[Samba] more cleanup: mis-named AD user
Stefan G. Weichinger
lists at xunil.at
Tue Aug 6 09:37:25 UTC 2019
Am 05.08.19 um 16:00 schrieb L.P.H. van Belle via samba:
> Uhm, i suggest, first more info is needed.
>
> OS?
> AD-DC or member server. ( or both checked ? )
> Samba version and smb.conf
DM, Debian 9.9, Samba version 4.9.11-Debian
root at pre01svdeb01:~# cat /etc/samba/smb.conf
# This file is managed remotely, all changes will be lost
[global]
workgroup = BUERO
realm = mydomain.AT
netbios name = SERVER
security = ADS
map to guest = Bad User
username map = /etc/samba/smbusers
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
winbind refresh tickets = yes
#winbind enum users = Yes
#winbind enum groups = Yes
winbind use default domain = yes
winbind offline logon = yes
# Use settings from AD for login shell and home directory
winbind nss info = template
template shell = /bin/bash
template homedir = /mnt/samba/Daten/%U
# obsolete with 4.8.x
#map untrusted to domain = Yes
#winbind trusted domains only = no
# Default idmap config used for BUILTIN and local accounts/groups
idmap config *:backend = tdb
idmap config *:range = 2000-9999
# idmap config for domain BUERO
idmap config BUERO:backend = rid
idmap config BUERO:range = 10000-99999
load printers = no
printing = bsd
printcap name = /dev/null
# turn off roaming profiles
logon path = ""
logon home = ""
hosts allow = localhost 192.168.16. 172.32.99.
log level = 1
log file = /var/log/samba/%m.log
max log size = 150000
# server min protocol = SMB2
# server max protocol = SMB2
#strict sync = yes
# ACLs
store dos attributes = Yes
map acl inherit = Yes
#vfs objects = acl_xattr full_audit
vfs objects = acl_xattr
.... [shares] below here
OR via
root at pre01svdeb01:~# samba-tool testparm
Press enter to see a dump of your service definitions
# Global parameters
[global]
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
log file = /var/log/samba/%m.log
log level = 1
logon home = ""
logon path = ""
map to guest = Bad User
max log size = 150000
netbios name = SERVER
printcap name = /dev/null
realm = mydomain.AT
security = ADS
template homedir = /mnt/samba/Daten/%U
template shell = /bin/bash
username map = /etc/samba/smbusers
winbind nss info = template
winbind offline logon = Yes
winbind refresh tickets = Yes
winbind use default domain = Yes
workgroup = BUERO
idmap config buero:range = 10000-99999
idmap config buero:backend = rid
idmap config *:range = 2000-9999
idmap config *:backend = tdb
hosts allow = localhost 192.168.16. 172.32.99.
map acl inherit = Yes
store dos attributes = Yes
vfs objects = acl_xattr
> Example output where you see this.
> I guessing its : smbstatus -a
smbstatus -b
As mentioned before, the guy isn't at work right now.
Will provide more info later.
> And the "root/root" you see, isnt that the user Administrator.
> That for example in backgroup is installing things AND you have setup a roaming profile for Administrator.
> Then yes, its normal. ;-)
no, I don't think that this is the case here.
More information about the samba
mailing list