[Samba] security = ads parameter not working in samba 4.9.5
Rowland penny
rpenny at samba.org
Tue Dec 10 11:29:13 UTC 2019
On 10/12/2019 11:10, Sac Isilia wrote:
> Hi Rowland,
>
> Please let me know what else I can try from my side. We are stuck as
> the server cant be joined to domain.
>
Sorry, I thought you had fixed this :-(
You seem to be doing everything correctly, so it should work, but
obviously, it isn't for you.
Can I suggest you use Louis's repo: http://apt.van-belle.nl/
This will get you a more up to date Samba version and may, by itself,
fix your problem.
Try this smb.conf:
[global]
workgroup = SAMDOM
security = ADS
realm = SAMDOM.EXAMPLE.COM
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
winbind use default domain = yes
winbind expand groups = 2
winbind refresh tickets = Yes
idmap config *:backend = tdb
idmap config *:range = 3000-7999
idmap config SAMDOM : backend = rid
idmap config SAMDOM : range = 10000-999999
template shell = /bin/bash
template homedir = /home/%U
# user Administrator workaround, without it you are unable to set
privileges
username map = /etc/samba/user.map
# For ACL support on domain member
vfs objects = acl_xattr
map acl inherit = Yes
store dos attributes = Yes
# disable printing completely
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
# logging
log level = 4
Create /etc/samba/user.map
!root = SAMDOM\Administrator
Replace 'SAMDOM' with your workgroup name and the realm name
'SAMDOM.EXAMPLE.COM' with your realm name (which must be the dns domain
in uppercase)
If this doesn't work, I am running out of ideas, it normally just works.
Rowland
More information about the samba
mailing list