[Samba] Simple question about netbios name and workgroup, in smb.conf

Ricardo Campos rdiascampos at gmail.com
Fri Oct 6 18:43:08 UTC 2023 

Thanks, Rowland for your quick answer.

1. testparm -s

Loaded services file OK.
Weak crypto is allowed by GnuTLS (e.g. NTLM as a compatibility fallback)

Server role: ROLE_STANDALONE

# Global parameters
[global]
        add group script = /usr/sbin/smbldap-groupadd -p "%g"
        add machine script = /usr/sbin/smbldap-useradd -W "%u"
        add user script = /usr/sbin/smbldap-useradd -a -m "%u"
        add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
        delete group script = /usr/sbin/smbldap-groupdel "%g"
        delete user from group script = /usr/sbin/smbldap-groupmod -x "%u"
"%g"
        delete user script = /usr/sbin/smbldap-userdel "%u"
        domain master = Yes
        dos charset = iso-8859-1
        ldap admin dn = uid=XXXX,ou=xxx,dc=xxx,dc=xxx,dc=xx
        ldap group suffix = ou=grupos
        ldap idmap suffix = ou=usuarios
        ldap machine suffix = ou=computadores
        ldap page size = 1024
        ldap ssl = no
        ldap suffix = dc=xxxx,dc=xxx,dc=xx
        ldap user suffix = ou=usuarios
        log file = /var/log/samba/%U_%m.log
        logon drive = U:
        logon home =
        logon path =
        logon script = logon.bat
        max log size = 8000
        netbios aliases = newatena
        netbios name = NEWATENA
        ntlm auth = ntlmv1-permitted
        os level = 33
        passdb backend = ldapsam:ldap://127.0.0.1
        preferred master = Yes
        printcap name = cups
        security = USER
        server max protocol = NT1
        server string = Servidor de arquivos  - em testes
        set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
        time server = Yes
        unix charset = iso-8859-1
        username map = /usr/local/samba/etc/samba/smbusers
        workgroup = FUTURO
        recycle:subdir_mode = 0700
        recycle:exclude_dir = /tmp /temp /cache /recycle /xxxx/transfer
        recycle:exclude = *.tmp *.temp *.o *.obj ~$* *.~?? thumbs.db
        recycle:maxsixe = 0
        recycle:versions = Yes
        recycle:touch = Yes
        recycle:keeptree = Yes
        recycle:repository = /dados/recycle/%U
        idmap config * : backend = tdb
        comment = qq
        hide unreadable = Yes
        inherit acls = Yes
        inherit permissions = Yes
        map acl inherit = Yes
        path = /dados
        preserve case = No
        printer name = impsuporte
        short preserve case = No
        vfs objects = recycle


[netlogon]
        browseable = No
        path = /home/%u
        write list = simone mdourado


[profiles]
        browseable = No
        create mask = 0600
        directory mask = 0700
        path = /var/lib/samba/profiles
        read only = No


[homes]
        browseable = No
        comment = Home Directories
        read only = No


[print$]
        guest ok = Yes
        path = /var/lib/samba/drivers
        write list = root


[saf]
        browseable = No
        comment = Area SAF
        create mask = 0600
        directory mask = 0700
        force group = saf
        path = /dados/saf
        read list = @saf @suporte
        write list = @saf @suporte

[des]
        browseable = No
        comment = Area DES
        create mask = 0600
        directory mask = 0700
        force group = des
        path = /dados/des
        read list = @des @suporte
        write list = @des @suporte


[ensur]
        browseable = No
        comment = Area ENSUR
        create mask = 0600
        directory mask = 0700
        force group = ensur
        path = /dados/ensur
        read list = @ensur @suporte
        write list = @ensur @suporte


[oeg]
        browseable = No
        comment = Area O&G
        create mask = 0600
        directory mask = 0700
        force group = oeg
        path = /dados/oeg
        write list = @oeg @suporte sandra


[sistemas]
        force group = sistemas
        path = /dados/sistemas
        write list = @suporte @sistemas


[malas]
        force group = malas
        path = /dados/malas
        write list = @suporte @malas
root at massa:/usr/local/samba/etc#

2. you said: Samba 4.4 is extremely old

Yes, I know. The problem is that some people resist upgrading things.

3. you said: Because, there are two workgroups on a Samba server, one, the
'local'
one, uses the NetBIOS name and the 'domain' that uses the NetBIOS domain
name

Well, why then is there only one sambaDomainName in ldap, till now?

4. you said: why are you trying to keep an old obsolete system working ?
The old 'PDC' type domains rely on SMBv1 and that protocol is very,
very insecure. You would be better off either upgrading your existing
domain to AD, or setting up a new domain, the latter is probably better
because it gets rid of all the really old ways of doing things.

I couldn't agree more but there are very old windows machines that people
do not want  to get rid off.

Going a little bit further. With this configuration, smbd cancels before
starting. The problem seems to be related to permissions in ldap. smbd can
not create this domain based on netbios name.  I'll try to solve this
problem before going on.

Thank you again.

Ricardo


> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list