Bug #1087
closed
Unable to connect to the CIFS server using \\servername.fqdn
0%
Description
Opensolaris bug ID:
6791642 Unable to connect to the CIFS server using \\servername.fqdn
Files
Related issues
Updated by Yuri Pankov over 12 years ago
I doubt that OpenSolaris bugtracker is accessible at the moment, providing more info should help here.
Updated by Brendon Baumgartner over 12 years ago
Typing in a FQDN to access CIFS server vs hostname yield this error message when using FQDN. Hostname is fine.
Error:
\\server.domain.local is not accessible. You might not have permission to use this network resource. Contact the administrator of this server to find out if you have access permissions.
The account is not authorized to log in from this station.
Updated by Kevin Halgren over 12 years ago
- Status changed from New to Feedback
Additional information:
IP address and FQDN works from non-windows clients (Mac, Linux)
Short name or IP address works OK from Windows clients, FQDN fails.
\\servername [Works OK]
\\192.168.1.1 [Works OK]
\\servername.domain [Fails]
Windows attempts to authenticate via Kerberos when using FQDN, uses NTLMv2 for short name or IP address. This is likely a Kerberos-related issue with Samba on OpenSolaris.
Updated by Kevin Halgren over 12 years ago
For this to work properly, the Samba server needs to support GSSAPI/SPNEGO. A packet trace shows that Windows and the Samba server successfully negotiate using NTLMv2, however when using FQDN, if the Kerberos security blob is not included at the end of the SMB negotiation respose, Windows ignores the NTLM negotiation agreement and closes the connection.
This link has more technical information:
http://arc.opensolaris.org/caselog/PSARC/2009/673/20091209_natalie.li
And this is a remarkably apt video illustrating (metaphorically) the process:
http://www.youtube.com/watch?v=JBtcXujRbAA
Updated by Rich Lowe over 12 years ago
- Project changed from site to illumos gate
Updated by Yuri Pankov almost 12 years ago
How is Samba related and why are we talking about it all?
Updated by Kevin Halgren almost 12 years ago
I mentioned Samba because I was ignorant at the time about Solaris' CIFS/SMB server and assumed it was based on Samba. You can disregard that aspect. This issue was confirmed and ultimately fixed by engineers with Nexenta, we were using their OpenSolaris-based storage server implementation. It was a bug in OpenSolaris CIFS server, unfortunately I do not have the Nexenta issue number at hand.
Updated by Kevin Halgren almost 12 years ago
Found it, Nexenta support case 2268
Kevin
Updated by Will Ottewell almost 11 years ago
This issue still appears in OpenIndianna 151A7 (unless I'm missing anything) - does anyone know if Nexenta have yet contributed the fix to Illumos? If needed can post configs and do packet traces as required.
Updated by Christopher Chan over 10 years ago
- File smb.snoop smb.snoop added
- File smbnew.snoop smbnew.snoop added
- File smbcifs.cap smbcifs.cap added
- File smbcifsbdc.cap smbcifsbdc.cap added
Not exactly the same but I have had issues connecting to cifs via \\\\shortname where I get access denied and it would only work with \\\\ipaddr. I have some network traces.
Updated by Gordon Ross almost 8 years ago
- Status changed from Feedback to Closed
This is fixed with #1122