[Samba] interdomain trust broken after upgrade to 4.1.17
Oliver Freyd
Oliver.Freyd at gmx.de
Fri Mar 25 16:22:49 UTC 2016
>
> Can you post your smb.conf ?
>
> Rowland
>
Here it is,
thanks,
Oliver
-------------- next part --------------
#
# Samba configuration for ION-TOF sambapdc
#
#======================= Global Settings =======================
[global]
netbios name = sambapdc
os level = 100
preferred master = yes
local master = yes
domain master = yes
domain logons = yes
## Browsing/Identification ###
workgroup = IONTOF
server string = %h
# Windows Internet Name Serving Support Section:
# WINS Support - Tells the NMBD component of Samba to enable its WINS Server
wins support = yes
dns proxy = no
# sync my browsing tables with TASCON samba PDC, Oliver Freyd, 1.2.2013
remote browse sync = 192.168.128.1
name resolve order = wins bcast host
#### Networking ####
;interfaces = eth0 lo
; bind interfaces only = true
#### Debugging/Accounting ####
log file = /var/log/samba/log.%m
max log size = 1000
; syslog only = no
syslog = 0
log level = 2
# Do something sensible when Samba crashes: mail the admin a backtrace
panic action = /usr/share/samba/panic-action %d
####### Authentication #######
security = user
encrypt passwords = true
passdb backend = ldapsam:ldap://127.0.0.1
ldap admin dn = cn=admin,dc=iontof,dc=com
ldap suffix = dc=iontof,dc=com
ldap machine suffix = ou=machines
ldap user suffix = ou=users
ldap group suffix = ou=groups
ldap idmap suffix = ou=Idmap
ldap delete dn = no
enable privileges = yes
ldap password sync = yes
ldap ssl = no
ldap timeout = 20
idmap config * : backend = ldap
idmap config * : range = 30000-40000
idmap config * : ldap_url = ldap://localhost/
idmap config * : ldap_base_dn = ou=Idmap,dc=iontof,dc=com
idmap config * : ldap_user_dn = cn=admin,dc=iontof,dc=com
idmap config IONTOF : backend = nss
idmap config IONTOF : range = 1000-9999
winbind nested groups = Yes
ea support = Yes
map acl inherit = Yes
; guest account = nobody
; unix password sync = no
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* .
; pam password change = no
########## Domains ###########
# Is this machine able to authenticate users. Both PDC and BDC
# must have this setting enabled. If you are the BDC you must
# change the 'domain master' setting to no
#
; domain logons = yes
#logon path = \\%N\profiles\%U
# disable roaming profiles
logon path =
#logon drive = H:
#logon home = \\%L\%U
# NOTE: Must be store in 'DOS' file format convention
; logon script = logon.cmd
logon script = scripts\logon.cmd
add user script = /usr/sbin/smbldap-useradd -m '%u'
#delete user script = /usr/sbin/smbldap-userdel '%u'
add group script = /usr/sbin/smbldap-groupadd '%g'
#delete group script = /usr/sbin/smbldap-groupdel '%u'
add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g'
#delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g'
set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
add machine script = /usr/sbin/smbldap-useradd -w '%u'
add machine script = /usr/sbin/smbldap-useradd -w "%u"
#add share command = /usr/local/sbin/modify_samba_config.pl /etc/samba/imported-shares.conf %S /data/
add share command = /usr/local/sbin/modify_samba_config.pl
#add share command = /usr/bin/touch /tmp/test
username map = /etc/samba/smbusers
########## Printing ##########
# If you want to automatically load your printer list rather
# than setting them up individually then you'll need this
; load printers = yes
# lpr(ng) printing. You may wish to override the location of the
# printcap file
; printing = bsd
; printcap name = /etc/printcap
# CUPS printing. See also the cupsaddsmb(8) manpage in the
# cupsys-client package.
; printing = cups
; printcap name = cups
# When using [print$], root is implicitly a 'printer admin', but you can
# also give this right to other users to add drivers and set printer
# properties
; printer admin = @ntadmin
#to silence warnings about "unable to connect to CUPS print server"
#if you want printing, take this about and configure CUPS properly.
printing = lprng
printcap name =/etc/printcap
############ Misc ############
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192 SO_SNDBUF=8192
; message command = /bin/sh -c '/usr/bin/linpopup "%f" "%m" %s; rm %s' &
; domain master = auto
# Some defaults for winbind (make sure you're not using the ranges
# for something else.)
; idmap uid = 10000-20000
; idmap gid = 10000-20000
; template shell = /bin/bash
;
; The following was the default behaviour in sarge
; but samba upstream reverted the default because it might induce
; performance issues in large organizations
; See #368251 for some of the consequences of *not* having
; this setting and smb.conf(5) for all details
;
winbind enum groups = yes
winbind enum users = yes
winbind trusted domains only = yes
#use pam for mk_homedir to work, auto create homedir on first login!
obey pam restrictions = yes
#======================= Share Definitions =======================
#[homes]
# # %U is case-insensitive (converts to lowercase), %u is case-sensitive
# path = /home/%u
# comment = Home Directories
# browseable = no
# writable = yes
# read only = no
# guest ok = no
# create mask = 0700
# directory mask = 0700
# valid users = %S
[netlogon]
comment = Network Logon Share
path = /data/netlogon
guest ok = no
read only = yes
browseable = no
locking = no
[profiles]
comment = Network Profile Share
path = /data/profiles
writeable = yes
browseable = no
default case = lower
preserve case = no
short preserve case = no
case sensitive = no
hide files = /desktop.ini/ntuser.ini/NTUSER.*/
create mask = 0600
directory mask = 0700
csc policy = disable
profile acls = Yes
[inout]
include = /etc/samba/global-share-settings.conf
comment = Testshare fuer Migration
path = /data/inout
More information about the samba
mailing list