[Samba] Unable to authenticate with Samba 4.5 from XP box

Daniel Carrasco d.carrasco at i2tic.com
Mon Oct 30 12:07:17 UTC 2017


Thanks Rowland.

Yes, I use ACONFI as Workgroup but I always try to hide my domain name on
lists (today i've failed :P)

Thanks for your recomendations. I'll change it, and I'll disable
the acl_xattr because I use the linux tools to manage the permissions
(setfacl).

Greetings!!

2017-10-30 12:44 GMT+01:00 Rowland Penny via samba <samba at lists.samba.org>:

> On Mon, 30 Oct 2017 12:19:06 +0100
> Daniel Carrasco via samba <samba at lists.samba.org> wrote:
>
> > Thanks L.P.H and Rowland,
> >
> > I've just tested the L.P.H solution and after reboot I'm able to
> > authenticate with the member server without problem. Is slow listing
> > folders with much objects but works (maybe happened always).
> >
> > Here's my smb.conf:
> >
> > [global]
> > workgroup = DOMAIN
> > security = ADS
> > realm = DOMAIN.COM
> > server role = member server
> > dedicated keytab file = /etc/krb5.keytab
> > kerberos method = secrets and keytab
> >
> > idmap config *:backend = tdb
> > idmap config *:range = 3000-7999
> > idmap config ACONFI:backend = rid
> > idmap config ACONFI:schema_mode = rfc2307
> > idmap config ACONFI:range = 10000-999999
>
> I hope that 'workgroup = DOMAIN' is really 'workgroup = ACONFI'
>
> As you are using 'rid', you do not need the 'schema_mode' line.
>
> >
> > winbind nss info = rfc2307
>
> You also do not need the line above.
>
> > # winbind trusted domains only = no
> > winbind use default domain = yes
> > # winbind enum users  = yes
> > # winbind enum groups = yes
> > winbind offline logon = yes
> > # winbind refresh tickets = Yes
>
> You really should uncomment the line above.
>
> > # winbind expand groups = 4
> > winbind normalize names = Yes
> > # domain master = no
> > # local master = no
> > vfs objects = acl_xattr
> > map acl inherit = Yes
> > store dos attributes = Yes
> > log level = 3
> >
> > # Configuramos la papelera de reciclaje y el audit
> > vfs objects = recycle full_audit
>
> I would combine the two 'vfs objects' lines, the second one turns off
> the first one.
>
> >
>
> > [Folder]
> > path = /server_ssd/share/folder
> > read only = no
> > browsable = yes
> > valid users = @allowed_group
>
> As you seem to want to use 'acl_xattr' you should set the valid users
> from windows and remove the 'valid users' line.
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>



-- 
_________________________________________

      Daniel Carrasco Marín
      Ingeniería para la Innovación i2TIC, S.L.
      Tlf:  +34 911 12 32 84 Ext: 223
      www.i2tic.com
_________________________________________


More information about the samba mailing list