[Samba] Samba ADS-member-server: FQDNs in /etc/hosts
Stefan G. Weichinger
lists at xunil.at
Tue Jul 11 10:22:36 UTC 2017
Am 2017-07-11 um 12:16 schrieb Rowland Penny:
> Try running this:
>
> ldbsearch -H /path/to/sam.ldb -b "dc=secret,dc=at" -s sub
> "(&(objectclass=user)(uidnumber=11029))"
>
> This will check if it is a user.
Did so, no entry returned.
--
plus: please note that yesterday all users could work normally ....
> Can you post the smb.conf from the DM (and the DC)
DC:
root at pre01svdeb02:~# cat /etc/samba/smb.conf
# Global parameters
[global]
workgroup = BUERO
realm = secret.AT
netbios name = DC
server role = active directory domain controller
idmap_ldb:use rfc2307 = yes
load printers = No
printcap name = /dev/null
log level = 2
dns forwarder = 192.168.16.111
# lph
template shell = /bin/bash
sdb:schema update allowed = no
time server = yes
usershare path =
[netlogon]
path = /var/lib/samba/sysvol/secret.at/scripts
read only = No
acl_xattr:ignore system acls = Yes
[sysvol]
path = /var/lib/samba/sysvol
read only = No
acl_xattr:ignore system acls = Yes
----
DM:
root at pre01svdeb01:~# cat /etc/samba/smb.conf
# This file is managed remotely, all changes will be lost
[global]
workgroup = BUERO
realm = secret.AT
netbios name = SERVER
security = ADS
map to guest = Bad User
username map = /etc/samba/smbusers
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
winbind refresh tickets = yes
winbind trusted domains only = no
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
winbind nss info = template
template shell = /usr/sbin/nologin
map untrusted to domain = Yes
# Default idmap config used for BUILTIN and local accounts/groups
idmap config *:backend = tdb
idmap config *:range = 2000-9999
# idmap config for domain BUERO
idmap config BUERO:backend = rid
idmap config BUERO:range = 10000-99999
idmap config BUERO:schema_mode = rfc2307
load printers = no
printing = bsd
printcap name = /dev/null
# turn off roaming profiles
logon path = ""
logon home = ""
#hosts allow = localhost 192.168.16. 172.32.99.
log level = 3
.... skipped shares, OK ?
thanks a lot ...
More information about the samba
mailing list