[Samba] Simple question about netbios name and workgroup, in smb.conf
Ricardo Campos
rdiascampos at gmail.com
Fri Oct 6 18:43:08 UTC 2023
Thanks, Rowland for your quick answer.
1. testparm -s
Loaded services file OK.
Weak crypto is allowed by GnuTLS (e.g. NTLM as a compatibility fallback)
Server role: ROLE_STANDALONE
# Global parameters
[global]
add group script = /usr/sbin/smbldap-groupadd -p "%g"
add machine script = /usr/sbin/smbldap-useradd -W "%u"
add user script = /usr/sbin/smbldap-useradd -a -m "%u"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete group script = /usr/sbin/smbldap-groupdel "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u"
"%g"
delete user script = /usr/sbin/smbldap-userdel "%u"
domain master = Yes
dos charset = iso-8859-1
ldap admin dn = uid=XXXX,ou=xxx,dc=xxx,dc=xxx,dc=xx
ldap group suffix = ou=grupos
ldap idmap suffix = ou=usuarios
ldap machine suffix = ou=computadores
ldap page size = 1024
ldap ssl = no
ldap suffix = dc=xxxx,dc=xxx,dc=xx
ldap user suffix = ou=usuarios
log file = /var/log/samba/%U_%m.log
logon drive = U:
logon home =
logon path =
logon script = logon.bat
max log size = 8000
netbios aliases = newatena
netbios name = NEWATENA
ntlm auth = ntlmv1-permitted
os level = 33
passdb backend = ldapsam:ldap://127.0.0.1
preferred master = Yes
printcap name = cups
security = USER
server max protocol = NT1
server string = Servidor de arquivos - em testes
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
time server = Yes
unix charset = iso-8859-1
username map = /usr/local/samba/etc/samba/smbusers
workgroup = FUTURO
recycle:subdir_mode = 0700
recycle:exclude_dir = /tmp /temp /cache /recycle /xxxx/transfer
recycle:exclude = *.tmp *.temp *.o *.obj ~$* *.~?? thumbs.db
recycle:maxsixe = 0
recycle:versions = Yes
recycle:touch = Yes
recycle:keeptree = Yes
recycle:repository = /dados/recycle/%U
idmap config * : backend = tdb
comment = qq
hide unreadable = Yes
inherit acls = Yes
inherit permissions = Yes
map acl inherit = Yes
path = /dados
preserve case = No
printer name = impsuporte
short preserve case = No
vfs objects = recycle
[netlogon]
browseable = No
path = /home/%u
write list = simone mdourado
[profiles]
browseable = No
create mask = 0600
directory mask = 0700
path = /var/lib/samba/profiles
read only = No
[homes]
browseable = No
comment = Home Directories
read only = No
[print$]
guest ok = Yes
path = /var/lib/samba/drivers
write list = root
[saf]
browseable = No
comment = Area SAF
create mask = 0600
directory mask = 0700
force group = saf
path = /dados/saf
read list = @saf @suporte
write list = @saf @suporte
[des]
browseable = No
comment = Area DES
create mask = 0600
directory mask = 0700
force group = des
path = /dados/des
read list = @des @suporte
write list = @des @suporte
[ensur]
browseable = No
comment = Area ENSUR
create mask = 0600
directory mask = 0700
force group = ensur
path = /dados/ensur
read list = @ensur @suporte
write list = @ensur @suporte
[oeg]
browseable = No
comment = Area O&G
create mask = 0600
directory mask = 0700
force group = oeg
path = /dados/oeg
write list = @oeg @suporte sandra
[sistemas]
force group = sistemas
path = /dados/sistemas
write list = @suporte @sistemas
[malas]
force group = malas
path = /dados/malas
write list = @suporte @malas
root at massa:/usr/local/samba/etc#
2. you said: Samba 4.4 is extremely old
Yes, I know. The problem is that some people resist upgrading things.
3. you said: Because, there are two workgroups on a Samba server, one, the
'local'
one, uses the NetBIOS name and the 'domain' that uses the NetBIOS domain
name
Well, why then is there only one sambaDomainName in ldap, till now?
4. you said: why are you trying to keep an old obsolete system working ?
The old 'PDC' type domains rely on SMBv1 and that protocol is very,
very insecure. You would be better off either upgrading your existing
domain to AD, or setting up a new domain, the latter is probably better
because it gets rid of all the really old ways of doing things.
I couldn't agree more but there are very old windows machines that people
do not want to get rid off.
Going a little bit further. With this configuration, smbd cancels before
starting. The problem seems to be related to permissions in ldap. smbd can
not create this domain based on netbios name. I'll try to solve this
problem before going on.
Thank you again.
Ricardo
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list