[Samba] Unable to authenticate with Samba 4.5 from XP box
Rowland Penny
rpenny at samba.org
Mon Oct 30 11:44:11 UTC 2017
On Mon, 30 Oct 2017 12:19:06 +0100
Daniel Carrasco via samba <samba at lists.samba.org> wrote:
> Thanks L.P.H and Rowland,
>
> I've just tested the L.P.H solution and after reboot I'm able to
> authenticate with the member server without problem. Is slow listing
> folders with much objects but works (maybe happened always).
>
> Here's my smb.conf:
>
> [global]
> workgroup = DOMAIN
> security = ADS
> realm = DOMAIN.COM
> server role = member server
> dedicated keytab file = /etc/krb5.keytab
> kerberos method = secrets and keytab
>
> idmap config *:backend = tdb
> idmap config *:range = 3000-7999
> idmap config ACONFI:backend = rid
> idmap config ACONFI:schema_mode = rfc2307
> idmap config ACONFI:range = 10000-999999
I hope that 'workgroup = DOMAIN' is really 'workgroup = ACONFI'
As you are using 'rid', you do not need the 'schema_mode' line.
>
> winbind nss info = rfc2307
You also do not need the line above.
> # winbind trusted domains only = no
> winbind use default domain = yes
> # winbind enum users = yes
> # winbind enum groups = yes
> winbind offline logon = yes
> # winbind refresh tickets = Yes
You really should uncomment the line above.
> # winbind expand groups = 4
> winbind normalize names = Yes
> # domain master = no
> # local master = no
> vfs objects = acl_xattr
> map acl inherit = Yes
> store dos attributes = Yes
> log level = 3
>
> # Configuramos la papelera de reciclaje y el audit
> vfs objects = recycle full_audit
I would combine the two 'vfs objects' lines, the second one turns off
the first one.
>
> [Folder]
> path = /server_ssd/share/folder
> read only = no
> browsable = yes
> valid users = @allowed_group
As you seem to want to use 'acl_xattr' you should set the valid users
from windows and remove the 'valid users' line.
Rowland
More information about the samba
mailing list