[Samba] Unable to authenticate with Samba 4.5 from XP box

Rowland Penny rpenny at samba.org
Mon Oct 30 11:44:11 UTC 2017


On Mon, 30 Oct 2017 12:19:06 +0100
Daniel Carrasco via samba <samba at lists.samba.org> wrote:

> Thanks L.P.H and Rowland,
> 
> I've just tested the L.P.H solution and after reboot I'm able to
> authenticate with the member server without problem. Is slow listing
> folders with much objects but works (maybe happened always).
> 
> Here's my smb.conf:
> 
> [global]
> workgroup = DOMAIN
> security = ADS
> realm = DOMAIN.COM
> server role = member server
> dedicated keytab file = /etc/krb5.keytab
> kerberos method = secrets and keytab
> 
> idmap config *:backend = tdb
> idmap config *:range = 3000-7999
> idmap config ACONFI:backend = rid
> idmap config ACONFI:schema_mode = rfc2307
> idmap config ACONFI:range = 10000-999999

I hope that 'workgroup = DOMAIN' is really 'workgroup = ACONFI'

As you are using 'rid', you do not need the 'schema_mode' line. 

> 
> winbind nss info = rfc2307

You also do not need the line above.

> # winbind trusted domains only = no
> winbind use default domain = yes
> # winbind enum users  = yes
> # winbind enum groups = yes
> winbind offline logon = yes
> # winbind refresh tickets = Yes

You really should uncomment the line above.

> # winbind expand groups = 4
> winbind normalize names = Yes
> # domain master = no
> # local master = no
> vfs objects = acl_xattr
> map acl inherit = Yes
> store dos attributes = Yes
> log level = 3
> 
> # Configuramos la papelera de reciclaje y el audit
> vfs objects = recycle full_audit

I would combine the two 'vfs objects' lines, the second one turns off
the first one.

> 

> [Folder]
> path = /server_ssd/share/folder
> read only = no
> browsable = yes
> valid users = @allowed_group

As you seem to want to use 'acl_xattr' you should set the valid users
from windows and remove the 'valid users' line.

Rowland



More information about the samba mailing list