[Samba] Unable to set up home share correctly
Udo Willke
udo.willke at freenet.de
Mon Oct 17 21:09:34 UTC 2016
Hello Rowland,
Am 17.10.2016 um 18:06 schrieb Rowland Penny via samba:
> See inline comments:
>
> On Mon, 17 Oct 2016 17:14:43 +0200
> Udo Willke via samba <samba at lists.samba.org> wrote:
>
>> So, to summarize the discussion:
>>
>> System accounts should not have rfc2307 IDs, only (unprivileged)
>> users should. The Administrator account is the exception. It can be
>> mapped to root trough the "username map" directive
> Basically yes, you can also give Domain Admins a gidNumber and then
> make any users you want to be admins, members of this group.
>
>> Today, I followed the wiki page
>> <https://wiki.samba.org/index.php/User_home_drives> with all the
>> prerequisites. Unfortunately, the automatic home folder creation
>> still does not work.
> Just followed it myself and it does work against a Samba fileserver.
Hmm, then I must be doing it wrong somehow ... :-[
>
> Where do you expect the home directory to be created ?
On the Samba member server as defined in the [home] share definition
(and also as defined in the user profile (home drive/home share))
> Is it on a Samba machine and if so what have you got in smb.conf ?
Here comes my smb.conf of the member server == file server
[global]
netbios name = FILESERVER2
security = ADS
workgroup = MYDOMAIN
realm = MYDOMAIN.LAN
server string = Virtual Server
log level = 5
log file = /var/log/samba/%m.log
password server = 192.168.6.8
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
username map = /etc/samba/user.map
;; Use settings from AD for login shell and home directory
winbind nss info = rfc2307
winbind trusted domains only = no
winbind use default domain = no
winbind enum users = yes
winbind enum groups = yes
winbind refresh tickets = Yes
winbind cache time = 60
;; Default idmap config used for BUILTIN and local accounts/groups
idmap config * : backend = tdb
idmap config * : range = 2000-9999
;; idmap config for domain MYDOMAIN
idmap config MYDOMAIN : backend = ad
idmap config MYDOMAIN : schema_mode = rfc2307
idmap config MYDOMAIN : range = 10000-99999
vfs objects = acl_xattr
map acl inherit = yes
store dos attributes = yes
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
template homedir = /var/share/samba/homes/%U
[home]
path = /var/share/samba/homes
guest ok = no
read only = no
browseable = yes
[profiles]
path = /var/share/samba/profiles
read only = no
store dos attributes = yes
create mask = 0600
directory mask = 0700
guest ok = no
profile acls = yes
csc policy = disable
>
>> So I checked all my logs and I guess I have
>> another problem with DDNS and DHCP:
>>
>> Oct 17 16:15:41 addc01 named[6074]: samba_dlz: starting transaction
>> on zone 6.168.192.in-addr.arpa
>> Oct 17 16:15:41 addc01 named[6074]: samba_dlz: spnego update failed
>> Oct 17 16:15:41 addc01 named[6074]: client 127.0.0.1#59487/key
>> rndc-key: updating zone '6.168.192.in-addr.arpa/NONE': update failed:
>> rejected by secure update (REFUSED)
>> Oct 17 16:15:41 addc01 named[6074]: samba_dlz: cancelling transaction
>> on zone 6.168.192.in-addr.arpa
>> Oct 17 16:15:41 addc01 dhcpd[6062]: DHCPREQUEST for 192.168.6.56 from
>> 00:0c:29:3c:4c:bc (Admin-PC) via ens32
>> Oct 17 16:15:41 addc01 dhcpd[6062]: DHCPACK on 192.168.6.56 to
>> 00:0c:29:3c:4c:bc (Admin-PC) via ens32
>> Oct 17 16:15:41 addc01 dhcpd[6062]: Unable to add reverse map from
>> 56.6.168.192.in-addr.arpa. to Admin-PC.mydomain.lan: REFUSED
>>
> Are you running the dhcp server on the DC along with Bind9 ?
Yes, I do.
> If so, please post your dhcpd.conf
This is my dhcpd.conf
include "/etc/dhcp/ddns-keys/rndc.key";
update-static-leases on;
allow unknown-clients;
use-host-decl-names on;
default-lease-time 3600;
zone mydomain.lan. {
primary 127.0.0.1; # This server is the primary DNS server for the zone
key rndc-key; # Use the key we defined earlier for dynamic updates
}
zone 6.168.192.in-addr.arpa. {
primary 127.0.0.1; # This server is the primary reverse DNS server
for the zone
key rndc-key; # Use the key we defined earlier for dynamic updates
}
subnet 192.168.6.0 netmask 255.255.255.0 {
range 192.168.6.16 192.168.6.63;
authoritative;
option subnet-mask 255.255.255.0;
option routers 192.168.6.1;
option domain-name-servers 192.168.6.8;
option domain-name "mydomain.lan";
ddns-domainname "mydomain.lan.";
# ddns-rev-domainname "6.168.192.in-addr.arpa.";
ddns-rev-domainname "in-addr.arpa.";
}
ddns-update-style interim;
max-lease-time 7200;
authoritative;
log-facility local7;
My intention was to have static addresses for the DC(s) an the file
server(s) from 192.168.6.1 - 192.168.6.15 and use DHCP for the Windows 7
Workstations (easier to roll out).
Best regards
Udo
>
>> This translates into missing PTR records of my two virtual PCs in the
>> DNS (configured to get their IPs over DHCP). Can this be related to
>> my first problem or has this other side effects?
>>
> Not having reverse records isn't go to help, but I don't think this is
> your problem.
>
> Rowland
>
More information about the samba
mailing list