[Samba] problem with sessions

Rowland Penny rpenny at samba.org
Thu Mar 2 13:07:10 UTC 2017

On Thu, 2 Mar 2017 12:40:46 +0100
Tony Peña <emperor.cu at gmail.com> wrote:

> so, i can't set browseable = No because the users need to be see the
> shares on the server, else them turn crazy

I never said to set it to 'no', I pointed out that what you had is the
default and as such, it doesn't need to be set.

> Ok i restart samba-ad-dc with this settings
> shares.conf
> 47 shares like
> [FooBar]
>     comment = FooBar
>     path = /home/samba/shares/foobar
>     browseable = Yes    # users need to browse the network because
> them working in this way for many years.

'YES' is the default so you don't need it

>     read only = No
>     force create mode = 0660
>     force directory mode = 0660

This doesn't work on a DC, read the wiki pages I pointed you to!

>     vfs objects = acl_xattr full_audit

'acl_xattr' is built into Samba when running as a DC, so it shouldn't be
set here.

> all bind files

OK, these are my bind conf files and I have been using them for the
last 5 years without problems ;-)


include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";


options {
        directory "/var/cache/bind";
        version "0.0.7";
        notify no;
        empty-zones-enable no;
        allow-query {;; };
        allow-recursion {;; };
        forwarders {; };
        allow-transfer { none; };
        dnssec-validation no;
        dnssec-enable no;

        listen-on-v6 { none; };
        listen-on port 53 {;; };
        tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab";


include "/usr/local/samba/private/named.conf";


// prime the server with knowledge of the root servers
zone "." {
        type hint;
        file "/etc/bind/db.root";

// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912

zone "localhost" {
        type master;
        file "/etc/bind/db.local";

zone "127.in-addr.arpa" {
        type master;
        file "/etc/bind/db.127";

zone "0.in-addr.arpa" {
        type master;
        file "/etc/bind/db.0";

zone "255.in-addr.arpa" {
        type master;
        file "/etc/bind/db.255";

> ------------
> after change on smb.conf and krb5.conf with suggestions.
> I can on the pc client logout and login into the domain,
> can browse the \\server-dc and user Library Ok, but FooBar no (is
> fine in this way for this users logged) because the ACL working with
> filesystem and is ok....

You are trying to use the OS permissions on a Samba AD DC, this NOT

> but my problem from the beginning.... how can i know if i don't lose
> the access into (e.g Library share) after 2/3 days ?

I think your problem is down to your DNS setup, it seems to be using
flatfiles and this is NOT supported by Samba.


More information about the samba mailing list