[Samba] Windows cant access shared directories after changed password with smbpasswd
Rowland Penny
rpenny at samba.org
Mon Jun 26 18:51:00 UTC 2017
On Mon, 26 Jun 2017 15:33:38 -0300
Cesar Martins <cesar.inacio.martins at gmail.com> wrote:
> 2017-06-26 14:58 GMT-03:00 Rowland Penny via samba
> <samba at lists.samba.org>:
>
> > I think this may be the problem: server max protocol = SMB3_11
> >
> > I feel if you change this to 'server max protocol = NT1' it will
> > most likely work, but you will probably not want to do this.
> >
> > You also posted this:
> >
> > Forcing Primary Group to 'Domain Users' for cinacio
> >
> > From this, it looks like your windows machines are part of an AD
> > domain, so why not turn your Samba standalone server into a Unix
> > domain member server. This way, authentication passes to your AD DC
> > and the passwords are forced to be always in sync. It will also be
> > easier to set ACLs on the fileserver, because you will be able to
> > do this from Windows.
> >
> > See here for more info:
> >
> > https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
> >
>
> I tried set the protocol to NT1 before, without success...
> I tried again, just for sure and no effect. (to solve the item 2 )
>
> About include this Samba as part of AD , unfortunately this isn't
> possible because I do not have admin rights here at the company and
> the Admins will not allow add a Linux server into "they" AD , since
> this server is for minor proposes....
>
> Thank you !
> Best Regards
> Cesar
Are the Windows machines under your control ?
Can I also point out that your Windows Sysadmins are fairly typical,
you might want to point out to them that it isn't 'their' domain, it is
the companies ;-)
Can you not go over their heads to your department head ?
Who joins computers to the domain for you ?
Have you told that them that it would be more secure if your server was
part of the domain (it probably wouldn't be, but they will not know
this)
What I am trying to get at is, you will be better off inside a domain,
but from the sound of it, you may have to run your own domain.
Rowland
More information about the samba
mailing list