can't connect to samba share (AD member server)

matt92 · Post by **matt92** » 2016/12/31 10:21:05

Hi,

i setuped recently a test environment with glusterfs, samba and ctdb.
with auth. setup with USER and local samba/linux user i can access the share.
now i joint the samba server with REALM to the domain successfully and REALM LIST shows the expected resuls.
also ID username@xv.mydomain.local shows the correct memberships of the user.

however i'm not able to access any share from any of my windows machines (windows 10/7/2008), access denied

for testing i disabled the firewall as well as selinux od the samba server.
NTP is working and the SAMBA server has the same time as the DC.

realm list

Code: Select all

XV.MYDOMAIN.LOCAL
  type: kerberos
  realm-name: XV.MYDOMAIN.LOCAL
  domain-name: xv.mydomain.local
  configured: kerberos-member
  server-software: active-directory
  client-software: sssd
  required-package: oddjob
  required-package: oddjob-mkhomedir
  required-package: sssd
  required-package: adcli
  required-package: samba-common-tools
  login-formats: %U@xv.mydomain.local
  login-policy: allow-realm-logins

my smb.conf

Code: Select all

clustering = yes
idmap backend = tdb2
private dir = /opt/samba-config/


[global]
        workgroup = mydomain
        security = ads
        server string = Samba Server Version %v

        log file = /var/log/samba/log.%m
        max log size = 50

        encrypt passwords = yes
        passdb backend = tdbsam
        realm = xv.mydomain.com

        printing = cups
        printcap name = /dev/null
        load printers = no
        cups options = raw

[homes]
        comment = Home Directories
        valid users = %S, %D%w%S
        browseable = No
        read only = No
        inherit acls = Yes

#[printers]
#       comment = All Printers
#        path = /var/tmp
#        printable = Yes
#        create mask = 0600
#        browseable = No

#[print$]
#        comment = Printer Drivers
#        path = /var/lib/samba/drivers
#        write list = root
#        create mask = 0664
#        directory mask = 0775

[gluster-config]
comment = For samba share of volume config
vfs objects = glusterfs
glusterfs:volume = config
glusterfs:logfile = /var/log/samba/glusterfs-config.%M.log
glusterfs:loglevel = 7
path = /
read only = no
guest ok = yes


[data]
 comment = Samba share of gluster vol data
 path = /
 nt acl support = yes
 read only = No
 writeable = yes
 guest ok = No
 kernel share modes = No
 vfs objects = glusterfs
 glusterfs:loglevel = 7
 glusterfs:logfile = /var/log/samba/glusterfs-data.%M.log
 glusterfs:volume = data
 valid users = @"domain\ users@XV.MYDOMAIN.LOCAL"

i appreciate any help to solve this problem