[Samba] DM 3.6.25 -> 4.x
Stefan G. Weichinger
lists at xunil.at
Sat Jun 30 19:02:57 UTC 2018
additional:
the krb5.conf from the former admin, I assume it could or should be
boiled down:
# cat /etc/krb5.conf
[logging]
default = FILE:/var/log/krb5.log
[libdefaults]
ticket_lifetime = 24000
clock_skew = 300
default_realm = customer.INTRA
kdc_timesync = 1
ccache_type = 4
forwardable = true
proxiable = true
[realms]
DOMAIN.LOCAL = {
kdc = DC1.customer.INTRA:88
admin_server = DC1.customer.INTRA:464
default_domain = customer.INTRA
}
[domain_realm]
.customer.INTRA = customer.INTRA
customer.INTRA = customer.INTRA
--
[global]
unix charset = iso8859-15
security = ads
realm = customer.INTRA
workgroup = customer
netbios aliases = u1customer
server string = U1customer
winbind cache time = 10
winbind use default domain = yes
template homedir = /mnt/MSA2040/smb/Homes/%D/%U
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
winbind refresh tickets = Yes
restrict anonymous = 2
domain master = no
local master = no
preferred master = no
invalid users = root bin daemon adm sync shutdown halt mail news \
uucp
obey pam restrictions = yes
interfaces = 192.168.100.4/24 127.0.0.1
bind interfaces only = Yes
idmap config * : range = 3000-7999
idmap config * : backend = tdb
idmap config customer : range = 10000-20000
idmap config customer : backend = rid
# For ACL support on domain member
vfs objects = acl_xattr full_audit
map acl inherit = Yes
store dos attributes = Yes
nt acl support = No
force unknown acl user = Yes
unix extensions = no
follow symlinks= yes
wide links= yes
load printers = no
printcap name = /dev/null
# exe files
acl allow execute always = True
# Audit settings
full_audit:prefix = %u|%I|%S
full_audit:failure = connect
full_audit:success = mkdir rmdir write pwrite rename unlink \
chmod fchmod chown fchown ftruncate
full_audit:facility = local5
full_audit:priority = notice
More information about the samba
mailing list