[Samba] kerberos got crazy after ubuntu upgrade from 14.04 to 16.04
Rowland Penny
rpenny at samba.org
Sun Apr 23 08:32:43 UTC 2017
On Sun, 23 Apr 2017 09:39:53 +0200
Jakub Kulesza via samba <samba at lists.samba.org> wrote:
> Hi!
>
> I had to upgrade my PDC from 14.04 to 16.04 Ubuntu. The samba version
> stayed the same, but then some crazy miracles started to
> happen. 4.3.11+dfsg-0ubuntu0.16.04.6
>
You haven't got a PDC, you have an AD DC
Can I suggest you remove these lines:
security = auto
dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr, netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser, eventlog6, backupkey, dnsserver, winreg, srvsvc
client use spnego = yes
map acl inherit = Yes
hosts allow = ALL
server signing = auto
raw NTLMv2 auth = yes
client ipc signing = auto
client ldap sasl wrapping = plain
idmap config GPMV : backend = ad
idmap config GPMV : range = 1000-9999999
map untrusted to domain = Yes
store dos attributes = yes
kerberos method = secrets and keytab
usershare max shares = 0
encrypt passwords = yes
password server = pdc.biuro.domain
Change this :
vfs objects = acl_xattr, full_audit
To:
vfs objects = full_audit
But put it into a share!
Also finally, there is this:
server services = rpc, nbt, wrepl, ldap, cldap, drepl, winbind,
ntp_signd, kcc, dnsupdate, dns, s3fs, winbindd
I suggest you remove this as well because you have all the default
settings and 'winbind' & 'winbindd'
Rowland
More information about the samba
mailing list