[Samba] Random disconnects from Samba server

Rowland Penny rpenny at samba.org
Fri Mar 16 21:15:32 UTC 2018 

On Fri, 16 Mar 2018 20:24:47 +0000
"Hirayama, Pat" <phirayam at fredhutch.org> wrote:

> In the past I've used winbind -- though, I've had issues where it
> just stops working until the service is restarted again.  Was hoping
> to get away from that, hence trying sssd and ldap with Kerberos.  
> 

This sometimes happened in the early days of Samba 4, but it isn't a
problem now.

Try this smb.conf, I have removed all the default settings, but you
will need to uncomment one of the 'idmap conf DOMAIN' blocks, see the
inline comments.

[global]

security = ADS
workgroup = XXXXX
realm = XXXXX.ORG
server role = member server
server string = %h server (Samba)
log level = 2
max log size = 1000

server min protocol = SMB2_10

ntlm auth = no

idmap config * : backend = tdb
idmap config * : range = 3000-4999

restrict anonymous = 2
# You seem to like living dangerously
# Do you really need the wide links ?
unix extensions = no
wide links = yes
allow insecure wide links = yes

idmap config * : backend = tdb
idmap config * : range = 3000-4999

### As you are using Samba 4.4.4 on your centos 7 machine
### Uncomment one of the following
#
# 'ad' backend
# If uidNumber & gidNumber attributes in AD
# They must be inside 5000-1999999
# winbind nss info = rfc2307
#idmap config XXXXX:backend = ad
#idmap config XXXXX:range = 5000-1999999
#idmap config XXXXX:schema_mode = rfc2307
#
# 'rid' backend
# if NO uidNumber or gidNumber attributes in AD
#idmap config XXXXX:backend = rid
#idmap config XXXXX:range = 5000-1999999
#

load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes

# For ACL support on domain member
vfs objects = acl_xattr
map acl inherit = Yes
store dos attributes = Yes

# These should be in 'shares'
#create mask = 0664
#force create mode = 0664
#directory mask = 2770
#force directory mode = 2770

# You only need one !!
# '[home]' for preference
# '[homes]' doesn't really work with AD 
[home]
        ###comment = %U's Home Directory
        path = /home/%U
        read only = No
        create mask = 0664
        directory mask = 02775
        inherit acls = Yes
        case sensitive = No
        veto files = /.tnatr:*/
        mangled names = No
        wide links = Yes
        follow symlinks = Yes
        dos filemode = Yes

#[homes]
#        comment = %U's Home Directory
#        read only = No
#        create mask = 0664
#        directory mask = 02775
#        inherit acls = Yes
#        case sensitive = No
#        veto files = /.tnatr:*/
#        mangled names = No
#        dos filemode = Yes
#        follow symlinks = Yes
#        wide links = Yes
 
Rowland

More information about the samba mailing list