[Samba] Samba acting as a domain member + netbios
Vincent DROUIN
vdrouin at chapsvision.com
Fri Jan 26 08:44:13 UTC 2024
Active Directory running on Windows Server 2019
Samba 4.15.8 (built from buildroot, using heimdal & libgssapi_krb5)
Samba is running on a custom Unix distribution, all ports are open for the tests
Testparm -s result :
# Global parameters
[global]
bind interfaces only = Yes
disable spoolss = Yes
idmap cache time = 300
idmap negative cache time = 0
interfaces = 127.0.0.0/8 enp0s8
load printers = No
machine password timeout = 0
name cache timeout = 0
realm = BERTINIT.TEST
security = ADS
server string = VDMACHINE File Server
smb ports = 445
template homedir = /data/cifs/%%U
winbind cache time = 0
winbind enum groups = Yes
winbind enum users = Yes
winbind use default domain = Yes
workgroup = BERTINIT
idmap config bertinit : range = 3000-999999
idmap config bertinit : backend = rid
idmap config * : range = 1000-2999
idmap config * : backend = tdb
[homes]
comment = LDAP only
force create mode = 0775
force directory mode = 0775
force group = trans
force user = %%U
path = /data/cifs/%%U
read only = No
root preexec = /bin/hush /var/lib/samba/scripts/mkhomedir.sh %%U
valid users = %%U
vfs objects = full_audit
full_audit:syslog = false
full_audit:success = fntimes
full_audit:prefix = %%u|%%I
-----Message d'origine-----
De : samba <samba-bounces at lists.samba.org> De la part de Rowland Penny via samba
Envoyé : jeudi 25 janvier 2024 18:35
À : samba at lists.samba.org
Cc : Rowland Penny <rpenny at samba.org>
Objet : Re: [Samba] Samba acting as a domain member + netbios
[You don't often get email from samba at lists.samba.org. Learn why this is important at https://aka.ms/LearnAboutSenderIdentification ]
On Thu, 25 Jan 2024 16:28:57 +0000
Vincent DROUIN <vdrouin at chapsvision.com> wrote:
> Thanks for the advice about the security line, I won't use domain type
> anymore then.
>
> I know name_status_find is using NetBios, what I don't know is why
> this function is called when using 'security = ads', and as a result
> of the fail my domain is added to the failed connection cache.
Whilst name_status_find is meant for netbios, if you look at the code, there is this near the top of the function:
if (lp_disable_netbios()) {
DEBUG(5,("name_status_find(%s#%02x): netbios is disabled\n",
q_name, q_type));
return False;
}
Which to myself, means that if 'disable netbios = yes' is set in smb.conf , then return false and log a message if the log level is 5 or greater.
If 'disable netbios = yes' is set in smb.conf, then netbios shouldn't be used by Samba and you shouldn't be having problems with it.
I think you need to give us a bit more detail:
What version of Windows server ?
What version of Samba are you using ?
What OS is Samba running on ?
Please post the output of 'testparm -s'
At the moment, all I can say is that it all works for myself, but I am using Samba (with netbios turned off and nmbd not running) against a Samba AD DC (again with netbios turned off and nbt turned off).
Rowland
>
> Then, every action that needs to have a look into the cache results in
> failing, and wbinfo -P returns "WBC_ERR_DOMAIN_NOT_FOUND"
>
> I've got the following error message :
> wbd_ping_dc_done: dcerpc_wbint_PingDc_recv failed for domain:
> BERTINIT - NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND
>
>
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list