[Samba] problem with sessions
rpenny at samba.org
Wed Mar 1 17:26:31 UTC 2017
On Wed, 1 Mar 2017 17:48:47 +0100
Tony Peña <emperor.cu at gmail.com> wrote:
> server role = dc
> server role = active directory domain controller
> i'm correct ?
Nearly, but you should only have one 'server role' line and the second
line is the correct one.
> on include shares.conf is all share directorys...i got 47 shares...
> so .. i just paste here 1 as example,, the rest are equals just
> changing the path
> comment = Library in common
> path = /home/samba/shares/Library
> browseable = Yes
> read only = No
> force create mode = 0660
> force directory mode = 0660
> vfs objects = acl_xattr full_audit
> full_audit:failure = connect opendir disconnect unlink mkdir
> rmdir open rename
I take it you haven't read this wiki page:
You cannot use POSIX ACLs on a Samba AD DC, so your share should be
something like this:
comment = Library in common
path = /home/samba/shares/Library
read only = No
vfs objects = full_audit
full_audit:failure = connect opendir disconnect unlink mkdir rmdir open rename
You also had 'browseable = yes', this the default setting, but it has
no affect on a DC, there is no browsing on a Samba AD DC.
Once you have changed the share, you will need to read this wiki page:
> the filesystem is with acl,
> the filesystem on thouse are: user : group : others
> drwxrwx---+ 9 SERVERDC\administrator adm
> 4,0K mar 1 14:26 Library
You will probably need to change this to root:domain admins
Talking of which, I hope you haven't given Administrator a uidNumber.
> on resolv.conf
> root at server-dc:~# cat /etc/resolv.conf
> nameserver 127.0.0.1
> nameserver 22.214.171.124
> nameserver 126.96.36.199
> search serverdc.lcl
You should remove the google nameservers, they should be set as
forwarders in your bind9 conf files.
> the bind is ok,
I didn't ask if it was 'ok', I asked how you have set it up, I think
you need to post your bind9 conf files.
> i register PC into domain and it's added into ldap
> so i can ping NAME_OF_PC and pinging normally and see it using
> pdbedit. this is somethings i can't understand in some how...
> normally i use openldap, but int this case is samba (simulate ldap) ?
> because i see samba run process to can see from my ldap client the
> whole directory
Yes, Samba 4 running as an AD DC does use its own ldap and the DNS info
is stored in AD, but you need to use 'samba_dlz' to connect to it. You
also need to setup bind9 correctly.
More information about the samba