[Samba] DCs are trying to replicate data from a domain member and fail
Rowland Penny
rpenny at samba.org
Tue Jul 25 09:46:36 UTC 2017
On Tue, 25 Jul 2017 12:05:43 +0300
Mitocariu Emilian <mitocariu.emilian at gmail.com> wrote:
> I'm not the one who set up the server so i don't know exactly all the
> steps, but this should be the build process for the domain server.
>
> These packages were installed: samba winbind libnss-winbind
> libpam-winbind acl libpam-krb5 krb5-user
>
> /etc/samba/smb.conf:
> [global] workgroup = mydomain server string = FS1 security = ads
> realm = MYDOMAIN.COM socket options = TCP_NODELAY IPTOS_LOWDELAY
> SO_RCVBUF=131072 SO_SNDBUF=131072 use sendfile = true idmap config
> * : backend = tdb idmap config * : range = 100000-299999 idmap config
> mydomain : backend = rid idmap config mydomain : range = 10000-99999
> winbind enum users = yes winbind enum groups = yes winbind use
> default domain = yes winbind refresh tickets = yes log file
> = /var/log/samba/log.%m max log size = 50 server signing = mandatory
> [share1] comment = Share1 Description writeable = yes browseable=yes
> write list = @"Domain Users" path = /mnt/share1/ force directory mode
> = 755 force group = Domain Users force create mode = 665 valid users
> = @"Domain Users" create mode = 665 directory mode = 775
>
> And it joined the domain like this: "net ads join -U user.name".
>
OK, I was just checking that you hadn't done something that is
unsupported, like provisioning a member server, which you haven't.
The only things I can see wrong with your smb.conf, is a couple of
lines and these are only nit-picks:
I would remove the 'socket options' line, stop trying to out guess your
cpu.
I would also remove the 'server signing' line, you are forcing SMB1
signing but SMB2 clients must use signing anyway.
What are actually getting when you run the samba-tool command ?
Rowland
More information about the samba
mailing list