[Samba] more cleanup: mis-named AD user

Stefan G. Weichinger lists at xunil.at
Tue Aug 6 09:37:25 UTC 2019


Am 05.08.19 um 16:00 schrieb L.P.H. van Belle via samba:
> Uhm, i suggest, first more info is needed. 
> 
> OS?
> AD-DC or member server. ( or both checked ? ) 
> Samba version and smb.conf 

DM, Debian 9.9, Samba version 4.9.11-Debian

root at pre01svdeb01:~# cat /etc/samba/smb.conf
# This file is managed remotely, all changes will be lost

[global]
workgroup = BUERO
realm = mydomain.AT
netbios name = SERVER

security = ADS
map to guest = Bad User
username map = /etc/samba/smbusers

dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
winbind refresh tickets = yes

#winbind enum users = Yes
#winbind enum groups = Yes
winbind use default domain = yes

winbind offline logon = yes

# Use settings from AD for login shell and home directory
winbind nss info = template
template shell = /bin/bash
template homedir = /mnt/samba/Daten/%U

# obsolete with 4.8.x
#map untrusted to domain = Yes
#winbind trusted domains only = no

# Default idmap config used for BUILTIN and local accounts/groups
idmap config *:backend = tdb
idmap config *:range = 2000-9999

# idmap config for domain BUERO
idmap config BUERO:backend = rid
idmap config BUERO:range = 10000-99999

load printers = no
printing = bsd
printcap name = /dev/null

# turn off roaming profiles
logon path = ""
logon home = ""

hosts allow = localhost 192.168.16. 172.32.99.

log level = 1
log file = /var/log/samba/%m.log
max log size = 150000

# server min protocol = SMB2
# server max protocol = SMB2

#strict sync = yes
	
# ACLs
	store dos attributes = Yes
	map acl inherit = Yes
	#vfs objects = acl_xattr full_audit
	vfs objects = acl_xattr


.... [shares] below here


OR via

root at pre01svdeb01:~# samba-tool  testparm
Press enter to see a dump of your service definitions

# Global parameters
[global]
	dedicated keytab file = /etc/krb5.keytab
	kerberos method = secrets and keytab
	log file = /var/log/samba/%m.log
	log level = 1
	logon home = ""
	logon path = ""
	map to guest = Bad User
	max log size = 150000
	netbios name = SERVER
	printcap name = /dev/null
	realm = mydomain.AT
	security = ADS
	template homedir = /mnt/samba/Daten/%U
	template shell = /bin/bash
	username map = /etc/samba/smbusers
	winbind nss info = template
	winbind offline logon = Yes
	winbind refresh tickets = Yes
	winbind use default domain = Yes
	workgroup = BUERO
	idmap config buero:range = 10000-99999
	idmap config buero:backend = rid
	idmap config *:range = 2000-9999
	idmap config *:backend = tdb
	hosts allow = localhost 192.168.16. 172.32.99.
	map acl inherit = Yes
	store dos attributes = Yes
	vfs objects = acl_xattr



> Example output where you see this. 
> I guessing its : smbstatus -a


smbstatus -b

As mentioned before, the guy isn't at work right now.

Will provide more info later.


> And the "root/root" you see, isnt that the user Administrator. 
> That for example in backgroup is installing things AND you have setup a roaming profile for Administrator. 
> Then yes, its normal.  ;-) 

no, I don't think that this is the case here.




More information about the samba mailing list