[Samba] Samba 4.6.5-Debian, authentication on a mix workgroup+domain
Marc-Henri Pamiseux
marc-henri.pamiseux at libricks.org
Sun Jul 30 22:29:31 UTC 2017
Hi Rowland,
Sorry if i did not post smb.conf again, just because nothing really
change since my post from 25/07/2017 14:52.
I have add "ntlm auth = yes" for testing.
# .................... START /etc/samba/smb.conf .......................
# Global parameters
[global]
netbios name = RHEA
workgroup = MYDOMAIN
realm = LOCAL.MYDOMAIN
security = ADS
dedicated keytab file = /etc/krb5.keytab
# use the secrets.tdb first, then the system keytab
kerberos method = secrets and keytab
# OFF password server = hera.local.mydomain
username map = /etc/samba/user.map
username level = 2
ntlm auth = yes
# Niveau de log :
# all,tdb,printdrivers,lanman,smb,rpc_parse,rpc_srv,rpc_cli,passdb,
# sam,auth,winbind,vfs,idmap,quota,acls,locking,msdfs,dmapi,registry
log level = 2 passdb:2 auth:2 vfs:1 acls:1 locking:1
max log size = 5000
log file = /var/log/samba/log.%m
os level = 53
load printers = no
printing = cups
cups options = raw
printcap name = /dev/null
#............... Section specifique a Winbind ...............
winbind cache time = 60
winbind reconnect delay = 15
winbind request timeout = 2
winbind max clients = 2000
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
# Without it your kerberos tickets will expire and not be renewed
winbind refresh tickets = Yes
winbind offline logon = Yes
winbind separator = +
# OFF winbind trusted domains only = no
# See http://pig.made-it.com/uidgid.html
idmap config * : backend = tdb
idmap config * : range = 500-999
idmap config MYDOMAIN:backend = ad
idmap config MYDOMAIN:range = 1000-3000300
idmap config MYDOMAIN:unix_nss_info = yes
idmap config MYDOMAIN:schema_mode = rfc2307
idmap config MYDOMAIN:unix_primary_group = yes
#............... /Section specifique a Winbind ...............
# Network discovery
domain master = no
local master = no
preferred master = no
wins support = no
server signing = auto
client signing = auto
client use spnego = yes
keepalive = 180
dos charset = cp850
kernel change notify = no
notify:inotify = false
# use sendfile = yes
# Gestion globale des droits des partages
# Ces parametres seront - au besoin - surclassé dans la definition du
partage
map acl inherit = yes
store dos attributes = yes
# valid users = %U
acl group control = yes
inherit permissions = yes
browseable = yes
read only = yes
create mask = 0660
directory mask = 0770
access based share enum = yes
hide unreadable = yes
hide unwriteable files = yes
hide files = /.*/desktop.ini/ntuser.ini/NTUSER.*/
# Gestion des Locks
locking = yes
oplocks = yes
strict locking = no
veto oplock files =
/*.doc/*.DOC/.docx/.DOCX/*.xls/*.XLS/*.xlsx/*.XLSX/*.pptx/*.PPTX/*.ppsx/*.PPSX/*.ppt/*.PPT/*.pps/.PPS/*.mdb/*.MDB/*.xml/*.XML/*.db/*.DB/*.PX/*.px/*.LCX/*.lcx/*.LCK/*.lck/*.XG0/*.xg0/*.YG0/*.yg0/*.NET/*.net
/*.tmp/*.TMP
# Virtual File System
vfs objects = acl_xattr
#
[homes]
# path = /home/MYDOMAIN/%U/
comment = Repertoire Personnel
read only = no
browseable = no
create mask = 0600
directory mask = 0700
# Locks
oplocks = no
level2 oplocks = no
# corbeille
include = /etc/samba/inc_recycle.conf
recycle:exclude =
*.o|**obj|*.lo|*.la|*.al|.libs|*.so|*.so.*|*.a|*.pyc|*.pyo|__pycache__|*.rej|*~
#*# .#*|*.swp|.DS_Store|[Tt]humbs.db|*.sdf|*.ncb
recycle:repository = /home/trash/%U/private
#
[Intranet]
path = /home/web/local.mydomain/htdocs/
comment = Intranet Haption
read only = no
# Locks
oplocks = no
level2 oplocks = no
# corbeille
include = /etc/samba/inc_recycle.conf
recycle:exclude = *.tmp
recycle:repository = /home/trash/%U/intranet
#
[projets]
path = /home/data/projets/
comment = Gestion des projets
read only = no
# Locks
oplocks = no
level2 oplocks = no
#
[public]
path = /home/data/public/
comment = Public Stuff
read only = no
# Locks
oplocks = no
level2 oplocks = no
# .................... STOP /etc/samba/smb.conf ........................
# ................... START /etc/samba/user.map ........................
!root = MYDOMAIN\Administrator MYDOMAIN\administrator Administrator
administrator
# .................... STOP /etc/samba/user.map ........................
Regards,
--
Marc-Henri Pamiseux - SARL Libricks - www.libricks.fr
6 rue Léonard de Vinci - CS 20119, 53001 LAVAL Cedex
Tel. : 02.30.96.15.24 / Mobile : 06.26.71.30.97
Le 28/07/2017 à 10:46, Rowland Penny via samba a écrit :
>
> Hi, sorry but my crystal ball is away at the menders and my telepathy
> is on the fritz, so could you please post your smb.conf ;-)
>
> Rowland
>
>
More information about the samba
mailing list