[Samba] Odd behavior on group membership

Marcio Vogel Merlone dos Santos marcio.merlone at a1.ind.br
Wed Nov 28 12:12:39 UTC 2018 

Hi Rowland, thank you for your prompt reply,

I sent you the testparam output hence lots of defaults (i presumed would 
be better), here is crude smb.conf:

root at araucaria:~# cat /etc/samba/smb.conf
[global]
     netbios name = ARAUCARIA
     realm = AD.TLD
     server role = active directory domain controller
     workgroup = A1
     server services = -dns
     ldap server require strong auth = no
     wins support = yes
     ntlm auth = yes
     log file = /var/log/samba/%m.log
     log level = 1 auth_audit:3 auth_json_audit:3
     idmap_ldb:use rfc2307 = yes
     idmap config * : backend = tdb
     template shell = /bin/bash
     template homedir = /home/usuarios/%U

[netlogon]
     path = /var/lib/samba/sysvol/ad.tld/scripts
     read only = No

[sysvol]
     path = /var/lib/samba/sysvol
     read only = No
root at araucaria:~#



Em 28/11/2018 09:17, Rowland Penny via samba escreveu:
> On Wed, 28 Nov 2018 08:48:07 -0200
> Marcio Vogel Merlone dos Santos via samba <samba at lists.samba.org> wrote:
>
>> Hi Rowland,
>>
>> Those tests were made on DC (araucaria), not a domain member.
>>
>> root at araucaria:~# testparm /etc/samba/smb.conf
>> Load smb config files from /etc/samba/smb.conf
>> rlimit_max: increasing rlimit_max (1024) to minimum Windows limit
>> (16384) Processing section "[netlogon]"
>> Processing section "[sysvol]"
>> Loaded services file OK.
>> Server role: ROLE_ACTIVE_DIRECTORY_DC
>>
>> Press enter to see a dump of your service definitions
>>
>> # Global parameters
>> [global]
>>           passdb backend = samba_dsdb
>>           wins support = Yes
>>           rpc_server:tcpip = no
>>           rpc_daemon:spoolssd = embedded
>>           rpc_server:spoolss = embedded
>>           rpc_server:winreg = embedded
>>           rpc_server:ntsvcs = embedded
>>           rpc_server:eventlog = embedded
>>           rpc_server:srvsvc = embedded
>>           rpc_server:svcctl = embedded
>>           rpc_server:default = external
>>           winbindd:use external pipes = true
>>           idmap config * : backend = tdb
>>           map archive = No
>>           map readonly = no
>>           store dos attributes = Yes
>>           vfs objects = dfs_samba4 acl_xattr
>>
>>
> I would remove the above lines from your smb.conf, most are defaults,
> but some are actually wrong for an AD DC, see 'man smb.conf' for more
> details
>
> Rowland
>
-- 
*Marcio Merlone*
TI - Administrador de redes

*A1 Engenharia - Unidade Corporativa*
Fone: 	+55 41 3616-3797
Cel: 	+55 41 99689-0036

https://a1.ind.br/ <https://a1.ind.br>

More information about the samba mailing list