[Samba] problem with sessions
Rowland Penny
rpenny at samba.org
Thu Mar 2 13:07:10 UTC 2017
On Thu, 2 Mar 2017 12:40:46 +0100
Tony Peña <emperor.cu at gmail.com> wrote:
>
> so, i can't set browseable = No because the users need to be see the
> shares on the server, else them turn crazy
I never said to set it to 'no', I pointed out that what you had is the
default and as such, it doesn't need to be set.
>
> Ok i restart samba-ad-dc with this settings
>
>
> shares.conf
>
> 47 shares like
>
> [FooBar]
> comment = FooBar
> path = /home/samba/shares/foobar
> browseable = Yes # users need to browse the network because
> them working in this way for many years.
'YES' is the default so you don't need it
> read only = No
> force create mode = 0660
> force directory mode = 0660
This doesn't work on a DC, read the wiki pages I pointed you to!
> vfs objects = acl_xattr full_audit
'acl_xattr' is built into Samba when running as a DC, so it shouldn't be
set here.
> all bind files
>
OK, these are my bind conf files and I have been using them for the
last 5 years without problems ;-)
/etc/bind/named.conf
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
/etc/bind/named.conf.options
options {
directory "/var/cache/bind";
version "0.0.7";
notify no;
empty-zones-enable no;
allow-query { 127.0.0.1; 192.168.0.0/24; };
allow-recursion { 192.168.0.0/24; 127.0.0.1/32; };
forwarders { 8.8.8.8; };
allow-transfer { none; };
dnssec-validation no;
dnssec-enable no;
listen-on-v6 { none; };
listen-on port 53 { 192.168.0.2; 127.0.0.1; };
tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab";
};
/etc/bind/named.conf.local
include "/usr/local/samba/private/named.conf";
/etc/bind/name.conf.default-zones
// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/etc/bind/db.root";
};
// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};
> ------------
> after change on smb.conf and krb5.conf with suggestions.
> I can on the pc client logout and login into the domain,
> can browse the \\server-dc and user Library Ok, but FooBar no (is
> fine in this way for this users logged) because the ACL working with
> filesystem and is ok....
You are trying to use the OS permissions on a Samba AD DC, this NOT
supported.
>
> but my problem from the beginning.... how can i know if i don't lose
> the access into (e.g Library share) after 2/3 days ?
I think your problem is down to your DNS setup, it seems to be using
flatfiles and this is NOT supported by Samba.
Rowland
More information about the samba
mailing list