[Samba] Back with my UID problems

Brett Wynkoop wynkoop+samba at wynn.com
Wed Feb 25 12:31:56 MST 2015 

On Wed, 25 Feb 2015 10:18:04 +0000
Rowland Penny <rowlandpenny at googlemail.com> wrote:

>
> 
> OK, going to need more info here, can you post the smb.conf you have 
> tried so far. You mention that you want to use the LDAP and Kerberos 
> provided by samba, this will mean that you will need to run samba4 as
> an AD DC, yet you refer to creating users with pdbedit?
> 

If there is another way to create users I have not discovered it yet.
At the moment I do not have the windows boxes in house yet, so I have
no native MS=Windows tools.

The following smb4.conf is hand tweaked from a sample I found on the
net.  The one generated by samba-tool would not even allow a connection
to be made using smbclient.

------------------cut here-------------------------------------------
# Global parameters
[global]
        workgroup = WYNN
        auth methods = pam sam winbind
        kerberos method = secrets and keytab
        local master = yes
        netbios name = PRD2
        log level = 4
#       dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr,
netlogon, lsa rpc, spoolss, drsuapi, dssetup, unixinfo, browser,
eventlog6, backupkey, dnsserv er, winreg, srvsvc
        dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr,
netlogon, lsa rpc, spoolss, drsuapi, dssetup, unixinfo, browser,
eventlog6, backupkey,  winreg , srvsvc
        realm = WYNN.COM
        os level = 20
        username map = /var/db/samba4/private/users.map
        client max protocol = SMB3
#        server min protocol = SMB3
        hide dot files = no
        winbind trusted domains only = yes
#       server services = rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
winbind, ntp _signd, kcc, dnsupdate, dns, smb
        server services = rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
winbind,  nt p_signd, kcc, smb
        winbind use default domain = yes
        dns forwarder = 199.89.147.3
        domain logons = yes
        smb encrypt = yes
        security = user
        encrypt passwords = yes
        preferred master = yes
#       idmap_ldb:use rfc2307 = yes
        wins support = true
        server role = active directory domain controller


# kerberos stuff
#
        # security = ADS
        # password server = prd2.wynn.com


[netlogon]
        path = /var/db/samba4/sysvol/wynn.com/scripts
        read only = No

[sysvol]
        path = /var/db/samba4/sysvol
        read only = No


[archive]
        writeable = yes
        browseable = yes
        valid users = wynkoop
        write list = wynkoop, at wheel
        user = wynkoop
        path = /archive
        force user = wynkoop
        comment = /archive
#       revalidate = yes
#       vfs objects = zfsacl
#       nfs4:mode = special
#       nfs4:chown = yes
#       zfsacl:acesort = dontcare


--------------------cut here-----------------

Oddball word wraps are the fault of my mail client.  

So I hope someone can show me my error.  This samba was built last
night on FreeBSD 10.1 from ports and is version 4.1.17.

-Brett

-- 

wynkoop at wynn.com               http://prd4.wynn.com/wynkoop/pgp-keys.txt
917-642-6925

The Second Amendment extends, prima facie, to all instruments that 
constitute bearable arms, even those that were not in existence 
at the time of the founding. ~ Justice Scalia

More information about the samba mailing list