[Samba] member server resolv.conf question
Bob of Donelson Trophy
bob at donelsontrophy.net
Thu Dec 1 15:20:15 UTC 2016
Yesterday I was "tailing" a log file (nmbd, I think) and noticed
complaints by my member server that there was another "domain master" at
the ipaddress on my DC1.
This morning Windows clients are being denied updates to
"116.168.192.in-addr-arps/IN" (which I believe is the reverse zone.)
I think I have an error in my smb.conf file for this server as I have
had an issue in the past with domian master when I switched from an
older member server to this newer one.
My smb.conf (slightly sanitized.):
adminlinux at dtmbr02:~$ cat /etc/samba/smb.conf
[global]
workgroup = DTDOM
server string = Samba Server Version %v
security = ads
realm = DTSHRM.DT
use sendfile = true
log level = 4
preferred master = yes
domain master = yes
dns proxy = yes
host msdfs = no
idmap_ldb:use rfc2307 = yes
idmap config * : backend = tdb
idmap config * : range = 50001-80000 <<default was
10000-299999
## map ids from the domain the range may not overlap !
idmap config DTDOM : backend = ad
idmap config DTDOM : schema_mode = rfc2307
idmap config DTDOM : range = 10000-40000 << default was
10000-99999
winbind separator = +
winbind nss info = rfc2307
winbind trusted domains only = no
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
winbind refresh tickets = yes
winbind offline logon = yes
## wins server = 192.168.16.49 192.168.16.50
template shell = /bin/bash
template homedir = /home/samba/DTDOM/users/%U
# user Administrator workaround, without it you are unable to set
privileges
username map = /etc/samba/samba_usermapping
# For ACL support on member file server
vfs objects = acl_xattr
map acl inherit = yes
store dos attributes = yes
# Share Setting Globally
usershare allow guests = no
unix extensions = no
reset on zero vc = yes
veto files = /.bash_logout/.bash_profile/.bash_history/.bashrc/
hide unreadable = yes
# disable printing completely
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
restrict anonymous = 2
log file = /var/log/samba/log.%m
max log size = 50
#============================ Share Definitions
============================
[testshare]
comment = Test share
path = /samba/testshare
read only = no
force group = "domain users"
directory mask = 0770
force directory mode = 0770
create mask = 0660
force create mode = 0660
follow symlinks = yes
wide links = yes
I tried commenting out the "preferred master" and "domain master"
entries but no change.
What do I need to clean up here?
Please help! It is a busy day here and I cannot work without this!
--
_______________________________
Bob Wooden of Donelson Trophy
More information about the samba
mailing list