[Samba] Lost trusted domain in samba-4.4.4
Rowland penny
rpenny at samba.org
Wed Jul 27 11:13:15 UTC 2016
On 27/07/16 10:33, hy wu wrote:
>
> Here is my smb.conf:
>
> [/usr/local/samba/var] # cat /etc/config/smb.conf
> [global]
>
> client schannel = false
> server schannel = false
> client ipc signing = false
> client signing = false
> server signing = false
> winbind sealed pipes = false
> require strong key = false
>
> passdb backend = smbpasswd
> workgroup = HC1
> security = ADS
> server string =
> encrypt passwords = Yes
> username level = 0
> map to guest = Bad User
> null passwords = yes
> max log size = 102400
> socket options = TCP_NODELAY SO_KEEPALIVE
> os level = 20
> preferred master = no
> dns proxy = No
> smb passwd file=/etc/config/smbpasswd
> username map = /etc/config/smbusers
> guest account = guest
> directory mask = 0777
> create mask = 0777
> oplocks = yes
> locking = yes
> disable spoolss = no
> load printers=yes
> veto files = /.AppleDB/.AppleDouble/.AppleDesktop/:2eDS_Store/Network
> Trash Folder/Temporary
> Items/TheVolumeSettingsFolder/. at __thumb/. at __desc/:2e*/
> delete veto files = yes
> map archive = no
> map system = no
> map hidden = no
> map read only = no
> deadtime = 10
> server role = auto
> use sendfile = yes
> unix extensions = no
> store dos attributes = yes
> client ntlmv2 auth = yes
> dos filetime resolution = no
> wide links = yes
> force unknown acl user = yes
> template homedir = /share/homes/DOMAIN=%D/%U
> inherit acls = no
> domain logons = no
> min receivefile size = 256
> case sensitive = auto
> domain master = auto
> local master = no
> enhance acl v1 = yes
> remove everyone = no
> conn log = no
> kernel oplocks = no
> max protocol = SMB2_02
> lock directory = /share/CACHEDEV1_DATA/.samba/lock
> state directory = /share/CACHEDEV1_DATA/.samba/state
> cache directory = /share/CACHEDEV1_DATA/.samba/cache
> printcap cache time = 0
> acl allow execute always = yes
> vfs objects = shadow_copy2 aio_pthread
> aio read size = 1
> aio write size = 0
> pid directory = /var/lock
> printcap name=/etc/printcap
> printing=cups
> show add printer wizard=no
>
> realm = hc1.com <http://hc1.com>
> ldap timeout = 5
> password server = HOST223.hc1.com <http://HOST223.hc1.com>
> pam password change = yes
> winbind enum users = yes
> winbind enum groups = yes
> winbind cache time = 1
> idmap config * : backend = tdb
> idmap config * : range = 400001-500000
> idmap config HC1 : backend = rid
> idmap config HC1 : range = 10000001-20000000
> idmap config CHILD1 : backend = rid
> idmap config CHILD1 : range = 30000001-40000000
> idmap config TREEROOT : backend = rid
> idmap config TREEROOT : range = 40000001-50000000
> idmap config HC2 : backend = rid
> idmap config HC2 : range = 50000001-60000000
> idmap config CHILD2 : backend = rid
> idmap config CHILD2 : range = 60000001-70000000
>
If you have used the correct patch and are still having the problem,
then I would suggest you add to the bug report that you are having
problems even with the patch.
What I can suggest, sit down with a copy of 'man smbconf' and your
smb.conf, quite a few of your lines could be removed because they are
the defaults and at least two should be the defaults i.e. I would remove
these:
passdb backend = smbpasswd
password server = HOST223.hc1.com
The first is using a deprecated method and the second is hardcoding the
server to use, you should allow this to be discovered.
Rowland
More information about the samba
mailing list