Hi,
I am trying to restrict smb share to known windows hostnames.
But if I set windows computer hostname to “hosts allow” in share settings, I cannot access share anymore even hostname is correct.
Is there something special in which format hostname should write?
I know that I could allow ip addresses instead of hostnames but I don’t want to do that.
Firstly which version are you running?
Secondly I assume you have already setup access permissions for specific users? The host allow specifies allowed systems but permissions must still be set correctly.
I am running latest stable 13.0-U6.2 core.
Yes, I have configured users and rights and I can access share until I setup allowed hostname (my windows workstation hostname).
Should hostname include domain name albeit my computer is not ad joined.?
Maybe there is some windows workgroup domain name?
In windows command prompt hostname command returns only computer name.
Historical post but I believe you may have the same issue:
Recommendation from the post:
Try setting
hostname lookups = yes
as an auxiliary parameter under Services->SMB, restart the SMB services, and try again.
I tried setting that parameter but it didnot help.
I also tested all possible combinations of hostname. Samba log looks like that:
root@FILESERVER[/var/log/samba4]# cat auth_audit.log
{“timestamp”: “2024-09-12T05:58:09.168215-0700”, “type”: “Authentication”, “Authentication”: {“version”: {“major”: 1, “minor”: 2}, “eventId”: 4625, “logonId”: “0”, “logonType”: 3, “status”: “NT_STATUS_NO_SUCH_USER”, “localAddress”: “ipv4:192.168.0.90:445”, “remoteAddress”: “ipv4:192.168.0.125:58678”, “serviceDescription”: “SMB2”, “authDescription”: null, “clientDomain”: “.”, “clientAccount”: “ismo”, “workstation”: “WORK-PC”, “becameAccount”: null, “becameDomain”: null, “becameSid”: null, “mappedAccount”: “ismo”, “mappedDomain”: “.”, “netlogonComputer”: null, “netlogonTrustAccount”: null, “netlogonNegotiateFlags”: “0x00000000”, “netlogonSecureChannelType”: 0, “netlogonTrustAccountSid”: null, “passwordType”: “NTLMv2”, “duration”: 3271}}
I can’t see any mention of hostname here. Workstation name is there and it is correct.
Maybe I need switch to use ip addresses :roll_eyes
Can you ping the TrueNAS hostname from your client computer?
I.e. does basic name resolution work regardless of what the SMB share settings are?
Yes, I can ping truenas with hostname from windows computer.
But I can’t ping my workstation from truenas with hostname.
Both machines have my firewall as first dns server.
Is there any setting in truenas that would help with dns resolution?