[Samba] Developed an issue with Samba File Server integrated with Samba-AD
Anantha Raghava
raghav at exzatechconsulting.com
Sat Jun 30 09:21:48 UTC 2018
Hi,
We have been using Samba File Server (Version 4.3.11 Ubuntu 14.04 LTS)
for quite sometime now. We recently installed Samba-AD (Samba AD Version
4.7.6) and made the file server a member of the Domain. Everything was
fine till around 11:15 am yesterday. We just added one more share folder
and gave access to three users and restarted Samba File Server services
- smbd, nmbd and winbindd - services and we lost the file server. None
of the domain user is able to login to file server and access their
shares. If we access the shares from a non-domain member PC, shares are
accessible.
File server when accessed asks for user name & password. Once the user
feeds his credentials, the login fails and again the file server will
ask for user credentials. This is really surprising.
We enabled log level 3 on both samba servers (File & AD Server) and we
see nothing with respect to this error.
Our smb.conf (samba file server) and Samba-AD (AD-smb.conf) are attached.
I am aware that Samba file server is very old and it's time to upgrade.
However, getting it back live is now critical for us.
Look forward for any guidance.
Thanks & Regards,
Anantha Raghava
Do not print this e-mail unless required. Save Paper & trees.
-------------- next part --------------
# Global parameters
[global]
netbios name = PDC
realm = XXXX.COM
server role = active directory domain controller
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate
workgroup = XXXX
idmap_ldb:use rfc2307 = yes
ldap server require strong auth = No
# Logs and events
eventlog list = Security
log level = 3
log file = /var/log/samba/dc1.%T.log
max log size = 1000000
[netlogon]
path = /usr/local/samba/var/locks/sysvol/exza.com/scripts
read only = No
[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = No
-------------- next part --------------
[gdlobal]
workgroup = CSAEROTHERM
server string = Samba Server Version %v
security = ads
realm = CSAEROTHERM.COM
# socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=131072 SO_SNDBUF=131072
use sendfile = true
idmap config * : backend = tdb
idmap config * : range = 100000-299999
idmap config CSAEROTHERM : schema_mode = rfc2307
idmap config CSAEROTHERM : backend = rid
idmap config CSAEROTHERM : range = 10000-99999
winbind separator = +
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
winbind refresh tickets = yes
restrict anonymous = 2
log file = /var/log/samba/log.%m
max log size = 50
logon script = Set-ADPicture.vbs
## min protocol = SMB2
## Share definitions
[homes]
comment = Home Directories
path = /home/%U
read only = No
inherit permissions = Yes
browseable = No
veto files ="/*.mp3/*.mov/*.jpeg/*.png/*.mp4/*.jfif/*.ppm/*.pgm/*.tiff/*.bmp/*.dwg/"
vfs objects = recycle
recycle:repository = /home/.recycle/%U
recycle:keeptree = Yes
recycle:touch = Yes
recycle:versions = Yes
recycle:maxsixe = 0
recycle:exclude = *.tmp
[Share]
read list = %U, administrator,suresh
path = /storage/CSfiles/pubshare
write list = %U,administrator,suresh
recycle:touch = Yes
recycle:maxsixe = 0
recycle:repository = /storage/CSfiles/pubshare/.recycle/%U
comment = Public Share
vfs objects = recycle
browseable = No
recycle:exclude = *.tmp
directory mask = 0700
inherit permissions = Yes
# revalidate = yes
veto files = "/*.mp3/*.mov/*.dwg/*.dwx/*.mpg/"
recycle:keeptree = Yes
user = administrator,%U,suresh
public = yes
recycle:versions = Yes
[cscloudvendor]
read list = %U, administrator, pranavjairam
path = /storage/CSfiles/cscloud/vendor
valid users = %U, pranavjairam, administrator
write list = %U,administrator
recycle:touch = Yes
recycle:maxsixe = 0
recycle:repository = /storage/CSfiles/cscloud/vendor/.recycle/%U
usershare allow guests = yes
comment = cscloud vendor drawing Share
vfs objects = recycle
browseable = Yes
recycle:exclude = *.tmp
directory mask = 0700
#inherit permissions = Yes
# revalidate = yes
veto files = "/*.mp3/*.mov/*.dwg/*.dwx/*.mpg/"
recycle:keeptree = Yes
user = administrator,%U, pranavjairam
public = yes
recycle:versions = Yes
[cscloudvideo]
read list = %U, administrator
path = /storage/CSfiles/cscloud/video
write list = %U,administrator
recycle:touch = Yes
recycle:maxsixe = 0
recycle:repository = /storage/CSfiles/cscloud/video/.recycle/%U
comment = Cscloud videos Share
vfs objects = recycle
browseable = No
recycle:exclude = *.tmp
directory mask = 0700
inherit permissions = Yes
# revalidate = yes
veto files = "/*.mp3/*.mov/*.dwg/*.dwx/*.mpg/"
recycle:keeptree = Yes
user = administrator,%U
public = yes
recycle:versions = Yes
[profiles]
recycle:keeptree = Yes
path = /storage/profiles`
recycle:touch = Yes
directory mask = 0700
recycle:versions = Yes
browsable = No
vfs objects = recycle
comment = User profiles
profile acls = Yes
hide files = /desktop.ini/ntuser.ini/NTUSER.*/
veto files = /*.mp3/*.avi/*.mov/"
write list =
recycle:repository = /storage/profiles/.recycle/%U
users =
recycle:exclude = *.tmp
store dos attributes = Yes
writable = yes
read list =
create mask = 0600
recycle:maxsixe = 0
[netlogon]
recycle:keeptree = Yes
path = /var/lib/netlogon
recycle:touch = Yes
directory mask = 0700
recycle:versions = Yes
browsable = No
vfs objects = recycle
comment = netlogon
profile acls = Yes
hide files = /desktop.ini/ntuser.ini/NTUSER.*/
veto files = /*.mp3/*.avi/*.mov/"
write list =
recycle:repository = /var/lib/netlogon/.recycle/%U
users =
recycle:exclude = *.tmp
store dos attributes = Yes
writable = yes
read list =
create mask = 0600
recycle:maxsixe = 0
[Design]
recycle:maxsixe = 0
read list = suresh,manjunathsingh,senthil,roopesh,arjunsagar,prabhu
inherit acls = Yes
recycle:exclude = *.tmp
inherit permissions = Yes
valid users = administrator,suresh,manjunathsingh,senthil,roopesh,arjunsagar,prabhu
recycle:repository = /storage/CSfiles/Design/.recycle/%U
write list = pranavjairam,manjunathsingh,arjunsagar,prabhu
veto files = /*.mp3/*.avi/*.mov/"
public = yes
comment = Design Documents
vfs objects = recycle
recycle:versions = Yes
recycle:touch = Yes
browseable = no
path = /storage/CSfiles/Design
recycle:keeptree = Yes
writeable = yes
[test123]
comment = test123
path = /home/
inherit acls = Yes
inherit permissions = Yes
valid users = harikumar
read list = harikumar
write list = harikumar
veto files = /*.mp3/*.avi/*.mov/"
public = yes
writeable = yes
browseable = no
[Materials]
recycle:keeptree = Yes
writeable = yes
path = /storage/CSfiles/materials
recycle:versions = Yes
browseable = no
recycle:touch = Yes
comment = Materials
vfs objects = recycle
veto files = /*.mp3/*.avi/*.mov/"
recycle:repository = /storage/CSfiles/materials/.recycle/%U
valid users = suresh,senthil,sangeetha,prakash
write list = suresh,senthil,sangeetha,prakash
inherit permissions = Yes
recycle:exclude = *.tmp
recycle:maxsixe = 0
[Accounts]
public = yes
veto files = /*.mp3/*.avi/*.mov/"
write list = administrator,lokesh,harishkumar,devaraju,shivanagouda,vijaya
valid users = administrator,lokesh,harishkumar,devaraju,shivanagouda,vijaya
recycle:repository = /storage/CSfiles/accounting/.recycle/%U
recycle:exclude = *.tmp
inherit permissions = Yes
inherit acls = Yes
create mask = 0600
read list = administrator,lokesh,harishkumar,devaraju,shivanagouda,vijaya
recycle:maxsixe = 0
recycle:keeptree = Yes
writeable = yes
path = /storage/CSfiles/accounting
recycle:touch = Yes
browseable = no
recycle:versions = Yes
directory mask = 0700
vfs objects = recycle
comment = Accounts
[Software]
recycle:exclude = *.tmp
recycle:maxsixe = 0
read list = administrator,pranavjairam,harikumar,suresh
recycle:repository = /storage/CSfiles/software/.recycle/%U
valid users = administrator,pranavjairam,harikumar,suresh
write list = administrator,pranavjairam,harikumar,suresh
recycle:versions = Yes
recycle:touch = Yes
comment = Software
vfs objects = recycle
writeable = yes
recycle:keeptree = Yes
path = /storage/CSfiles/software
[Production]
path = /storage/CSfiles/production
writeable = yes
recycle:keeptree = Yes
comment = Production
vfs objects = recycle
user = @Production, at Management
recycle:versions = Yes
browseable = no
recycle:touch = Yes
recycle:repository = /storage/CSfiles/production/.recycle/%U
valid users = administrator,senthil,manjunathsingh,manjunathmk,rajeshbabu,prabhu,arjunsagar,karthik,kishor,ganeshbabu,vijayakumar,vinodkolar,basavaraj,harikumar
write list = administrator,manjunathsingh, at Production,prabhu,arjunsagar,karthik,kishor,vijayakumar,vinodkolar,basavaraj,harikumar
veto files = /*.mp3/*.avi/*.mov/"
recycle:maxsixe = 0
read list = administrator,senthil,manjunathsingh,manjunathmk,rajeshbabu, at Production, at Management,prabhu,arjunsagar,karthik,kishor,ganeshbabu,vijayakumar,vinodkolar,basavaraj,harikumar
inherit permissions = Yes
recycle:exclude = *.tmp
[Management]
writeable = yes
recycle:keeptree = Yes
path = /storage/management
recycle:versions = Yes
browseable = no
recycle:touch = Yes
comment = Management
vfs objects = recycle
user = @Management
recycle:repository = /storage/CSfiles/management/.recycle/%U
valid users = administrator
write list = administrator, at Management
inherit permissions = Yes
recycle:exclude = *.tmp
recycle:maxsixe = 0
read list = administrator, at Management
[Marketing]
recycle:maxsixe = 0
comment = Marketing Files
vfs objects = recycle
read list = administrator,kavitha,kokila
recycle:versions = Yes
recycle:touch = Yes
browseable = no
recycle:exclude = *.tmp
valid users = administrator,kavitha,kokila
recycle:repository = /storage/CSfiles/marketing/.recycle/%U
path = /storage/CSfiles/marketing
write list = administrator,kavitha,kokila
veto files = "*.mp3/*.avi/*.mov/"
recycle:keeptree = Yes
[Productoin Bakery Equipment]
recycle:exclude = *.tmp
inherit permissions = Yes
read list = administrator, at Production, at Management, at materials
recycle:maxsixe = 0
veto files = /*.mp3/*.avi/*.mov/"
write list = administrator, at Production, at Management
valid users = administrator
recycle:repository = /storage/production-BE/.recycle/%U
browseable = no
recycle:touch = Yes
recycle:versions = Yes
user = @Production, at Management, at materials
vfs objects = recycle
comment = Production Bakery Equipment
recycle:keeptree = Yes
writeable = yes
path = /production-BE
[QMS]
recycle:maxsixe = 0
read list = administrator,senthil,suresh
inherit permissions = Yes
recycle:exclude = *.tmp
recycle:repository = /storage/qms/.recycle/%U
valid users = administrator,senthil,suresh
write list = administrator,senthil,suresh
veto files = /*.mp3/*.avi/*.mov/"
comment = QMS Files
vfs objects = recycle
recycle:versions = Yes
browseable = no
recycle:touch = Yes
path = /storage/CSfiles/qms
recycle:keeptree = Yes
writeable = yes
[HR]
recycle:maxsixe = 0
read only = No
read list = administrator,vijaya,suresh,rajeshwari,harikumar
inherit acls = Yes
inherit permissions = Yes
recycle:exclude = *.tmp
recycle:repository = /storage/CSfiles/HR/.recycle/%U
valid users = administrator,vijaya,suresh,rajeshwari,harikumar
write list = administrator,vijaya,suresh,rajeshwari,harikumar
veto files = /*.mp3/*.avi/*.mov/"
comment = HR Documents
vfs objects = recycle
recycle:versions = Yes
browseable = no
recycle:touch = Yes
path = /storage/CSfiles/HR/
writeable = yes
recycle:keeptree = Yes
[storagebox]
comment = Entire CSA files
read list = suresh
inherit acls = Yes
inherit permissions = Yes
valid users = suresh
write list = suresh
path = /storage/
veto files = /*.mp3/*.avi/*.mov/
recycle:repository = /storage/.recycle/%U
recycle:maxsixe = 0
recycle:exclude = *.tmp
recycle:keeptree = Yes
recycle:versions = Yes
recycle:touch = Yes
[revent]
valid users = administrator,prabhu,pranavjairam,roopesh,vinodkolar
recycle:repository = /storage/CSfiles/revent/.recycle/%U
write list = administrator,pranavjairam, at management,prabhu,roopesh,vinodkolar
public = yes
recycle:maxsixe = 0
read list = administrator,pranavjairam,prabhu, at management,roopesh,vinodkolar
inherit acls = Yes
recycle:exclude = *.tmp
inherit permissions = Yes
path = /storage/CSfiles/revent
recycle:keeptree = Yes
writeable = yes
comment = revent
vfs objects = recycle
user = @management
recycle:versions = Yes
recycle:touch = Yes
browseable = no
# only user = Yes
[csvideo]
write list = administrator,pranavjairam,manjunathsingh,suresh,harikumar,harsha,ram, at management
valid users = administrator,suresh,%U
recycle:repository = /storage/CSfiles/csaplvideos/.recycle/%U
public = yes
read list = administrator,%U,satheeshkumar, at management
recycle:maxsixe = 0
recycle:exclude = *.tmp
inherit permissions = Yes
inherit acls = Yes
path = /storage/CSfiles/csaplvideos
writeable = yes
recycle:keeptree = Yes
user = @management
vfs objects = recycle
comment = csaplvideo
recycle:touch = Yes
recycle:versions = Yes
[ABL]
read list = administrator,pranavjairam,manjunathsingh, at management,prabhu,arjunsagar,vijayakumar
recycle:maxsixe = 0
recycle:exclude = *.tmp
inherit permissions = Yes
inherit acls = Yes
write list = administrator,pranavjairam,manjunathsingh, at management,prabhu,arjunsagar,vijayakumar
valid users = administrator,pranavjairam,manjunathsingh,prabhu,arjunsagar,vijayakumar
recycle:repository = /storage/CSfiles/ABL/.recycle/%U
public = yes
veto files = /*.mp3/*.avi/*.mov/"
user = @management
vfs objects = recycle
comment = Automatic Bread Line Project
recycle:touch = Yes
browseable = no
recycle:versions = Yes
path = /storage/CSfiles/ABL
writeable = yes
recycle:keeptree = Yes
[automation]
path = /storage/CSfiles/automation
writeable = yes
recycle:keeptree = Yes
comment = Automation - PLC
vfs objects = recycle
recycle:versions = Yes
browseable = no
recycle:touch = Yes
recycle:repository = /storage/CSfiles/automation/.recycle/%U
valid users = pranavjairam,amir,electrical,anilm,yogeshkumar
write list = pranavjairam,amir,anilm,yogeshkumar
veto files = /*.mp3/*.avi/*.mov/"
public = yes
recycle:maxsixe = 0
read list = pranavjairam,amir,electrical,anilm,yogeshkumar
inherit acls = Yes
inherit permissions = Yes
recycle:exclude = *.tmp
[inventory]
path = /storage/CSfiles/Inventory
writeable = yes
recycle:keeptree = Yes
comment = Automation - PLC
vfs objects = recycle
recycle:versions = Yes
browseable = no
recycle:touch = Yes
recycle:repository = /storage/CSfiles/Inventory/.recycle/%U
valid users = pranavjairam,suresh,harikumar
write list = pranavjairam,suresh,harikumar
veto files = /*.mp3/*.avi/*.mov/"
public = yes
recycle:maxsixe = 0
read list = suresh,pranavjairam,harikumar
inherit acls = Yes
inherit permissions = Yes
recycle:exclude = *.tmp
[rackoven]
veto files = /*.mp3/*.avi/*.mov/"
public = yes
recycle:repository = /storage/CSfiles/Design/.recycle/%U
valid users = roopesh
write list = maheshbabu,prabath
inherit acls = Yes
inherit permissions = Yes
recycle:exclude = *.tmp
recycle:maxsixe = 0
read list = roopesh
recycle:keeptree = Yes
writeable = yes
path = /storage/CSfiles/Design/Rackovens-oct2010
recycle:versions = Yes
recycle:touch = Yes
comment = Rack Ovens
vfs objects = recycle
[rack1]
recycle:maxsixe = 0
read list = rajeshbabu,arjunsagar,prabhu,vijayasullad,vinodkolar,basavaraj
inherit acls = Yes
recycle:exclude = *.tmp
inherit permissions = Yes
valid users = roopesh,rajeshbabu,arjunsagar,prabhu,vijayasullad,vinodkolar,basavaraj
recycle:repository = /storage/CSfiles/Design/.recycle/%U
write list = arjunsagar,prabhu,vijayasullad,vinodkolar,basavaraj
veto files = /*.mp3/*.avi/*.mov/"
public = yes
comment = Rack Ovens( New on created by Mr.Mukund)
vfs objects = recycle
recycle:versions = Yes
recycle:touch = Yes
path = /storage/CSfiles/Design/RACK
writeable = yes
recycle:keeptree = Yes
[edshare]
write list = pranavjairam,suresh,manjunathsingh,prabhu,arjunsagar,kishor,basavaraj,vinodkolar,vijayakumar
recycle:repository = /storage/CSfiles/Design/.recycle/%U
valid users = manjunathsingh,pranavjairam,suresh,prabhu,arjunsagar,kishor,basavaraj,vinodkolar,vijayakumar
public = yes
read list = manjunathsingh,pranavjairam,suresh,prabhu,arjunsagar,kishor,basavaraj,vinodkolar,vijayakumar
recycle:maxsixe = 0
inherit permissions = Yes
recycle:exclude = *.txt
inherit acls = Yes
path = /storage/CSfiles/Design/EDShare
writeable = yes
recycle:keeptree = Yes
vfs objects = recycle
comment = Engineering Drwaing for Sharing Design Department
recycle:touch = Yes
recycle:versions = Yes
[B1900]
write list = senthil
recycle:repository = /storage/CSfiles/Design/.recycle/%U
valid users = senthil
public = yes
veto files = /*.mp3/*.avi/*.mov/"
read list = senthil
recycle:maxsixe = 0
inherit permissions = Yes
recycle:exclude = *.tmp
inherit acls = Yes
path = /storage/CSfiles/Design/EDShare/Rack_ovens/India_231211(14.02.2012)/B-1900(New14.02.2012)
recycle:keeptree = Yes
writeable = yes
vfs objects = recycle
comment = Engineering Drwaing for B1900
recycle:touch = Yes
recycle:versions = Yes
[egostol]
comment = Gostol Documents ;
read list = administrator
inherit acls = Yes
inherit permissions = Yes
valid users = administrator
write list = administrator
path = /storage/Design/Gostol Documents ;
veto files = /*.mp3/*.avi/*.mov/" ;
public = yes
writeable = yes
# only user = No
[gostol]
recycle:versions = Yes
recycle:touch = Yes
comment = Gostol Gopan
vfs objects = recycle
writeable = yes
recycle:keeptree = Yes
path = /storage/CSfiles/Gostol
inherit acls = Yes
inherit permissions = Yes
recycle:exclude = *.tmp
recycle:maxsixe = 0
read list = hrjairam
veto files = /*.mp3/*.avi/*.mov/"
public = yes
recycle:repository = /storage/CSfiles/Gostol/.recycle/%U
valid users = hrjairam
write list = hrjairam
[financial]
recycle:versions = Yes
recycle:touch = Yes
comment = Financial Statements
vfs objects = recycle
writeable = yes
recycle:keeptree = Yes
path = /storage/CSfiles/Financial
inherit acls = Yes
recycle:exclude = *.tmp
inherit permissions = Yes
recycle:maxsixe = 0
veto files = /*.mp3/*.avi/*.mov/"
public = yes
valid users = vijaya,hrjairam
recycle:repository = /storage/CSfiles/Financial/.recycle/%U
write list = vijaya,hrjairam
[csinfo]
recycle:maxsixe = 0
inherit permissions = Yes
recycle:exclude = *.tmp
inherit acls = Yes
write list = pranavjairam,hrjairam,vijaya
recycle:repository = /storage/CSfiles/CSAPLInfo/.recycle/%U
valid users = pranavjairam,hrjairam,vijaya
public = yes
veto files = /*.mp3/*.avi/*.mov/"
vfs objects = recycle
comment = CS Aerotherm Pvt. Ltd. Information
recycle:touch = Yes
recycle:versions = Yes
path = /storage/CSfiles/CSAPLInfo
recycle:keeptree = Yes
writeable = yes
[service]
comment = Service Office Files (K.R.Road -- Through VPN)
vfs objects = recycle
recycle:versions = Yes
recycle:touch = Yes
path = /storage/CSfiles/Service
recycle:keeptree = Yes
writeable = yes
recycle:maxsixe = 0
read list = suresh,nirmala,balaji,archana,manjunathmk,devaraju,padminisharma
inherit acls = Yes
recycle:exclude = *.tmp
inherit permissions = Yes
valid users = suresh,nirmala,balaji,archana,manjunathmk,devaraju,padminisharma
recycle:repository = /storage/CSfiles/Service/.recycle/%U
write list = suresh,nirmala,balaji,archana,manjunath,devaraju,padminisharma
veto files = /*.mp3/*.avi/*.mov/"
public = yes
[goinfo]
recycle:keeptree = Yes
writeable = yes
path = /opt/sqlanywhere12/gosoft
recycle:touch = Yes
recycle:versions = Yes
vfs objects = recycle
comment = Gosoft
public = yes
veto files = /*.mp3/*.avi/*.mov/"
write list = pranavjairam,manjunath
recycle:repository = /opt/sqlanywhere12/gosoft/.recycle/%U
valid users = pranavjairam,manjunath
inherit permissions = Yes
recycle:exclude = *.tmp
inherit acls = Yes
read list = pranavjairam,manjunath
recycle:maxsixe = 0
[ISO]
read list = administrator,senthil,suresh,nirmala,manjunathsingh,rajeshbabu,lokesh.vijaya,pranavjairam,harsha,prakash,kokila,roopesh
recycle:maxsixe = 0
inherit permissions = Yes
recycle:exclude = *.tmp
inherit acls = Yes
write list = administrator,senthil,suresh,nirmala,manjunathsingh,rajeshbabu,lokesh.vijaya,pranavjairam,harsha,prakash,kokila,roopesh
recycle:repository = /storage/CSfiles/iso_2015/.recycle/%U
valid users = administrator,senthil,suresh,nirmala,manjunathsingh,rajeshbabu,lokesh.vijaya,pranavjairam,harsha,prakash,kokila,roopesh
public = yes
veto files = /*.mp3/*.avi/*.mov/"
vfs objects = recycle
comment = ISO Files
browseable = no
recycle:touch = Yes
recycle:versions = Yes
path = /storage/CSfiles/ISO_2015/
writeable = yes
recycle:keeptree = Yes
More information about the samba
mailing list