[Samba] get access denied on samba AD share
Qiao Xu
x.roby at hotmail.com
Thu Sep 21 09:22:33 UTC 2017
Hello Sambaers, i can not access my samba shares after upgrade my centos to 7.4,samba version was upgraded to 4.6.2
i joined centos to windows domain by realm command,domain user(format as username at doaminname) could login to centos
could get kerberos ticket by kinit with domain user
execute net view command at domain windows server get access denied
C:\>net view \\ark-centos-smb4.qa.arkivio.com
System error 5 has occurred.
Access is denied.
C:\>net view \\192.168.32.26
System error 5 has occurred.
Access is denied.
collected following log while get access denied error with samba server ip, i complains can not find the user,and run getent passwd domainuser at domainname could finish successfully
[2017/09/21 00:36:03.319546, 3] ../source3/smbd/oplock.c:1322(init_oplocks)
init_oplocks: initializing messages.
[2017/09/21 00:36:03.319707, 3] ../source3/smbd/process.c:1957(process_smb)
Transaction 0 of length 159 (0 toread)
[2017/09/21 00:36:03.319744, 3] ../source3/smbd/process.c:1538(switch_message)
switch message SMBnegprot (pid 23703) conn 0x0
[2017/09/21 00:36:03.319767, 4] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2017/09/21 00:36:03.320414, 3] ../source3/smbd/negprot.c:603(reply_negprot)
Requested protocol [PC NETWORK PROGRAM 1.0]
[2017/09/21 00:36:03.320441, 3] ../source3/smbd/negprot.c:603(reply_negprot)
Requested protocol [LANMAN1.0]
[2017/09/21 00:36:03.320454, 3] ../source3/smbd/negprot.c:603(reply_negprot)
Requested protocol [Windows for Workgroups 3.1a]
[2017/09/21 00:36:03.320466, 3] ../source3/smbd/negprot.c:603(reply_negprot)
Requested protocol [LM1.2X002]
[2017/09/21 00:36:03.320482, 3] ../source3/smbd/negprot.c:603(reply_negprot)
Requested protocol [LANMAN2.1]
[2017/09/21 00:36:03.320497, 3] ../source3/smbd/negprot.c:603(reply_negprot)
Requested protocol [NT LM 0.12]
[2017/09/21 00:36:03.320509, 3] ../source3/smbd/negprot.c:603(reply_negprot)
Requested protocol [SMB 2.002]
[2017/09/21 00:36:03.320538, 3] ../source3/smbd/negprot.c:603(reply_negprot)
Requested protocol [SMB 2.???]
[2017/09/21 00:36:03.320638, 4] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2017/09/21 00:36:03.320722, 3] ../source3/smbd/smb2_negprot.c:290(smbd_smb2_request_process_negprot)
Selected protocol SMB2_FF
[2017/09/21 00:36:03.321314, 2] ../source3/librpc/crypto/gse_krb5.c:229(fill_mem_keytab_from_secrets)
../source3/librpc/crypto/gse_krb5.c:229: failed to fetch machine password
[2017/09/21 00:36:03.321344, 3] ../source3/librpc/crypto/gse_krb5.c:587(gse_krb5_get_server_keytab)
../source3/librpc/crypto/gse_krb5.c:587: Warning! Unable to set mem keytab from secrets!
[2017/09/21 00:36:03.322377, 3] ../source3/smbd/negprot.c:730(reply_negprot)
Selected protocol SMB 2.???
[2017/09/21 00:36:03.323207, 4] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2017/09/21 00:36:03.323262, 4] ../source3/smbd/sec_ctx.c:217(push_sec_ctx)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2017/09/21 00:36:03.323300, 4] ../source3/smbd/uid.c:491(push_conn_ctx)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2017/09/21 00:36:03.323326, 4] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2017/09/21 00:36:03.325145, 4] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2017/09/21 00:36:03.325187, 3] ../source3/smbd/smb2_negprot.c:290(smbd_smb2_request_process_negprot)
Selected protocol SMB2_10
[2017/09/21 00:36:03.325448, 2] ../source3/librpc/crypto/gse_krb5.c:229(fill_mem_keytab_from_secrets)
../source3/librpc/crypto/gse_krb5.c:229: failed to fetch machine password
[2017/09/21 00:36:03.325466, 3] ../source3/librpc/crypto/gse_krb5.c:587(gse_krb5_get_server_keytab)
../source3/librpc/crypto/gse_krb5.c:587: Warning! Unable to set mem keytab from secrets!
[2017/09/21 00:36:03.327171, 4] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2017/09/21 00:36:03.327477, 4] ../source3/smbd/sec_ctx.c:217(push_sec_ctx)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2017/09/21 00:36:03.327498, 4] ../source3/smbd/uid.c:491(push_conn_ctx)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2017/09/21 00:36:03.327509, 4] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2017/09/21 00:36:03.327562, 4] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2017/09/21 00:36:03.327754, 3] ../auth/ntlmssp/ntlmssp_util.c:69(debug_ntlmssp_flags)
Got NTLMSSP neg_flags=0xe2088297
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_NEGOTIATE_OEM
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_LM_KEY
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
NTLMSSP_NEGOTIATE_VERSION
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP_NEGOTIATE_56
[2017/09/21 00:36:03.327897, 4] ../source3/smbd/sec_ctx.c:217(push_sec_ctx)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2017/09/21 00:36:03.327919, 4] ../source3/smbd/uid.c:491(push_conn_ctx)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2017/09/21 00:36:03.327930, 4] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2017/09/21 00:36:03.327951, 4] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2017/09/21 00:36:03.328313, 4] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2017/09/21 00:36:03.328360, 4] ../source3/smbd/sec_ctx.c:217(push_sec_ctx)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2017/09/21 00:36:03.328376, 4] ../source3/smbd/uid.c:491(push_conn_ctx)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2017/09/21 00:36:03.328387, 4] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2017/09/21 00:36:03.328403, 4] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2017/09/21 00:36:03.328478, 3] ../auth/ntlmssp/ntlmssp_server.c:452(ntlmssp_server_preauth)
Got user=[arkadmin] domain=[QA] workstation=[NWT-VM-ARK8118] len1=24 len2=350
[2017/09/21 00:36:03.328573, 3] ../source3/param/loadparm.c:3823(lp_load_ex)
lp_load_ex: refreshing parameters
[2017/09/21 00:36:03.328664, 3] ../source3/param/loadparm.c:542(init_globals)
Initialising global parameters
[2017/09/21 00:36:03.328773, 3] ../source3/param/loadparm.c:2752(lp_do_section)
Processing section "[global]"
doing parameter netbios name = ARK-CENTOS-SMB4
doing parameter security = ADS
doing parameter workgroup = QA.ARKIVIO.COM
doing parameter kerberos method = secrets and keytab
doing parameter realm = QA.ARKIVIO.COM
doing parameter log file = /var/log/samba/%m.log
doing parameter log level = 4
doing parameter local master = no
doing parameter domain master = no
doing parameter server string = Samba Server Version %v
doing parameter max log size = 5000
doing parameter load printers = No
doing parameter wins support = no
doing parameter wins proxy = no
doing parameter dns proxy = yes
doing parameter name resolve order = host lmhosts wins bcast
[2017/09/21 00:36:03.328953, 2] ../source3/param/loadparm.c:2769(lp_do_section)
Processing section "[arkc1]"
doing parameter comment = centos samba4 share1
doing parameter path = /rocket/cifs/cifs1
doing parameter writable = yes
doing parameter guest ok = yes
doing parameter valid users = administrator at qa.arkivio.com,auto-stor at qa.arkivio.com,arkadmin at qa.arkivio.com,@"Domain Admins at qa.arkivio.com",@"AutostorAdmins at qa.arkivio.com","QA.ARKIVIO.COM\AutostorAdmins",arkadmin at QA.ARKIVIO.COM
doing parameter admin users = administrator at qa.arkivio.com,auto-stor at qa.arkivio.com,arkadmin at qa.arkivio.com,@"Domain Admins at qa.arkivio.com",@"AutostorAdmins at qa.arkivio.com",arkadmin at QA.ARKIVIO.COM,QA\arkadmin,QA.ARKIVIO.COM\arkadmin
[2017/09/21 00:36:03.329055, 2] ../source3/param/loadparm.c:2769(lp_do_section)
Processing section "[arkc2]"
doing parameter comment = centos samba4 share2
doing parameter path = /rocket/cifs/cifs2
doing parameter writable = yes
doing parameter admin users = administrator at qa.arkivio.com,auto-stor at qa.arkivio.com,arkadmin at qa.arkivio.com,@"Domain Admins at qa.arkivio.com",@"AutostorAdmins at qa.arkivio.com",arkadmin at QA.ARKIVIO.COM,QA\arkadmin,QA.ARKIVIO.COM\arkadmin
doing parameter valid users = administrator at qa.arkivio.com,auto-stor at qa.arkivio.com,arkadmin at qa.arkivio.com,@"Domain Admins at qa.arkivio.com",@"AutostorAdmins at qa.arkivio.com","QA.ARKIVIO.COM\AutostorAdmins",arkadmin at QA.ARKIVIO.COM,QA\arkadmin,QA.ARKIVIO.COM\arkadmin
[2017/09/21 00:36:03.329149, 4] ../source3/param/loadparm.c:3864(lp_load_ex)
pm_process() returned Yes
[2017/09/21 00:36:03.329186, 3] ../source3/param/loadparm.c:1592(lp_add_ipc)
adding IPC service
[2017/09/21 00:36:03.329981, 4] ../source3/libsmb/namequery_dc.c:77(ads_dc_name)
ads_dc_name: domain=QA.ARKIVIO.COM
[2017/09/21 00:36:03.331294, 3] ../source3/libsmb/namequery.c:3160(get_dc_list)
get_dc_list: preferred server list: ", *"
[2017/09/21 00:36:03.332043, 4] ../lib/addns/dnsquery.c:435(ads_dns_lookup_srv)
ads_dns_lookup_srv: 2 records returned in the answer section.
[2017/09/21 00:36:03.333572, 4] ../source3/libsmb/namequery.c:3305(get_dc_list)
get_dc_list: returning 3 ip addresses in an ordered list
[2017/09/21 00:36:03.333594, 4] ../source3/libsmb/namequery.c:3306(get_dc_list)
get_dc_list: 192.168.32.231:389 192.168.32.230:389 2001:21:21:32:743e:17d2:61a4:fdb8:389
[2017/09/21 00:36:03.334552, 3] ../source3/libads/ldap.c:618(ads_connect)
Successfully contacted LDAP server 192.168.32.231
[2017/09/21 00:36:03.334622, 3] ../source3/libsmb/namequery.c:3160(get_dc_list)
get_dc_list: preferred server list: ", *"
[2017/09/21 00:36:03.334961, 4] ../lib/addns/dnsquery.c:435(ads_dns_lookup_srv)
ads_dns_lookup_srv: 2 records returned in the answer section.
[2017/09/21 00:36:03.335007, 4] ../source3/libsmb/namequery.c:3305(get_dc_list)
get_dc_list: returning 3 ip addresses in an ordered list
[2017/09/21 00:36:03.335023, 4] ../source3/libsmb/namequery.c:3306(get_dc_list)
get_dc_list: 192.168.32.230:88 192.168.32.231:88 2001:21:21:32:743e:17d2:61a4:fdb8:88
[2017/09/21 00:36:03.335042, 3] ../source3/libsmb/namequery.c:3160(get_dc_list)
get_dc_list: preferred server list: ", *"
[2017/09/21 00:36:03.335419, 4] ../lib/addns/dnsquery.c:435(ads_dns_lookup_srv)
ads_dns_lookup_srv: 2 records returned in the answer section.
[2017/09/21 00:36:03.335463, 4] ../source3/libsmb/namequery.c:3305(get_dc_list)
get_dc_list: returning 3 ip addresses in an ordered list
[2017/09/21 00:36:03.335478, 4] ../source3/libsmb/namequery.c:3306(get_dc_list)
get_dc_list: 192.168.32.230:88 192.168.32.231:88 2001:21:21:32:743e:17d2:61a4:fdb8:88
[2017/09/21 00:36:03.336391, 4] ../source3/libsmb/namequery_dc.c:151(ads_dc_name)
ads_dc_name: using server='ARK-QA-DC2.QA.ARKIVIO.COM' IP=192.168.32.231
[2017/09/21 00:36:03.336496, 3] ../source3/lib/util_sock.c:515(open_socket_out_send)
Connecting to 192.168.32.231 at port 445
[2017/09/21 00:36:03.337733, 3] ../source3/libsmb/cliconnect.c:271(cli_session_creds_prepare_krb5)
got OID=1.3.6.1.4.1.311.2.2.30
got OID=1.2.840.48018.1.2.2
[2017/09/21 00:36:03.338945, 3] ../auth/ntlmssp/ntlmssp_client.c:270(ntlmssp_client_challenge)
Got challenge flags:
[2017/09/21 00:36:03.338973, 3] ../auth/ntlmssp/ntlmssp_util.c:69(debug_ntlmssp_flags)
Got NTLMSSP neg_flags=0x62898215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_TARGET_TYPE_DOMAIN
NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
NTLMSSP_NEGOTIATE_TARGET_INFO
NTLMSSP_NEGOTIATE_VERSION
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
[2017/09/21 00:36:03.339060, 3] ../auth/ntlmssp/ntlmssp_client.c:726(ntlmssp_client_challenge)
NTLMSSP: Set final flags:
[2017/09/21 00:36:03.339076, 3] ../auth/ntlmssp/ntlmssp_util.c:69(debug_ntlmssp_flags)
Got NTLMSSP neg_flags=0x62008a15
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_ANONYMOUS
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_VERSION
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
[2017/09/21 00:36:03.339112, 3] ../auth/ntlmssp/ntlmssp_sign.c:509(ntlmssp_sign_reset)
NTLMSSP Sign/Seal - Initialising with flags:
[2017/09/21 00:36:03.339123, 3] ../auth/ntlmssp/ntlmssp_util.c:69(debug_ntlmssp_flags)
Got NTLMSSP neg_flags=0x62008a15
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_ANONYMOUS
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_VERSION
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
[2017/09/21 00:36:03.339972, 3] ../auth/ntlmssp/ntlmssp_sign.c:509(ntlmssp_sign_reset)
NTLMSSP Sign/Seal - Initialising with flags:
[2017/09/21 00:36:03.340000, 3] ../auth/ntlmssp/ntlmssp_util.c:69(debug_ntlmssp_flags)
Got NTLMSSP neg_flags=0x62008a15
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_ANONYMOUS
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_VERSION
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
[2017/09/21 00:36:03.344582, 3] ../source3/auth/auth.c:178(auth_check_ntlm_password)
check_ntlm_password: Checking password for unmapped user [QA]\[arkadmin]@[NWT-VM-ARK8118] with the new password interface
[2017/09/21 00:36:03.344615, 3] ../source3/auth/auth.c:181(auth_check_ntlm_password)
check_ntlm_password: mapped user is: [ARK-CENTOS-SMB4]\[arkadmin]@[NWT-VM-ARK8118]
[2017/09/21 00:36:03.344650, 4] ../source3/smbd/sec_ctx.c:217(push_sec_ctx)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2017/09/21 00:36:03.344698, 4] ../source3/smbd/uid.c:491(push_conn_ctx)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2017/09/21 00:36:03.344714, 4] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2017/09/21 00:36:03.344768, 4] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2017/09/21 00:36:03.344785, 3] ../source3/auth/check_samsec.c:399(check_sam_security)
check_sam_security: Couldn't find user 'arkadmin' in passdb.
[2017/09/21 00:36:03.344808, 3] ../source3/auth/auth_winbind.c:60(check_winbind_security)
check_winbind_security: Not using winbind, requested domain [ARK-CENTOS-SMB4] was for this SAM.
[2017/09/21 00:36:03.344835, 2] ../source3/auth/auth.c:315(auth_check_ntlm_password)
check_ntlm_password: Authentication for user [arkadmin] -> [arkadmin] FAILED with error NT_STATUS_NO_SUCH_USER
[2017/09/21 00:36:03.344858, 2] ../auth/gensec/spnego.c:768(gensec_spnego_server_negTokenTarg)
SPNEGO login failed: NT_STATUS_NO_SUCH_USER
[2017/09/21 00:36:03.344879, 4] ../source3/smbd/sec_ctx.c:217(push_sec_ctx)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2017/09/21 00:36:03.344891, 4] ../source3/smbd/uid.c:491(push_conn_ctx)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2017/09/21 00:36:03.344901, 4] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2017/09/21 00:36:03.344919, 4] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2017/09/21 00:36:03.344949, 3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_LOGON_FAILURE] || at ../source3/smbd/smb2_sesssetup.c:134
[2017/09/21 00:36:03.345308, 4] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2017/09/21 00:36:03.345337, 4] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2017/09/21 00:36:03.345351, 4] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2017/09/21 00:36:03.345365, 4] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2017/09/21 00:36:03.345535, 3] ../source3/smbd/server_exit.c:246(exit_server_common)
Server exit (NT_STATUS_CONNECTION_RESET)
here is my smb.conf content
#working since 2017-8-1 with sssd?+ad
[global]
netbios name = ARK-CENTOS-SMB4
security = ADS
#workgroup = QA
workgroup = QA.ARKIVIO.COM
kerberos method = secrets and keytab
realm = QA.ARKIVIO.COM
log file = /var/log/samba/%m.log
log level = 4
#password server = *
#passdb backend = tdbsam
#template shell = /bin/bash
#template homedir = /home/%u
#winbind separator = +
local master = no
domain master = no
#auth methods = guest sam_ignoredomain winbind
#guest ok = no
server string = Samba Server Version %v
max log size = 5000
load printers = No
#idmap config * : backend = tdb
#preferred master = no
wins support = no
wins proxy = no
dns proxy = yes
#name resolve order = wins bcast host lmhosts
name resolve order = host lmhosts wins bcast
# Winbind idmap RID settings
# winbind use default domain = yes
# allow trusted domains = yes
# winbind enum users = yes
# winbind enum groups = yes
# winbind nested groups = yes
# idmap config QA : backend = rid
# idmap config QA : default = yes
# idmap config QA : range = 100-33554431
# idmap config * : range = 33554432-67108862
# idmap config * : backend = tdb
# printing = bsd
# load printers = no
# disable spoolss = yes
# printcap name = /dev/null
# log level = 10
# log file = /var/log/samba/samba.log.%m
# max log size = 5000
# debug timestamp = yes
# oplocks = 1
# unix extensions = yes
# clustering = 0
# smb ports = 445, 139
# mangled names = yes
# default case = lower
# case sensitive = auto
# preserve case = yes
# short preserve case = yes
# bind interfaces only = yes
# interfaces = lo bond0:2 eth0:1 eth0:2 eth2 eth3
# dos filetimes = 1
# create mask = 777
# admin users = administrator
[arkc1]
comment = centos samba4 share1
path = /rocket/cifs/cifs1
#public = no
#read only = no
writable = yes
#guest ok = yes
#inherit permissions = 1
#inherit acls = 1
#map acl inherit = 1
#vfs objects = acl_xattr
#acl_xattr:ignore system acls = 1
#valid users = @"autostoradmins at qa.arkivio.com"
#valid users = administrator,auto-stor,arkadmin,Domain Admins,autostoradmins
valid users = administrator at qa.arkivio.com,auto-stor at qa.arkivio.com,arkadmin at qa.arkivio.com,@"Domain Admins at qa.arkivio.com",@"AutostorAdmins at qa.arkivio.com","QA.ARKIVIO.COM\AutostorAdmins",arkadmin at QA.ARKIVIO.COM
#admin users = administrator,auto-stor,arkadmin,Domain Admins,autostoradmins,QA\arkadmin,QA.ARKIVIO.COM\arkadmin
admin users = administrator at qa.arkivio.com,auto-stor at qa.arkivio.com,arkadmin at qa.arkivio.com,@"Domain Admins at qa.arkivio.com",@"AutostorAdmins at qa.arkivio.com",arkadmin at QA.ARKIVIO.COM,QA\arkadmin,QA.ARKIVIO.COM\arkadmin
[arkc2]
comment = centos samba4 share2
path = /rocket/cifs/cifs2
#public = no
#read only = no
writable = yes
#guest ok = no
#vfs objects = acl_xattr
#acl_xattr:ignore system acls = yes
admin users = administrator at qa.arkivio.com,auto-stor at qa.arkivio.com,arkadmin at qa.arkivio.com,@"Domain Admins at qa.arkivio.com",@"AutostorAdmins at qa.arkivio.com",arkadmin at QA.ARKIVIO.COM,QA\arkadmin,QA.ARKIVIO.COM\arkadmin
valid users = administrator at qa.arkivio.com,auto-stor at qa.arkivio.com,arkadmin at qa.arkivio.com,@"Domain Admins at qa.arkivio.com",@"AutostorAdmins at qa.arkivio.com","QA.ARKIVIO.COM\AutostorAdmins",arkadmin at QA.ARKIVIO.COM,QA\arkadmin,QA.ARKIVIO.COM\arkadmin
please give some advice,thanks
More information about the samba
mailing list