[Samba] Hyper-V Virtual Machines fail to start on Samba shares

Fri Aug 5 08:47:05 UTC 2016

On 08/05/2016 03:50 AM, Rowland Penny wrote:
> On Fri, 5 Aug 2016 08:38:09 +0200
> Adam Błaszczykowski <adam.blaszczykowski at gmail.com> wrote:
>
>> ok sorry for that, now should be ok :-D
>>
>> *smb.conf:*
>> [global]
>>      workgroup = RES
>>      netbios name = dsshp2
>>      vfs objects = acl_xattr shadow_copy2 fileid
>>      fileid:mapping = fsid
>>      encrypt passwords = yes
>>      domain logons = no
>>      log level = 3
>>      log file = /var/log/samba/log.%m
>>      max log size = 6000
>>      socket options = TCP_NODELAY IPTOS_LOWDELAY
>>      os level = 0
>>      local master = no
>>      locking = yes
>>      preferred master = no
>>      domain master = no
>>      invalid users = root
>>      guest account = nobody
>>      map to guest = Bad User
>>      wide links = no
>>      force unknown acl user = yes
>>      winbind enum users = yes
>>      winbind enum groups = yes
>>      winbind refresh tickets = yes
>>      winbind request timeout = 200
>>      printcap cache time = 0
>>      passdb backend = tdbsam
>>      unix extensions = no
>>      server max protocol = SMB3
>>      shadow: snapdir = .zfs/snapshot
>>      shadow: sort = desc
>>      shadow: format = autosnap_%Y-%m-%d-%H%M%S
>>      shadow: localtime = yes
>>      kernel oplocks = yes
>>      store dos attributes = yes
>>      veto files =
>> /.nfs/._.DS_Store/:2eFBCLockFolder/.FBCLockFolder/:2eFBCIndex/.FBCIndex/:2eDS_Store/.DS_Store/TheVolumeSettingsFolder/TheFindByContentFolder/Temporary
>> Items/Network Trash
>> Folder/.AppleDB/:2eVolumeIcon.icns/.VolumeIcon.icns/Icon?/.Ap$
>>      wins server =
>>      admin users = "RES+administrator"
>>      idmap config * : backend = autorid
>>      idmap config * : range = 1000000-19999999
>>      idmap config * : rangesize = 1000000
>>      security = ads
>>      server role = member
>>      realm = RES.LOCAL
>>      workgroup = RES
>>      allow trusted domains = yes
>> [s1]
>>      short preserve case=yes
>>      inherit owner=no
>>      valid users=
>>      case sensitive=no
>>      map acl inherit=yes
>>      guest ok=yes
>>      preserve case=yes
>>      inherit permissions=yes
>>      default case=lower
>>      path=/Pools/Pool-0/d1/s1
>>      read only=no
>>      guest only=yes
>>      access based share enum=no
>>      writeable=yes
>>      public=yes
>>
> Lets start here:
>      admin users = "RES+administrator"
>
> You seem to be using '+' as the winbind separator, but the default is
> '\' and I cannot see this line ' winbind separator = +' in your
> smb.conf. You should also probably map 'Administrator' to 'root' with a
> usermap.
>
> Next your AD users & groups, you have this:
>
>      idmap config * : backend = autorid
>      idmap config * : range = 1000000-19999999
>      idmap config * : rangesize = 1000000
>
> The '*' range is for the BUILTIN users & groups etc, you do not seem to
> have anywhere to map your normal users. Can I suggest you have a look
> here:
> https://wiki.samba.org/index.php/Setup_Samba_as_an_AD_Domain_Member
>
> There are other minor things I would change, but the above are the main
> ones.
>
> Could you also please keep your posts on list.
>
> Rowland
>
What about the use of 'realm = RES.LOCAL'?