[Samba] Access to sharing by hostname but not by its IP
Marc-Henri Pamiseux
marc-henri.pamiseux at libricks.org
Tue Jul 25 12:52:37 UTC 2017
Thanks Rowland,
Since i use winbind, i cannot connect to the share on RHEA anymore...
Probably a rights problem...
Here are my configuration :
# samba --version
Version 4.6.5-Debian
# .................... START /etc/samba/smb.conf .......................
# Global parameters
[global]
netbios name = RHEA
workgroup = MYDOMAIN
realm = LOCAL.MYDOMAIN
security = ADS
dedicated keytab file = /etc/krb5.keytab
# use the secrets.tdb first, then the system keytab
kerberos method = secrets and keytab
password server = hera.local.mydomain
encrypt passwords = Yes
username map = /etc/samba/user.map
username level = 2
# Niveau de log :
# all,tdb,printdrivers,lanman,smb,rpc_parse,rpc_srv,rpc_cli,passdb,
# sam,auth,winbind,vfs,idmap,quota,acls,locking,msdfs,dmapi,registry
log level = 2 passdb:2 auth:2 vfs:1 acls:1 locking:1
max log size = 5000
log file = /var/log/samba/log.%m
os level = 53
load printers = no
printing = cups
cups options = raw
printcap name = /dev/null
#............... Section specifique a Winbind ...............
winbind cache time = 60
winbind reconnect delay = 15
winbind request timeout = 2
winbind max clients = 2000
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
# Without it your kerberos tickets will expire and not be renewed
# winbind refresh tickets = Yes
# winbind offline logon = Yes
winbind separator = +
# OFF winbind trusted domains only = no
idmap config * : backend = tdb
idmap config * : range = 950-999
idmap config MYDOMAIN:backend = ad
idmap config MYDOMAIN:range = 1000-3000300
idmap config MYDOMAIN:unix_nss_info = yes
idmap config MYDOMAIN:schema_mode = rfc2307
idmap config MYDOMAIN:unix_primary_group = yes
#............... /Section specifique a Winbind ...............
# Network discovery
domain master = no
local master = no
preferred master = no
wins support = no
server signing = auto
client signing = auto
client use spnego = yes
keepalive = 180
dos charset = cp850
kernel change notify = no
notify:inotify = false
# use sendfile = yes
# Gestion globale des droits des partages
# Ces parametres seront - au besoin - surclassé dans la definition du
partage
map acl inherit = yes
store dos attributes = yes
acl group control = yes
inherit permissions = yes
browseable = yes
read only = yes
create mask = 0660
directory mask = 0770
access based share enum = yes
hide unreadable = yes
hide unwriteable files = yes
hide files = /.*/desktop.ini/ntuser.ini/NTUSER.*/
# Gestion des Locks
locking = yes
oplocks = yes
strict locking = no
veto oplock files =
/*.doc/*.DOC/.docx/.DOCX/*.xls/*.XLS/*.xlsx/*.XLSX/*.pptx/*.PPTX/*.ppsx/*.PPSX/*.ppt/*.PPT/*.pps/.PPS/*.mdb/*.MDB/*.xml/*.XML/*.db/*.DB/*.PX/*.px/*.LCX/*.lcx/*.LCK/*.lck/*.XG0/*.xg0/*.YG0/*.yg0/*.NET/*.net
/*.tmp/*.TMP
# Virtual File System
vfs objects = acl_xattr dfs_samba4
[homes]
# path = /home/MYDOMAIN/%U/
comment = Repertoire Personnel
read only = no
browseable = no
create mask = 0600
directory mask = 0700
# ACL
valid users = +"LOCAL.MYDOMAIN\Domain Users",
+"LOCAL.MYDOMAIN\Domain Admins"
write list = +"LOCAL.MYDOMAIN\Domain Users",
+"LOCAL.MYDOMAIN\Domain Admins"
# Locks
oplocks = no
level2 oplocks = no
#
#
[projets]
path = /home/data/projets/
comment = Gestion des projets
read only = no
# ACL
valid users = +"LOCAL.MYDOMAIN\Domain Users",
+"LOCAL.MYDOMAIN\Domain Admins"
write list = +"LOCAL.MYDOMAIN\Domain Users",
+"LOCAL.MYDOMAIN\Domain Admins"
# Locks
oplocks = no
level2 oplocks = no
#
[public]
path = /home/data/public/
comment = Public Stuff
read only = no
# ACL
valid users = +"LOCAL.MYDOMAIN\Domain Users",
+"LOCAL.MYDOMAIN\Domain Admins"
write list = +"LOCAL.MYDOMAIN\Domain Users",
+"LOCAL.MYDOMAIN\Domain Admins"
# valid users = %U
# Locks
oplocks = no
level2 oplocks = no
# .................... STOP /etc/samba/smb.conf ........................
# ................... START /etc/samba/user.map ........................
!root = MYDOMAIN\Administrator MYDOMAIN\administrator Administrator
administrator
# .................... STOP /etc/samba/user.map ........................
Regards,
--
Marc-Henri Pamiseux - SARL Libricks - www.libricks.fr
6 rue LĂ©onard de Vinci - CS 20119, 53001 LAVAL Cedex
Tel. : 02.30.96.15.24 / Mobile : 06.26.71.30.97
More information about the samba
mailing list