[Samba] DM 3.6.25 -> 4.x

Stefan G. Weichinger lists at xunil.at
Sat Jun 30 19:02:57 UTC 2018


additional:

the krb5.conf from the former admin, I assume it could or should be 
boiled down:
# cat /etc/krb5.conf
[logging]
default = FILE:/var/log/krb5.log

[libdefaults]
    ticket_lifetime = 24000
    clock_skew = 300
    default_realm = customer.INTRA
    kdc_timesync = 1
    ccache_type = 4
    forwardable = true
    proxiable = true

[realms]
    DOMAIN.LOCAL = {
        kdc = DC1.customer.INTRA:88
        admin_server = DC1.customer.INTRA:464
        default_domain = customer.INTRA
}

[domain_realm]
    .customer.INTRA = customer.INTRA
    customer.INTRA = customer.INTRA

--

[global]
unix charset = iso8859-15

security = ads
realm = customer.INTRA
workgroup = customer

netbios aliases = u1customer
server string = U1customer

winbind cache time = 10
winbind use default domain = yes
template homedir = /mnt/MSA2040/smb/Homes/%D/%U

dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
winbind refresh tickets = Yes

restrict anonymous = 2
domain master = no
local master = no
preferred master = no
invalid users = root bin daemon adm sync shutdown halt mail news \
		uucp
obey pam restrictions = yes

interfaces = 192.168.100.4/24 127.0.0.1
bind interfaces only = Yes

idmap config * : range = 3000-7999
idmap config * : backend = tdb
idmap config customer : range = 10000-20000
idmap config customer : backend = rid

# For ACL support on domain member
vfs objects = acl_xattr full_audit
map acl inherit = Yes
store dos attributes = Yes
nt acl support = No
force unknown acl user = Yes

unix extensions = no
follow symlinks= yes
wide links= yes

load printers = no
printcap name = /dev/null

# exe files

acl allow execute always = True

# Audit settings
full_audit:prefix = %u|%I|%S
full_audit:failure = connect
full_audit:success = mkdir rmdir write pwrite rename unlink \
		     chmod fchmod chown fchown ftruncate
full_audit:facility = local5
full_audit:priority = notice



More information about the samba mailing list