Solved

Accessing Samba shares on external webserver(s) - how to access

Posted on 2014-09-29
9
197 Views
Last Modified: 2014-10-07
Hi all,

I have recently been getting some samba shares to work on a new Solaris server.

Now that these are working (and browsable), I move on to the next hurdle!

We have a few externally hosted (Windows Server 2008 R2) web servers which are not on our domain, but can still communicate with our network.

I can successfully browse to the samba shares on the existing (soon to be retired) solaris server from these webservers.

These web servers can successfully ping the new solaris server, but I cannot browse to the shares whether I use the server name or the IP address.

I have added the new solaris server/ip address to the Hosts file on the webservers, but this has not made a difference.

Can anyone help me to access the samba shares from these WebServers?

Many thanks
0
Comment
Question by:fieldj
  • 6
  • 3
9 Comments
 

Author Comment

by:fieldj
ID: 40351830
I have changed the logging detail and have some further information, it looks to be an authentication problem.....

Example log when connecting as me from my PC (on the domain):

[2014/09/30 09:37:50.140615,  2] auth/auth.c:309(check_ntlm_password)
  check_ntlm_password:  authentication for user [myusername] -> [myusername] -> [myusername] succeede

Open in new window


Example log when connecting from the webserver (MYWEBSERVER) while logged on as user WEBUSER

 
check_ntlm_password:  Authentication for user [WEBUSER] -> [WEBUSER] FAILED with error NT_STATUS_NO_SUCH_USER
[2014/09/30 10:12:21.161315,  0] auth/auth_domain.c:331(domain_client_validate)
  domain_client_validate: unable to validate password for user WEBUSER in domain MYWEBSERVER to Domain controller MY.INTERNAL.DOMAIN.COM. Error was NT_STATUS_NO_SUCH_USER.
[2014/09/30 10:12:21.161877,  2] auth/auth.c:319(check_ntlm_password)
  check_ntlm_password:  Authentication for user [WEBUSER] -> [WEBUSER] FAILED with error NT_STATUS_NO_SUCH_USER

Open in new window


As I understand it, on the existing Solaris server the webservers bypass the authentication and connect to the shares as the guest user “web”.  However, this doesn’t seem to be working on the new server.

I did read about adding the line “map untrusted to domain = yes” to the smb.conf, but this doesn’t seem to have made any difference.
0
 
LVL 61

Expert Comment

by:gheist
ID: 40352483
System authentication (where apache's user is present) is completely unrelated to samba and it's user DB.
You can always use SFTP over same SSH you have and not open security hole called samba.
0
 

Author Comment

by:fieldj
ID: 40352516
I need to use Samba.

As mentioned above we have an existing Solaris server to which we can successfully browse the samba shares.  I need to replicate this on the new server.

It seems to be a problem with the guest access not working for whatever reason.
0
 
LVL 61

Expert Comment

by:gheist
ID: 40352673
you need to copy just smb.conf and restart samba service
0
Scale it in WD Gold

With up to ten times the workload capacity of desktop drives, WD Gold hard drives employ advanced technology to deliver among the best in reliability, capacity, power efficiency and performance.

 

Author Comment

by:fieldj
ID: 40354085
I have tried this, several times.  Unfortunately it does not help.

Here is my smb.conf.....

[global]
workgroup = MYDOMAIN
realm = INTERNAL.MYDOMAIN.COM
server string = Maginus SUN2014, Samba %v
interfaces = 172.16.X.X
security = ADS
password server = *
map untrusted to domain = yes
map to guest = bad password
guest account = web
server signing = auto
preferred master = Auto
wins server = 172.16.X.XX, 172.16.X.XX
idmap uid = 10000-20000
idmap gid = 10000-20000
template shell = /bin/bash
winbind enum users = Yes
winbind enum groups = Yes
# Debug logging information
log level = 2
log file = /var/log/samba.log.%m
max log size = 50
debug timestamp = yes


[home_report]
comment = Home Report for Res Bulk Pick Lists
path = /home/report
guest only = Yes
guest ok = Yes

Open in new window

0
 
LVL 61

Expert Comment

by:gheist
ID: 40354129
Do you have reverse DNS working and own hostname in etc/hosts same way on both systems?
0
 

Author Comment

by:fieldj
ID: 40354186
When you say 'ownhostname', do you mean the solaris hostname?  In which case I do.

How can I check reverse dns?  On the external webserver I ran ping -a 172.XX.X.X (solaris server IP) and it successfully pinged returning the server name.
0
 

Accepted Solution

by:
fieldj earned 0 total points
ID: 40357368
This turned out to be a couple of lines in the smb.conf:

server signing = auto
preferred master = Auto

By commenting these out it solved the problem.
0
 

Author Closing Comment

by:fieldj
ID: 40365503
3rd party resolved the problem
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Enterprise networks where VoIP phones have been deployed frequently use port configurations that allow both a computer and an IP phone to be plugged into the same switch port but use different VLANs. On Cisco equipment I'm referring to the "native V…
Using libpcap/Jpcap to capture and send packets on Solaris version (10/11) Library used: 1.      Libpcap (http://www.tcpdump.org) Version 1.2 2.      Jpcap(http://netresearch.ics.uci.edu/kfujii/Jpcap/doc/index.html) Version 0.6 Prerequisite: 1.      GCC …
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now