[Samba] Access to sharing by hostname but not by its IP

Marc-Henri Pamiseux marc-henri.pamiseux at libricks.org
Tue Jul 25 15:07:58 UTC 2017


Rowland,

Thank you for letting me know that the '*' used in the idmap
configuration concerns the well known Identifiers. I did not know. In
fact, I thought it was to characterize the identifiers that do not
belong to the domain cited, a kind of identifier by default. On closer
inspection, that is how it is used.

I did not plan to use local Linux identifiers other than system
identifiers (<1000). This is a Samba migration so there are already
accounts with identifiers between 1001 and 1072 then between 3000059 and
3000087. I would like my shares to work before re-uniformizing these
identifiers and then review the ACLs of the files involved in these
changes .

I have remove "password server", "encrypt passwords" and "vfs objects =
dfs_samba4" from /etc/samba/smb.conf;
default idmap config range is now from 850 to 999.

As Louis van Belle explain, "If the Kerberos protocol is not negotiated
for some reason, Active Directory uses LM, NTLM, or NTLM version 2
(NTLMv2). And in this case, windows fals back to NTLM and then you
accessing the server as user guest".
The proposed GPO (Network security: LAN Manager Authentication Level
setting to Send NTLMv2 responses only) was already setup.
By the way, i was ignoring this process. Cool :)

Since I switched to winbind, I no longer get the value of the ids stored
in Active Directory.
The getent command no longer add the domain's short name as a prefixe
for user accounts. What were the options for this display?
On the RHEA file server, I stopped winbind, smbd and nmbd and then
deleted the files:
/var/lib/samba/{winbindd_cache.tdb,winbindd_idmap.tdb}.
I have restart all these services. nothing better.

An idea ?
-- 
Marc-Henri Pamiseux - SARL Libricks - www.libricks.fr
6 rue LĂ©onard de Vinci - CS 20119, 53001 LAVAL Cedex
Tel. : 02.30.96.15.24 / Mobile : 06.26.71.30.97



More information about the samba mailing list