[Samba] Linux Work Station USER ID PROBLEM
barış tombul
bbtombul at gmail.com
Wed Aug 24 17:42:35 UTC 2016
centos workstation: smb.conf >>
[global]
workgroup = LAB
realm = LAB.LOCAL
security = ads
idmap config * : range = 16777216-33554431
template homedir = /home/LAB/%U
template shell = /bin/bash
winbind use default domain = true
winbind offline logon = false
Samba Domain Server : smb.conf>>
[global]
idmap cache time = 604800
idmap negative cache time = 120
idmap config LAB : range = 2000000-9999999
idmap config LAB : default = yes
idmap config LAB : backend = ad
idmap config LAB : readonly = no
idmap config LAB : schema_mode = rfc2307
idmap config LAB : cache time = 3600
idmap config * : default = yes
idmap config * : readonly = no
idmap config * : schema_mode = rfc2307
idmap config * : backend = tdb
idmap config * : range = 2000000-9999999
idmap_ldb:use rfc2307 = yes
idmap config all : readonly = yes
idmap config all : default = yes
idmap config all : backend = tdb
ntlm auth = Yes
lanman auth = Yes
raw NTLMv2 auth = Yes
client NTLMv2 auth = Yes
client lanman auth = Yes
server max protocol = SMB3
server min protocol = LANMAN1
server multi channel support = No
client max protocol = default
client min protocol = CORE
restrict anonymous = 0
security = USER
bind interfaces only = Yes
interfaces = lo ens192
auth methods =
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
winbindd, ntp_signd, kcc, dnsupdate
dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr, netlogon,
lsarpc, drsuapi, dssetup, unixinfo, browser, eventlog6, backupkey, remote,
dnsserver
kerberos method = secrets and keytab
dedicated keytab file = /etc/krb5.keytab
winbind max clients = 500
winbindd:use external pipes = true
winbind cache time = 300
winbind reconnect delay = 30
winbind request timeout = 60
winbind max domain connections = 1
winbindd socket directory = /usr/local/samba/var/run/winbindd
winbindd privileged socket directory =
/usr/local/samba/var/lib/winbindd_privileged
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
winbind trusted domains only = No
winbind nested groups = Yes
winbind expand groups = 10
winbind nss info = rfc2307
winbind refresh tickets = Yes
winbind offline logon = Yes
winbind normalize names = Yes
winbind sealed pipes = Yes
winbind rpc only = Yes
wins proxy = Yes
wins support = Yes
obey pam restrictions = No
ldap server require strong auth = no
dos charset = CP850
unix charset = UTF-8
workgroup = LAB
realm = LAB.LOCAL
netbios name = LAB
netbios scope =
server string = LAB Samba Server
hosts allow = ALL 127.0.0.1
guest ok = No
server role = active directory domain controller
server role check:inhibit = yes
log level = 3 passdb:3 auth:10 winbind:2
log file = /var/log/samba/log.%m
rndc command = /usr/sbin/rndc
max log size = 0
set primary group script =
logging = file
allow dns updates = nonsecure and secure
dns update command = /usr/local/samba/sbin/samba_dnsupdate
pam password change = Yes
smb ports = 445 139
nbt port = 137
kpasswd port = 464
krb5 port = 88
web port = 901
nbt port = 137
dgram port = 138
cldap port = 389
socket options = IPTOS_LOWDELAY TCP_NODELAY SO_KEEPALIVE
domain logons = Yes
os level = 255
preferred master = Yes
local master = Yes
domain master = Yes
load printers = No
use client driver = No
show add printer wizard = Yes
printcap cache time = 0
printcap name = cups
cups encrypt = No
cups connection timeout = 60
disable spoolss = No
min print space = 0
max reported print jobs = 0
max print jobs = 1000
print notify backchannel = No
printing = cups
cups options = raw
default devmode = Yes
force printername = Yes
printjob username = %U
lpq cache time = 30
spoolss: architecture = Windows x64
debug timestamp = Yes
debug prefix timestamp = No
debug hires timestamp = Yes
debug pid = No
debug uid = No
debug class = No
timestamp logs = Yes
require strong key = Yes
allow dcerpc auth level connect = No
client ipc signing = default
client ipc max protocol = default
client ipc min protocol = default
nsupdate command = /usr/bin/nsupdate -g
dns proxy = No
allow trusted domains = Yes
guest account = nobody
map to guest = Bad User
guest only = No
config backend = file
encrypt passwords = Yes
smb passwd file = /usr/local/samba/private/smbpasswd
private dir = /usr/local/samba/private
algorithmic rid base = 1000
passdb expand explicit = No
passdb backend = tdbsam
passwd chat debug = No
passwd chat timeout = 2
passwd program = /usr/local/samba/bin/smbpasswd %u
passwd chat = *New*password* %n\n *ReType*new*password*
%n\n*passwd:*all*authentication*tokens*updated*successfully*
password server = LAB.LAB.local
old password allowed period = 120
unix password sync = Yes
client plaintext auth = No
map untrusted to domain = Yes
enable core files = Yes
large readwrite = Yes
unicode = Yes
read raw = Yes
write raw = Yes
disable netbios = No
reset on zero vc = No
log writeable files on exit = No
defer sharing violations = Yes
nt pipe support = Yes
nt status support = Yes
max mux = 50
max xmit = 32768
name resolve order = lmhosts wins host bcast
max ttl = 259200
max wins ttl = 518400
min wins ttl = 21600
min receivefile size = 16384
time server = Yes
time server = No
unix extensions = Yes
server signing = mandatory
client signing = mandatory
client schannel = Auto
server schannel = Auto
client use spnego = Yes
client ldap sasl wrapping = sign
enable asu support = No
rpc big endian = No
deadtime = 0
getwd cache = Yes
keepalive = 300
smbd profiling level = off
spotlight = No
max smbd processes = 0
max disk size = 0
max open files = 65535
use mmap = Yes
hostname lookups = No
name cache timeout = 3600
clustering = No
ctdb timeout = 0
ctdb locktime warn threshold = 0
smb2 max read = 8388608
smb2 max write = 8388608
smb2 max trans = 8388608
smb2 max credits = 8192
mangling method = hash2
mangle prefix = 1
max stat cache size = 256
stat cache = Yes
machine password timeout = 604800
username map cache time = 0
username level = 0
init logon delay = 100
lm announce = Auto
lm interval = 60
browse list = Yes
enhanced browsing = Yes
smb2 leases = Yes
ldap admin dn =
ldap connection timeout = 2
ldap delete dn = No
ldap deref = auto
ldap follow referral = Auto
ldap group suffix =
ldap idmap suffix =
ldap machine suffix =
ldap page size = 1000
ldap passwd sync = no
ldap replication sleep = 1000
ldap server require strong auth = No
ldap ssl = start tls
ldap ssl ads = No
ldap suffix =
ldap timeout = 15
ldap user suffix =
ldap debug level = 0
ldap debug threshold = 10
lock directory = /usr/local/samba/var/lock
state directory = /usr/local/samba/var/locks
cache directory = /usr/local/samba/var/cache
pid directory = /usr/local/samba/var/run
ntp signd socket directory = /usr/local/samba/var/lib/ntp_signd
utmp = No
nmbd bind explicit broadcast = Yes
homedir map = auto.home
afs token lifetime = 604800
afs share = No
NIS homedir = No
registry shares = No
usershare allow guests = No
usershare max shares = 0
usershare owner only = Yes
usershare path = /usr/local/samba/var/locks/usershares
async smb echo handler = No
template homedir = /home/%D/%U
template shell = /bin/bash
create krb5 conf = Yes
ncalrpc dir = /usr/local/samba/var/run/ncalrpc
neutralize nt4 emulation = No
reject md5 servers = No
reject md5 clients = No
set quota command =
multicast dns register = Yes
samba kcc command = /usr/local/samba/sbin/samba_kcc
spn update command = /usr/local/samba/sbin/samba_spnupdate
share backend = classic
allow nt4 crypto = No
tls enabled = Yes
tls keyfile = tls/key.pem
tls certfile = tls/cert.pem
tls cafile = tls/ca.pem
tls crlfile =
tls dh params file =
tls verify peer = as_strict_as_possible
tls priority = NORMAL:-VERS-SSL3.0
rpc_server:tcpip = no
rpc_daemon:spoolssd = fork
rpc_server:default = external
rpc_server:spoolss = external
rpc_server:svcctl = embedded
rpc_server:srvsvc = embedded
rpc_server:eventlog = embedded
rpc_server:ntsvcs = embedded
rpc_server:winreg = embedded
spoolssd:prefork_child_min_life = 60
spoolssd:prefork_max_allowed_clients = 200
spoolssd:prefork_spawn_rate = 5
spoolssd:prefork_max_children = 75#
spoolssd:prefork_min_children = 5
acl group control = No
acl map full control = Yes
acl allow execute always = No
force unknown acl user = No
inherit permissions = No
inherit acls = No
inherit owner = No
map acl inherit = No
nt acl support = Yes
profile acls = No
administrative share = No
allocation roundup size = 1048576
aio read size = 16384
aio write size = 16384
aio max threads = 100
ea support = No
smb encrypt = default
durable handles = Yes
block size = 1024
change notify = Yes
directory name cache size = 100
kernel change notify = Yes
max connections = 0
strict allocate = No
strict rename = No
strict sync = No
sync always = No
use sendfile = No
write cache size = 0
default case = lower
case sensitive = Auto
preserve case = Yes
short preserve case = Yes
mangling char = ~
hide dot files = Yes
hide special files = No
hide unreadable = No
hide unwriteable files = No
delete veto files = No
map archive = No
map hidden = No
map system = No
map readonly = No
mangled names = Yes
mangling char = ~
store dos attributes = Yes
dmapi support = No
browseable = Yes
access based share enum = No
blocking locks = Yes
csc policy = manual
lock spin time = 200
oplock break wait time = 0
fake oplocks = No
kernel oplocks = No
kernel share modes = Yes
locking = Yes
oplocks = Yes
level2 oplocks = Yes
oplock contention limit = 2
posix locking = Yes
strict locking = Auto
dfree cache time = 0
preexec close = No
root preexec close = No
available = Yes
fstype = NTFS
wide links = No
allow insecure wide links = No
follow symlinks = Yes
delete readonly = No
dos filemode = No
dos filetimes = Yes
dos filetime resolution = No
fake directory create times = No
host msdfs = Yes
msdfs root = No
msdfs shuffle referrals = No
ntvfs handler = unixuid, default
vfs objects = dfs_samba4 acl_xattr full_audit
full_audit:prefix = IP=%I|USER=%u|MACHINE=%m|VOLUME=%S
full_audit:failure = connect disconnect
full_audit:success = connect disconnect opendir mkdir rmdir closedir
open close read pread write pwrite sendfile rename unlink chmod fchmod
chown fchown chdir ftruncate lock symlink readlink link mknod
full_audit:LAB = local5
full_audit:priority = notice
[homes]
comment = Home Directories
path = /mnt/storage/homes/%U
browseable = No
hide files = /Recycle Bin/
veto files = /*.encrypted/*.ecc/*.ccc/
admin users = "@Domain Admins"
create mask = 0644
force create mode = 0660
force directory mode = 0770
read only = No
valid users = "@Domain Users"
vfs objects = acl_xattr full_audit recycle
recycle:repository = Recycle Bin
recycle:keeptree = yes
recycle:minsize = 0
recycle:maxsize = 0
recycle:touch = yes
recycle:touch_mtime = yes
recycle:versions = yes
recycle:exclude =
*.tmp|*.temp|*.o|*.obj|~$*|*.??|*.log|*.trace|*.TMP|*.ASV|*.$$$|*.asv
recycle:excludedir = /Recycle Bin
recycle:noversions = *.tmp|*.temp|*.dat|*.ini
recycle:mode = KEEP_DIRECTORIES|VERSION|TOUCH
[profiles]
comment = Network Profiles Share
path = /mnt/storage/profiles
profile acls = Yes
browseable = No
create mask = 0644
force create mode = 0660
force directory mode = 0770
read only = No
[netlogon]
comment = Network Netlogon Share
path = /usr/local/samba/var/locks/sysvol/LAB.local/scripts
browseable = No
read only = No
[sysvol]
path = /usr/local/samba/var/locks/sysvol
browseable = No
read only = No
2016-08-24 16:49 GMT+03:00 Rowland Penny via samba <samba at lists.samba.org>:
> On Wed, 24 Aug 2016 16:03:05 +0300
> barış tombul <bbtombul at gmail.com> wrote:
>
>
> > > Strange, have you given 'FACILITY\btombul' the ID number
> > > '16777216' ?
> > >
> > > Can you post the smb.conf from the Samba AD DC and the Centos
> > > machine (please post what is actually there, not the output of
> > > 'samba-tool testparm -v')
> > >
> > > Rowland
> > >
> > >
> > >
> > >
>
>
> So I said 'not the output of 'samba-tool testparm -v'
> and what do I get LOL
>
> In English, putting 'not' in front of something, means 'do not do this'
>
> Please post the output of 'cat /path/to/smb.conf' from BOTH machines.
>
> Replacing '/path/to/smb.conf' with the path to your smb.conf
> i.e. /etc/samba/smb.conf
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list