[Samba] SAmba 4.9 and Win XP Clients
Marco Shmerykowsky
marco at sce-engineers.com
Sun Feb 17 15:37:48 UTC 2019
On 2019-02-17 10:17 am, Rowland Penny via samba wrote:
> On Sun, 17 Feb 2019 09:53:56 -0500
> Marco Shmerykowsky <marco at sce-engineers.com> wrote:
>
>> I tried the NTLM setting. No change.
>>
>> When I try to browse the network, I get the following error:
>>
>> "internal is not accessible. You might not have permission to
>> use this network resource. The list of servers for this workgroup
>> is not currently available."
>>
>> Here is the smb.conf from the AD machine.
>>
>> [global]
>> netbios name = MACHINE251
>> realm = INTERNAL.DOMAIN.COM
>> workgroup = INTERNAL
>> dns forwarder = 4.2.2.2
>> server role = active directory domain controller
>> idmap_ldb:use rfc2307 = yes
>>
>> [netlogon]
>> path = /var/lib/samba/sysvol/internal.domain.com/scripts
>> read only = No
>>
>> [sysvol]
>> path = /var/lib/samba/sysvol
>> read only = No
>>
>> [test-share]
>> path=/home/test-share
>> read only = no
>>
>> On 2019-02-17 9:15 am, Rowland Penny via samba wrote:
>> > On Sun, 17 Feb 2019 09:06:21 -0500
>> > Marco J Shmerykowsky PE <marco at sce-engineers.com> wrote:
>> >
>> >> Thanks. Will check.
>> >>
>> >> I should have added that everything was working fine on the old
>> >> winNT style samba domain setup. Its something related to the new
>> >> samba AD setup
>> >
>> > It might be and it probably is something to do with NTLMv1, but I am
>> > still guessing, because you still haven't posted your smb.conf
>> >
>> > Rowland
>
> OK, there doesn't seem to be anything wrong with your DC smb.conf, have
> you set up the libnss-winbind links ?
>
> You said 'but they can't see any of the machines on the network'. This
> is normal, there is no network browsing in a Samba AD domain.
>
> You also said 'I created a stand alone member server', this is a
> contradiction in terms (it is either a standalone server or a Unix
> domain member). You haven't posted the smb.conf for this, can you do
> so.
>
> Rowland
Seems I can map a drive from the command line. (Didn't check that
- it was 2:00am and I was tired with fighting this stuff)
The windows graphical way to map drives isn't working.
I guess no real issue if I can manually map drives.
Server smb.conf file (you helped with this one :) )
It's a domain member.
[global]
workgroup = SCE-INTERNAL
security = ADS
realm = SCE-INTERNAL.SCE-ENGINEERS.COM
server string = Samba 4 Client %h
winbind use default domain = yes
winbind expand groups = 2
winbind refresh tickets = yes
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
## map ids outside of domain to RDB files
idmap config *:backend = tdb
idmap config *:range = 2000-9999
## map ids from the domain
idmap config SCE-INTERNAL : backend = rid
idmap confog SCE-INTERNAL : range = 10000-999999
# uncomment next line to allow loging
# template shell = /bin/bash
template homedir = /home/%U
domain master = no
local master = no
preferred master = no
# user Administrator workaround
username map = /etc/samba/user.map
# For ACL support on domain member
vfs objects = acl_xattr
map acl inherit = yes
store dos attributes = yes
# disable printing completely
# remove these lines to print
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
# logging
# change the number to raise level
log level = 0
# map untrusted to domain = yes
[files]
path = /server/files
read only = no
More information about the samba
mailing list