[Samba] samba 4.8x problem
barış tombul
bbtombul at gmail.com
Tue Feb 19 08:37:43 UTC 2019
Dear all,
We are using samba domain and i upgraded the samba from 4.7.9 to 4.8.9.
With the old version, people in our domain can view and can share the
folders without asking password and the people that out of the domain can
view and shared the folders with
writing \\IP_ADDRESS PROMPT USERNAME: PASSWORD. with the new version,
there is no problem about viewing and sharing folders with the people that
in the domain but the people that are no in the domain
can not view the \\IP_ADRESS screen.
Also, with the 4.8.9 version, when ,people in the domain , right clicked to
the shared folders and choose properties > security, the system throw out.
If i write security = user > security = domain in the smb.conf folder,
there is no problem about the people in the domain but without active
directory people the problem still goes on. You can see my smb.conf text in
the below.
Could you please help me about this problem?
It is very URGENT!!
Kind regards.
[global]
winbind scan trusted domains = Yes
change notify = Yes
kernel change notify = Yes
enumports command = /usr/local/bin/show-ports.sh
ntlm auth = Yes
lanman auth = No
raw NTLMv2 auth = No
client NTLMv2 auth = No
client lanman auth = No
idmap_ldb:use rfc2307 = Yes
algorithmic rid base = 1000
kerberos method = secrets and keytab
dedicated keytab file = /etc/krb5.keytab
winbind max clients = 2000
winbindd:use external pipes = true
winbind cache time = 300
winbind reconnect delay = 30
winbind request timeout = 60
winbind max domain connections = 1
winbindd socket directory = /usr/local/samba/var/run/winbindd
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
winbind nested groups = Yes
winbind expand groups = 10
winbind nss info = rfc2307
winbind refresh tickets = Yes
winbind offline logon = Yes
winbind normalize names = Yes
winbind sealed pipes = Yes
winbind rpc only = Yes
wins proxy = Yes
wins support = Yes
obey pam restrictions = No
ldap server require strong auth = no
server max protocol = SMB3
server min protocol = LANMAN1
server multi channel support = No
client max protocol = default
client min protocol = CORE
restrict anonymous = 0
security = USER
# security = domain
bind interfaces only = Yes
interfaces = lo ens192
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
winbindd, ntp_signd, kcc, dnsupdate
dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr, netlogon,
lsarpc, drsuapi, dssetup, unixinfo, browser, eventlog6, backupkey, remote,
dnsserver
dos charset = CP850
unix charset = UTF-8
workgroup = FACILITY
realm = FACILITY.LOCAL
netbios name = test
### netbios aliases = testx
netbios scope =
server string = Test Samba Server
hosts allow = ALL 127.0.0.1
guest ok = No
server role = active directory domain controller
server role check:inhibit = yes
log level = 2 passdb:2 auth:3 winbind:2
log file = /var/log/samba/log.%m
rndc command = /usr/sbin/rndc
max log size = 0
set primary group script =
logging = file
allow dns updates = nonsecure and secure
dns update command = /usr/local/samba/sbin/samba_dnsupdate
pam password change = Yes
smb ports = 445 139
nbt port = 137
kpasswd port = 464
krb5 port = 88
web port = 901
nbt port = 137
dgram port = 138
cldap port = 389
# socket options = IPTOS_LOWDELAY TCP_NODELAY SO_KEEPALIVE
socket options = IPTOS_LOWDELAY TCP_NODELAY SO_RCVBUF=65536
SO_SNDBUF=65536
domain logons = Yes
os level = 255
preferred master = Yes
local master = Yes
domain master = Yes
load printers = No
use client driver = No
show add printer wizard = Yes
printcap cache time = 0
printcap name = cups
cups encrypt = No
cups connection timeout = 60
disable spoolss = No
min print space = 0
max reported print jobs = 0
max print jobs = 1000
print notify backchannel = No
printing = cups
cups options = raw
default devmode = Yes
force printername = Yes
printjob username = %U
lpq cache time = 30
spoolss: architecture = Windows x64
debug timestamp = Yes
debug prefix timestamp = No
debug hires timestamp = Yes
debug pid = No
debug uid = No
debug class = No
timestamp logs = Yes
require strong key = Yes
allow dcerpc auth level connect = No
client ipc signing = default
client ipc max protocol = default
client ipc min protocol = default
nsupdate command = /usr/bin/nsupdate -g
dns proxy = No
allow trusted domains = Yes
guest account = nobody
map to guest = Bad User
guest only = No
config backend = file
encrypt passwords = Yes
smb passwd file = /usr/local/samba/private/smbpasswd
private dir = /usr/local/samba/private
passdb expand explicit = No
passdb backend = tdbsam
passwd chat debug = No
passwd chat timeout = 2
passwd program = /usr/local/samba/bin/smbpasswd %u
passwd chat = *New*password* %n\n *ReType*new*password*
%n\n*passwd:*all*authentication*tokens*updated*successfully*
password server = test.facility.local
old password allowed period = 120
unix password sync = Yes
client plaintext auth = No
enable core files = Yes
large readwrite = Yes
read raw = Yes
write raw = Yes
disable netbios = No
reset on zero vc = No
log writeable files on exit = No
defer sharing violations = Yes
nt pipe support = Yes
nt status support = Yes
max mux = 50
max xmit = 65535
name resolve order = lmhosts wins host bcast
max ttl = 259200
max wins ttl = 518400
min wins ttl = 21600
min receivefile size = 16384
time server = Yes
time server = No
unix extensions = Yes
smb encrypt = off
server signing = mandatory
client signing = mandatory
client use spnego = Yes
client ldap sasl wrapping = sign
enable asu support = No
rpc big endian = No
dead time = 0
getwd cache = Yes
keepalive = 300
smbd profiling level = off
spotlight = No
max smbd processes = 0
max disk size = 0
max open files = 65535
use mmap = Yes
hostname lookups = No
name cache timeout = 3600
clustering = No
ctdb timeout = 0
ctdb locktime warn threshold = 0
smb2 max read = 8388608
smb2 max write = 8388608
smb2 max trans = 8388608
smb2 max credits = 8192
mangling method = hash2
mangle prefix = 1
max stat cache size = 256
stat cache = Yes
machine password timeout = 604800
username map cache time = 0
username level = 0
init logon delay = 100
lm announce = Auto
lm interval = 60
browse list = Yes
enhanced browsing = Yes
smb2 leases = Yes
lock directory = /usr/local/samba/var/lock
state directory = /usr/local/samba/var/locks
cache directory = /usr/local/samba/var/cache
pid directory = /usr/local/samba/var/run
ntp signd socket directory = /usr/local/samba/var/lib/ntp_signd
utmp = No
nmbd bind explicit broadcast = Yes
homedir map = auto.home
afs token lifetime = 604800
afs share = No
NIS homedir = No
registry shares = No
usershare allow guests = No
usershare max shares = 0
usershare owner only = Yes
usershare path = /usr/local/samba/var/locks/usershares
async smb echo handler = No
template homedir = /home/%D/%U
template shell = /bin/bash
create krb5 conf = Yes
ncalrpc dir = /usr/local/samba/var/run/ncalrpc
neutralize nt4 emulation = No
reject md5 servers = No
reject md5 clients = No
set quota command =
multicast dns register = Yes
samba kcc command = /usr/local/samba/sbin/samba_kcc
spn update command = /usr/local/samba/sbin/samba_spnupdate
share backend = classic
allow nt4 crypto = No
tls enabled = Yes
tls keyfile = tls/key.pem
tls certfile = tls/cert.pem
tls cafile = tls/ca.pem
tls crlfile =
tls dh params file =
tls verify peer = as_strict_as_possible
tls priority = NORMAL:-VERS-SSL3.0
rpc_server:spoolss = external
rpc_daemon:spoolssd = fork
spoolssd:prefork_child_min_life = 60
spoolssd:prefork_max_allowed_clients = 200
spoolssd:prefork_spawn_rate = 5
spoolssd:prefork_max_children = 75
spoolssd:prefork_min_children = 5
acl group control = No
acl map full control = Yes
acl allow execute always = No
force unknown acl user = No
inherit permissions = Yes
inherit acls = Yes
inherit owner = No
map acl inherit = Yes
nt acl support = Yes
administrative share = No
allocation roundup size = 1048576
aio read size = 16384
aio write size = 16384
aio max threads = 100
ea support = No
durable handles = Yes
block size = 1024
directory name cache size = 100
max connections = 0
strict allocate = Yes
strict rename = No
strict sync = No
sync always = No
use sendfile = Yes
write cache size = 0
default case = lower
case sensitive = No
preserve case = Yes
short preserve case = Yes
mangling char = ~
hide dot files = Yes
hide special files = No
hide unreadable = No
hide unwriteable files = No
delete veto files = No
map archive = No
map hidden = No
map system = No
map readonly = No
mangled names = Yes
mangling char = ~
store dos attributes = Yes
dmapi support = No
browseable = Yes
access based share enum = No
blocking locks = Yes
csc policy = manual
lock spin time = 200
oplock break wait time = 0
fake oplocks = No
kernel oplocks = No
kernel share modes = Yes
locking = Yes
oplocks = Yes
level2 oplocks = Yes
posix locking = Yes
strict locking = No
dfree cache time = 0
preexec close = No
root preexec close = No
available = Yes
fstype = NTFS
wide links = No
allow insecure wide links = No
follow symlinks = Yes
delete readonly = No
dos filemode = No
dos filetimes = Yes
dos filetime resolution = No
fake directory create times = No
host msdfs = Yes
msdfs root = No
msdfs shuffle referrals = No
ntvfs handler = unixuid, default
vfs objects = dfs_samba4 acl_xattr
full_audit:prefix = IP=%I|USER=%u|MACHINE=%m|VOLUME=%S
full_audit:failure = connect disconnect
full_audit:success = connect disconnect opendir mkdir rmdir closedir
open close read pread write pwrite sendfile rename unlink chmod fchmod
chown fchown chdir ftruncate lock symlink readlink link mknod
full_audit:facility = local5
full_audit:priority = notice
idmap config * : backend = tdb
idmap config * : range = 1000000-1999999
[homes]
comment = Home Directories
path = /mnt/storage/homes/%U
browseable = No
hide files = /Recycle Bin/
veto files = /*.encrypted/*.ecc/*.ccc/
admin users = "@Domain Admins"
create mask = 0644
force create mode = 0660
force directory mode = 0770
read only = No
valid users = "@Domain Users"
vfs objects = dfs_samba4 full_audit recycle
recycle:repository = .recycle
recycle:minsize = 0
recycle:maxsize = 0
recycle:directory_mode = 0770
recycle:subdir_mode = 0700
recycle:versions = Yes
recycle:keeptree = Yes
recycle:touch = Yes
recycle:touch_mtime = yes
recycle:exclude =
*.tmp|*.temp|*.o|*.obj|~$*|*.??|*.log|*.trace|*.TMP|*.ASV|*.$$$|*.asv
recycle:noversions = *.tmp|*.temp|*.dat|*.ini
recycle:mode = KEEP_DIRECTORIES|VERSION|TOUCH
[profiles]
comment = Network Profiles Share
path = /mnt/storage/profiles
#browseable izni bir defalik kurulum esnasinda permision ayarlari esnasinda
acilir.sonra kapatilir.
browseable = No
create mask = 0644
force create mode = 0660
force directory mode = 0770
read only = No
[netlogon]
comment = Network Netlogon Share
path = /usr/local/samba/var/locks/sysvol/facility.local/scripts
read only = Yes
guest ok = No
# write ok = Yes
browseable = No
[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = No
browseable = No
write ok = Yes
[printers]
comment = All Printers
path = /var/spool/samba
create mask = 0700
browseable = yes
guest ok = no
printable = yes
create mode=0700
write list = administrator "@Domain Admins"
acl_xattr:ignore system acl = yes
[print$]
comment = Printer Drivers
path = /mnt/printer_drivers
invalid users = qwerty
valid users = @"Domain Users"
admin users = @"Domain Admins"
write list = root @"Domain Admins"
writeable = Yes
read only = No
browseable = Yes
guest ok = No
create mask = 0660
create mask = 0644
force create mode = 0660
force directory mode = 0770
directory mask = 0755
acl_xattr:ignore system acl = yes
[share1]
comment = share1
path = /home/share1
hide files = /Recycle Bin/
veto files = /*.encrypted/*.ecc/*.ccc/
admin users = "@Domain Admins"
create mask = 0644
force create mode = 0660
force directory mode = 0770
invalid users = qwerty @share_no
read list = sdsdsd
read only = No
valid users = "@Domain Users"
vfs objects = dfs_samba4 full_audit recycle
recycle:repository = .recycle
recycle:minsize = 0
recycle:maxsize = 0
recycle:directory_mode = 0770
recycle:subdir_mode = 0700
recycle:versions = Yes
recycle:keeptree = Yes
recycle:touch = Yes
recycle:touch_mtime = yes
recycle:exclude =
*.tmp|*.temp|*.o|*.obj|~$*|*.??|*.log|*.trace|*.TMP|*.ASV|*.$$$|*.asv
recycle:noversions = *.tmp|*.temp|*.dat|*.ini
recycle:mode = KEEP_DIRECTORIES|VERSION|TOUCH
More information about the samba
mailing list