[Samba] Share access problem.

Rowland Penny rpenny at samba.org
Fri Aug 11 19:31:03 UTC 2017 

On Fri, 11 Aug 2017 14:59:36 -0400
<Sebastien.Boulianne at cpu.ca> wrote:

> Hi,
> 
> I checked my config this week.
> I did some changes.
> 
> I can now list the share FTPFiles but I cant view the files.
> What can be wrong ?
> 
> # krb5.conf
> https://pastebin.com/gDhMnM4B 
> 
> # nsswitch.conf
> https://pastebin.com/HEk1LwJg 
> 
> # smb.conf
> https://pastebin.com/f5hqStFk 
> 
> # log.winbindd
> https://pastebin.com/nxv13gd9 
> 

OK, I would change /etc/krb5.conf to just this:

[libdefaults]
    default_realm = DOMAIN.QC.CA
    dns_lookup_realm = false
    dns_lookup_kdc = true

In /etc/nsswitch.conf change:

passwd:         files winbind systemd sss
group:          files winbind systemd sss
shadow:         files systemd sss

To:

passwd:         files winbind
group:          files winbind
shadow:         files 

Change:

hosts:          files docker [NOTFOUND=return] gw_name mdns4_minimal
[NOTFOUND=return] resolve [!UNAVAIL=return] dns myhostname mymachines

To:

hosts:          files dns

Change:

protocols:      db files winbind
services:       db files winbind sss

To:

protocols:      db files
services:       db files

Change:

netgroup:       nis files winbind sss

To:

netgroup:       nis

I would remove all these lines from smb.conf:

        logon drive = H:
        max xmit = 32768
        min receivefile size = 2048
        map to guest = Bad User
        obey pam restrictions = Yes
        pam password change = Yes
        passdb backend = smbpasswd
        passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully*.
        passwd program = /usr/bin/passwd %u
        password server = domainmaster2.domain.qc.ca domainmaster1.domain.qc.ca
        restrict anonymous = 1
        unix password sync = Yes
        deadtime = 15
        idmap gid = 10000-20000
        winbind cache time = 30
        winbind enum groups = Yes
        winbind enum users = Yes
        dns proxy = No
        wins server = 10.20.1.64
        aio read size = 2048
        aio write size = 2048
        use sendfile = Yes
        write cache size = 1024000

I would change this line:

        idmap config * : range = 10000-20000

To:

        idmap config * : range = 3000-7999

I would add:

    idmap config DOMAIN : backend = rid
    idmap config DOMAIN : range = 10000-999999
    template shell = /bin/bash
    template homedir = /home/%U

    vfs objects = acl_xattr
    map acl inherit = Yes
    store dos attributes = Yes

With these changes it should work, but it is your computer, so the
choice is yours, use winbind or sssd for authentication, you cannot use
both.

Rowland

More information about the samba mailing list