[Samba] Access to sharing by hostname but not by its IP

Marc-Henri Pamiseux marc-henri.pamiseux at libricks.org
Tue Jul 25 12:52:37 UTC 2017 

Thanks Rowland,

Since i use winbind, i cannot connect to the share on RHEA anymore...
Probably a rights problem...
Here are my configuration :

# samba --version
Version 4.6.5-Debian

# .................... START /etc/samba/smb.conf .......................
# Global parameters
[global]
        netbios name = RHEA
        workgroup = MYDOMAIN
        realm = LOCAL.MYDOMAIN
        security = ADS

        dedicated keytab file = /etc/krb5.keytab
        # use the secrets.tdb first, then the system keytab
        kerberos method = secrets and keytab

        password server = hera.local.mydomain
        encrypt passwords = Yes
        username map = /etc/samba/user.map
        username level = 2

        # Niveau de log :
        # all,tdb,printdrivers,lanman,smb,rpc_parse,rpc_srv,rpc_cli,passdb,
        # sam,auth,winbind,vfs,idmap,quota,acls,locking,msdfs,dmapi,registry
        log level = 2 passdb:2 auth:2 vfs:1 acls:1 locking:1
        max log size = 5000
        log file = /var/log/samba/log.%m
        os level = 53

        load printers = no
        printing = cups
        cups options = raw
        printcap name = /dev/null

#............... Section specifique a Winbind ...............
        winbind cache time = 60
        winbind reconnect delay = 15
        winbind request timeout = 2
        winbind max clients = 2000
        winbind enum users = yes
        winbind enum groups = yes
        winbind use default domain = yes

        # Without it your kerberos tickets will expire and not be renewed
        # winbind refresh tickets = Yes
        # winbind offline logon = Yes
        winbind separator = +
        # OFF winbind trusted domains only = no

        idmap config * : backend = tdb
        idmap config * : range = 950-999
        idmap config MYDOMAIN:backend  = ad
        idmap config MYDOMAIN:range  = 1000-3000300
        idmap config MYDOMAIN:unix_nss_info = yes
        idmap config MYDOMAIN:schema_mode = rfc2307
        idmap config MYDOMAIN:unix_primary_group = yes
#............... /Section specifique a Winbind ...............

        # Network discovery
        domain master = no
        local master = no
        preferred master = no
        wins support = no

        server signing = auto
        client signing = auto
        client use spnego = yes

        keepalive = 180
        dos charset = cp850
        kernel change notify = no
        notify:inotify = false
        # use sendfile = yes

# Gestion globale des droits des partages
# Ces parametres seront - au besoin - surclassé dans la definition du
partage
        map acl inherit = yes
        store dos attributes = yes
        acl group control = yes
        inherit permissions = yes
        browseable = yes
        read only = yes
        create mask = 0660
        directory mask = 0770
        access based share enum = yes
        hide unreadable = yes
        hide unwriteable files = yes
        hide files = /.*/desktop.ini/ntuser.ini/NTUSER.*/

        # Gestion des Locks
        locking = yes
        oplocks = yes
        strict locking = no
        veto oplock files =
/*.doc/*.DOC/.docx/.DOCX/*.xls/*.XLS/*.xlsx/*.XLSX/*.pptx/*.PPTX/*.ppsx/*.PPSX/*.ppt/*.PPT/*.pps/.PPS/*.mdb/*.MDB/*.xml/*.XML/*.db/*.DB/*.PX/*.px/*.LCX/*.lcx/*.LCK/*.lck/*.XG0/*.xg0/*.YG0/*.yg0/*.NET/*.net
/*.tmp/*.TMP

        # Virtual File System
        vfs objects = acl_xattr dfs_samba4

[homes]
#    path = /home/MYDOMAIN/%U/
        comment = Repertoire Personnel
        read only = no
        browseable = no
        create mask = 0600
        directory mask = 0700

        # ACL
        valid users = +"LOCAL.MYDOMAIN\Domain Users",
+"LOCAL.MYDOMAIN\Domain Admins"
        write list = +"LOCAL.MYDOMAIN\Domain Users",
+"LOCAL.MYDOMAIN\Domain Admins"

        # Locks
        oplocks = no
        level2 oplocks = no
#
#
[projets]
        path = /home/data/projets/
        comment = Gestion des projets
        read only = no

        # ACL
        valid users = +"LOCAL.MYDOMAIN\Domain Users",
+"LOCAL.MYDOMAIN\Domain Admins"
        write list = +"LOCAL.MYDOMAIN\Domain Users",
+"LOCAL.MYDOMAIN\Domain Admins"

        # Locks
        oplocks = no
        level2 oplocks = no
#
[public]
        path = /home/data/public/
        comment = Public Stuff
        read only = no

        # ACL
        valid users = +"LOCAL.MYDOMAIN\Domain Users",
+"LOCAL.MYDOMAIN\Domain Admins"
        write list = +"LOCAL.MYDOMAIN\Domain Users",
+"LOCAL.MYDOMAIN\Domain Admins"
        # valid users = %U

        # Locks
        oplocks = no
        level2 oplocks = no
# .................... STOP /etc/samba/smb.conf ........................

# ................... START /etc/samba/user.map ........................
!root = MYDOMAIN\Administrator MYDOMAIN\administrator Administrator
administrator
# .................... STOP /etc/samba/user.map ........................

Regards,
-- 
Marc-Henri Pamiseux - SARL Libricks - www.libricks.fr
6 rue LĂ©onard de Vinci - CS 20119, 53001 LAVAL Cedex
Tel. : 02.30.96.15.24 / Mobile : 06.26.71.30.97

More information about the samba mailing list