-513 belongs to our domain, but
there is no corresponding object in the database.
Password is authenticated correctly, but still the connection is cut-off.
Thanks a lot people.
edit: added the log section.
linux centos samba subnets
linux centos samba subnets
asked Feb 19 at 10:37
SHLelieveld
1211213
asked Feb 19 at 10:37
SHLelieveld
1211213
edited Feb 19 at 10:42
asked Feb 19 at 10:37
SHLelieveld
1211213
asked Feb 19 at 10:37
SHLelieveld
1211213
asked Feb 19 at 10:37
SHLelieveld
1211213
1211213
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
up vote
0
down vote
accepted
Nobody supplied an answer, but the problem does not persist anymore.
answered Dec 3 at 13:30
SHLelieveld
1211213
add a comment |
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
accepted
Nobody supplied an answer, but the problem does not persist anymore.
answered Dec 3 at 13:30
SHLelieveld
1211213
add a comment |
up vote
0
down vote
accepted
Nobody supplied an answer, but the problem does not persist anymore.
answered Dec 3 at 13:30
SHLelieveld
1211213
add a comment |
up vote
0
down vote
accepted
up vote
0
down vote
accepted
Nobody supplied an answer, but the problem does not persist anymore.
answered Dec 3 at 13:30
SHLelieveld
1211213
Nobody supplied an answer, but the problem does not persist anymore.
answered Dec 3 at 13:30
SHLelieveld
1211213
answered Dec 3 at 13:30
SHLelieveld
1211213
answered Dec 3 at 13:30
SHLelieveld
1211213
answered Dec 3 at 13:30
SHLelieveld
1211213
1211213
add a comment |
add a comment |
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f425149%2fsamba-share-not-accessable-from-other-subnets%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
