[Samba] samba 4.8x problem

barış tombul bbtombul at gmail.com
Tue Feb 19 10:36:48 UTC 2019 

Dear Rowland,

You can see the output of "testparm -v" in the below.

kind regards.
# Global parameters
[global]
abort shutdown script =
add group script =
add machine script =
addport command =
addprinter command =
add share command =
add user script =
add user to group script =
afs token lifetime = 604800
afs username map =
aio max threads = 100
algorithmic rid base = 1000
allow dcerpc auth level connect = No
allow dns updates = nonsecure and secure
allow insecure wide links = No
allow nt4 crypto = No
allow trusted domains = Yes
allow unsafe cluster upgrade = No
apply group policies = No
async smb echo handler = No
auth event notification = No
auto services =
binddns dir = /usr/local/samba/bind-dns
bind interfaces only = Yes
browse list = Yes
cache directory = /usr/local/samba/var/cache
change notify = Yes
change share command =
check password script =
cldap port = 389
client ipc max protocol = default
client ipc min protocol = default
client ipc signing = default
client lanman auth = No
client ldap sasl wrapping = sign
client max protocol = default
client min protocol = CORE
client NTLMv2 auth = No
client plaintext auth = No
client schannel = Yes
client signing = required
client use spnego principal = No
client use spnego = Yes
cluster addresses =
clustering = No
config backend = file
config file =
create krb5 conf = Yes
ctdbd socket =
ctdb locktime warn threshold = 0
ctdb timeout = 0
cups connection timeout = 60
cups encrypt = No
cups server =
dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr, netlogon,
lsarpc, drsuapi, dssetup, unixinfo, browser, eventlog6, backupkey, remote,
dnsserver
deadtime = 0
debug class = No
debug hires timestamp = Yes
debug pid = No
debug prefix timestamp = No
debug uid = No
dedicated keytab file = /etc/krb5.keytab
default service =
defer sharing violations = Yes
delete group script =
deleteprinter command =
delete share command =
delete user from group script =
delete user script =
dgram port = 138
disable netbios = No
disable spoolss = No
dns forwarder =
dns proxy = No
dns update command = /usr/local/samba/sbin/samba_dnsupdate
domain logons = Yes
domain master = Yes
dos charset = CP850
enable asu support = No
enable core files = Yes
enable privileges = Yes
encrypt passwords = Yes
enhanced browsing = Yes
enumports command = /usr/local/bin/show-ports.sh
eventlog list =
get quota command =
getwd cache = Yes
gpo update command = /usr/local/samba/sbin/samba_gpoupdate
guest account = nobody
homedir map = auto.home
host msdfs = Yes
hostname lookups = No
idmap backend = tdb
idmap cache time = 604800
idmap gid =
idmap negative cache time = 120
idmap uid =
include system krb5 conf = Yes
init logon delay = 100
init logon delayed hosts =
interfaces = lo ens192
iprint server =
keepalive = 300
kerberos encryption types = all
kerberos method = secrets and keytab
kernel change notify = Yes
kpasswd port = 464
krb5 port = 88
lanman auth = No
large readwrite = Yes
ldap admin dn =
ldap connection timeout = 2
ldap debug level = 0
ldap debug threshold = 10
ldap delete dn = No
ldap deref = auto
ldap follow referral = Auto
ldap group suffix =
ldap idmap suffix =
ldap machine suffix =
ldap page size = 1000
ldap passwd sync = no
ldap replication sleep = 1000
ldap server require strong auth = No
ldap ssl = start tls
ldap ssl ads = No
ldap suffix =
ldap timeout = 15
ldap user suffix =
lm announce = Auto
lm interval = 60
load printers = No
local master = Yes
lock directory = /usr/local/samba/var/lock
lock spin time = 200
log file = /var/log/samba/log.%m
logging = file
log level = 2
log nt token command =
logon drive =
logon home = \\%N\%U
logon path = \\%N\%U\profile
logon script =
log writeable files on exit = No
lpq cache time = 30
lsa over netlogon = No
machine password timeout = 604800
mangle prefix = 1
mangling method = hash2
map to guest = Bad User
max disk size = 0
max log size = 0
max mux = 50
max open files = 65535
max smbd processes = 0
max stat cache size = 256
max ttl = 259200
max wins ttl = 518400
max xmit = 65535
mdns name = netbios
message command =
min receivefile size = 16384
min wins ttl = 21600
mit kdc command =
multicast dns register = Yes
name cache timeout = 3600
name resolve order = lmhosts wins host bcast
nbt client socket address = 0.0.0.0
nbt port = 137
ncalrpc dir = /usr/local/samba/var/run/ncalrpc
netbios aliases =
netbios name = TEST
netbios scope =
neutralize nt4 emulation = No
NIS homedir = No
nmbd bind explicit broadcast = Yes
nsupdate command = /usr/bin/nsupdate -g
ntlm auth = ntlmv1-permitted
nt pipe support = Yes
ntp signd socket directory = /usr/local/samba/var/lib/ntp_signd
nt status support = Yes
null passwords = No
obey pam restrictions = No
old password allowed period = 120
oplock break wait time = 0
os2 driver map =
os level = 255
pam password change = Yes
panic action =
passdb backend = samba_dsdb
passdb expand explicit = No
passwd chat = *New*password* %n\n *ReType*new*password*
%n\n*passwd:*all*authentication*tokens*updated*successfully*
passwd chat debug = No
passwd chat timeout = 2
passwd program = /usr/local/samba/bin/smbpasswd %u
password hash gpg key ids =
password hash userPassword schemes =
password server = TEST.facility.local
perfcount module =
pid directory = /usr/local/samba/var/run
preferred master = Yes
prefork children = 1
preload modules =
printcap cache time = 0
printcap name = cups
private dir = /usr/local/samba/private
raw NTLMv2 auth = No
read raw = Yes
realm = FACILITY.LOCAL
registry shares = No
reject md5 clients = No
reject md5 servers = No
remote announce =
remote browse sync =
rename user script =
require strong key = Yes
reset on zero vc = No
restrict anonymous = 0
rndc command = /usr/sbin/rndc
root directory =
rpc big endian = No
rpc server dynamic port range = 49152-65535
rpc server port = 0
samba kcc command = /usr/local/samba/sbin/samba_kcc
security = USER
server max protocol = SMB3
server min protocol = LANMAN1
server multi channel support = No
server role = active directory domain controller
server schannel = Yes
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd,
ntp_signd, kcc, dnsupdate
server signing = required
server string = TEST Samba Server
set primary group script =
set quota command =
share backend = classic
show add printer wizard = Yes
shutdown script =
smb2 leases = Yes
smb2 max credits = 8192
smb2 max read = 8388608
smb2 max trans = 8388608
smb2 max write = 8388608
smbd profiling level = off
smb passwd file = /usr/local/samba/private/smbpasswd
smb ports = 445 139
socket options = IPTOS_LOWDELAY TCP_NODELAY SO_RCVBUF=65536 SO_SNDBUF=65536
spn update command = /usr/local/samba/sbin/samba_spnupdate
stat cache = Yes
state directory = /usr/local/samba/var/locks
svcctl list =
syslog = 1
syslog only = No
template homedir = /home/%D/%U
template shell = /bin/bash
time server = No
timestamp logs = Yes
tls cafile = tls/ca.pem
tls certfile = tls/cert.pem
tls crlfile =
tls dh params file =
tls enabled = Yes
tls keyfile = tls/key.pem
tls priority = NORMAL:-VERS-SSL3.0
tls verify peer = as_strict_as_possible
unicode = Yes
unix charset = UTF-8
unix extensions = Yes
unix password sync = Yes
use mmap = Yes
username level = 0
username map =
username map cache time = 0
username map script =
usershare allow guests = No
usershare max shares = 0
usershare owner only = Yes
usershare path = /usr/local/samba/var/locks/usershares
usershare prefix allow list =
usershare prefix deny list =
usershare template share =
utmp = No
utmp directory =
web port = 901
winbind cache time = 300
winbindd socket directory = /usr/local/samba/var/run/winbindd
winbind enum groups = Yes
winbind enum users = Yes
winbind expand groups = 10
winbind max clients = 2000
winbind max domain connections = 1
winbind nested groups = Yes
winbind normalize names = Yes
winbind nss info = rfc2307
winbind offline logon = Yes
winbind reconnect delay = 30
winbind refresh tickets = Yes
winbind request timeout = 60
winbind rpc only = Yes
winbind scan trusted domains = Yes
winbind sealed pipes = Yes
winbind separator = \
winbind use default domain = Yes
wins hook =
wins proxy = Yes
wins server =
wins support = Yes
workgroup = FACILITY
write raw = Yes
wtmp directory =
rpc_server:tcpip = no
rpc_server:winreg = embedded
rpc_server:ntsvcs = embedded
rpc_server:eventlog = embedded
rpc_server:srvsvc = embedded
rpc_server:svcctl = embedded
rpc_server:default = external
idmap config * : range = 1000000-1999999
full_audit:priority = notice
full_audit:facility = local5
full_audit:success = connect disconnect opendir mkdir rmdir closedir open
close read pread write pwrite sendfile rename unlink chmod fchmod chown
fchown chdir ftruncate lock symlink readlink link mknod
full_audit:failure = connect disconnect
full_audit:prefix = IP=%I|USER=%u|MACHINE=%m|VOLUME=%S
spoolssd:prefork_min_children = 5
spoolssd:prefork_max_children = 75
spoolssd:prefork_spawn_rate = 5
spoolssd:prefork_max_allowed_clients = 200
spoolssd:prefork_child_min_life = 60
rpc_daemon:spoolssd = embedded
rpc_server:spoolss = embedded
spoolss: architecture = Windows x64
server role check:inhibit = yes
winbindd:use external pipes = true
idmap_ldb:use rfc2307 = Yes
idmap config * : backend = tdb
access based share enum = No
acl allow execute always = No
acl check permissions = Yes
acl group control = No
acl map full control = Yes
administrative share = No
admin users =
afs share = No
aio read size = 16384
aio write behind =
aio write size = 16384
allocation roundup size = 1048576
available = Yes
blocking locks = Yes
block size = 1024
browseable = Yes
case sensitive = No
comment =
copy =
create mask = 0744
csc policy = manual
cups options = raw
default case = lower
default devmode = Yes
delete readonly = No
delete veto files = No
dfree cache time = 0
dfree command =
directory mask = 0755
directory name cache size = 100
dmapi support = No
dont descend =
dos filemode = No
dos filetime resolution = No
dos filetimes = Yes
durable handles = Yes
ea support = No
fake directory create times = No
fake oplocks = No
follow symlinks = Yes
force create mode = 0000
force directory mode = 0000
force group =
force printername = Yes
force unknown acl user = No
force user =
fstype = NTFS
guest ok = No
guest only = No
hide dot files = Yes
hide files =
hide special files = No
hide unreadable = No
hide unwriteable files = No
hosts allow = ALL 127.0.0.1
hosts deny =
include =
inherit acls = Yes
inherit owner = no
inherit permissions = Yes
invalid users =
kernel oplocks = No
kernel share modes = Yes
level2 oplocks = Yes
locking = Yes
lppause command =
lpq command = %p
lpresume command =
lprm command =
magic output =
magic script =
mangled names = yes
mangling char = ~
map acl inherit = Yes
map archive = No
map hidden = No
map readonly = no
map system = No
max connections = 0
max print jobs = 1000
max reported print jobs = 0
min print space = 0
msdfs proxy =
msdfs root = No
msdfs shuffle referrals = No
nt acl support = Yes
ntvfs handler = unixuid, default
oplocks = Yes
path =
posix locking = Yes
postexec =
preexec =
preexec close = No
preserve case = Yes
printable = No
print command =
printer name =
printing = cups
printjob username = %U
print notify backchannel = No
queuepause command =
queueresume command =
read list =
read only = Yes
root postexec =
root preexec =
root preexec close = No
short preserve case = Yes
smb encrypt = No
spotlight = No
store dos attributes = Yes
strict allocate = Yes
strict locking = No
strict rename = No
strict sync = No
sync always = No
use client driver = No
use sendfile = Yes
valid users =
veto files =
veto oplock files =
vfs objects = dfs_samba4 acl_xattr
volume =
wide links = No
write cache size = 0
write list =


[homes]
admin users = "@Domain Admins"
browseable = No
comment = Home Directories
create mask = 0644
force create mode = 0660
force directory mode = 0770
hide files = /Recycle Bin/
path = /home/homes/%U
read only = No
valid users = "@Domain Users"
veto files = /*.encrypted/*.ecc/*.ccc/
vfs objects = dfs_samba4 full_audit recycle
recycle:mode = KEEP_DIRECTORIES|VERSION|TOUCH
recycle:noversions = *.tmp|*.temp|*.dat|*.ini
recycle:exclude =
*.tmp|*.temp|*.o|*.obj|~$*|*.??|*.log|*.trace|*.TMP|*.ASV|*.$$$|*.asv
recycle:touch_mtime = yes
recycle:touch = Yes
recycle:keeptree = Yes
recycle:versions = Yes
recycle:subdir_mode = 0700
recycle:directory_mode = 0770
recycle:maxsize = 0
recycle:minsize = 0
recycle:repository = .recycle


[profiles]
browseable = No
comment = Network Profiles Share
create mask = 0644
force create mode = 0660
force directory mode = 0770
path = /home/profiles
read only = No


[netlogon]
browseable = No
comment = Network Netlogon Share
path = /usr/local/samba/var/locks/sysvol/facility.local/scripts


[sysvol]
browseable = No
path = /usr/local/samba/var/locks/sysvol
read only = No


[printers]
browseable = No
comment = All Printers
create mask = 0700
path = /var/spool/samba
printable = Yes
write list = administrator "@Domain Admins"
acl_xattr:ignore system acl = yes


[print$]
admin users = "@Domain Admins"
comment = Printer Drivers
create mask = 0644
force create mode = 0660
force directory mode = 0770
invalid users = qwerty
path = /home/printer_drivers
read only = No
valid users = "@Domain Users"
write list = root "@Domain Admins"
acl_xattr:ignore system acl = yes


[Share1]
admin users = "@Domain Admins"
comment = Share1 Paylasimi
create mask = 0644
force create mode = 0660
force directory mode = 0770
hide files = /Recycle Bin/
invalid users = qwerty @Share1_no
path = /home/TEST/Share1
read list = abuzer
read only = No
valid users = "@Domain Users" abuzer
veto files = /*.encrypted/*.ecc/*.ccc/
vfs objects = dfs_samba4 full_audit recycle
recycle:mode = KEEP_DIRECTORIES|VERSION|TOUCH
recycle:noversions = *.tmp|*.temp|*.dat|*.ini
recycle:exclude =
*.tmp|*.temp|*.o|*.obj|~$*|*.??|*.log|*.trace|*.TMP|*.ASV|*.$$$|*.asv
recycle:touch_mtime = yes
recycle:touch = Yes
recycle:keeptree = Yes
recycle:versions = Yes
recycle:subdir_mode = 0700
recycle:directory_mode = 0770
recycle:maxsize = 0
recycle:minsize = 0
recycle:repository = .recycle


[brother_mfc9840]
admin users = "@Domain Admins"
path = /var/spool/samba
printable = Yes
printer name = brother1
valid users = administrator "@Domain Users"
write list = "@Domain Admins"

Barış

Rowland Penny via samba <samba at lists.samba.org>, 19 Şub 2019 Sal, 11:54
tarihinde şunu yazdı:

> On Tue, 19 Feb 2019 11:37:43 +0300
> barış tombul via samba <samba at lists.samba.org> wrote:
>
> > Dear all,
> >
> > We are using samba domain and i upgraded the samba from 4.7.9 to
> > 4.8.9. With the old version, people in our domain can view and can
> > share the folders without asking password and the people that out of
> > the domain can view and shared the folders with
> > writing \\IP_ADDRESS   PROMPT USERNAME: PASSWORD. with the new
> > version, there is no problem about viewing and sharing folders with
> > the people that in the domain but the people that are no in the domain
> > can not view the \\IP_ADRESS screen.
> >
> > Also, with the 4.8.9 version, when ,people in the domain , right
> > clicked to the shared folders and choose  properties > security, the
> > system throw out. If i write security = user > security = domain in
> > the smb.conf folder, there is no problem about the people in the
> > domain but without active directory people the problem still goes on.
> > You can see my smb.conf text in the below.
> >
> > Could you please help me about this problem?
> >
> > It is very URGENT!!
> >
>
> Two things, saying it is urgent doesn't cut any ice here, especially
> when you SHOUT urgent, Secondly, posting the output of 'testparm -v' is
> making things worse from the point of view of trying to understand what
> is going on, just post the output of 'cat'
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list