[Samba] samba 4.8x problem

L.P.H. van Belle belle at bazuin.nl
Tue Feb 19 10:58:36 UTC 2019


Hai, 

Rowland did mean, post it without the -v.. 

Since its an AD server. Run : samba-tool testparm 
Can you post that that gives a better insight. 

Greetz, 

Louis
 

> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> bar???? tombul via samba
> Verzonden: dinsdag 19 februari 2019 11:37
> Aan: Rowland Penny
> CC: samba
> Onderwerp: Re: [Samba] samba 4.8x problem
> 
> Dear Rowland,
> 
> You can see the output of "testparm -v" in the below.
> 
> kind regards.
> # Global parameters
> [global]
> abort shutdown script =
> add group script =
> add machine script =
> addport command =
> addprinter command =
> add share command =
> add user script =
> add user to group script =
> afs token lifetime = 604800
> afs username map =
> aio max threads = 100
> algorithmic rid base = 1000
> allow dcerpc auth level connect = No
> allow dns updates = nonsecure and secure
> allow insecure wide links = No
> allow nt4 crypto = No
> allow trusted domains = Yes
> allow unsafe cluster upgrade = No
> apply group policies = No
> async smb echo handler = No
> auth event notification = No
> auto services =
> binddns dir = /usr/local/samba/bind-dns
> bind interfaces only = Yes
> browse list = Yes
> cache directory = /usr/local/samba/var/cache
> change notify = Yes
> change share command =
> check password script =
> cldap port = 389
> client ipc max protocol = default
> client ipc min protocol = default
> client ipc signing = default
> client lanman auth = No
> client ldap sasl wrapping = sign
> client max protocol = default
> client min protocol = CORE
> client NTLMv2 auth = No
> client plaintext auth = No
> client schannel = Yes
> client signing = required
> client use spnego principal = No
> client use spnego = Yes
> cluster addresses =
> clustering = No
> config backend = file
> config file =
> create krb5 conf = Yes
> ctdbd socket =
> ctdb locktime warn threshold = 0
> ctdb timeout = 0
> cups connection timeout = 60
> cups encrypt = No
> cups server =
> dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr, netlogon,
> lsarpc, drsuapi, dssetup, unixinfo, browser, eventlog6, 
> backupkey, remote,
> dnsserver
> deadtime = 0
> debug class = No
> debug hires timestamp = Yes
> debug pid = No
> debug prefix timestamp = No
> debug uid = No
> dedicated keytab file = /etc/krb5.keytab
> default service =
> defer sharing violations = Yes
> delete group script =
> deleteprinter command =
> delete share command =
> delete user from group script =
> delete user script =
> dgram port = 138
> disable netbios = No
> disable spoolss = No
> dns forwarder =
> dns proxy = No
> dns update command = /usr/local/samba/sbin/samba_dnsupdate
> domain logons = Yes
> domain master = Yes
> dos charset = CP850
> enable asu support = No
> enable core files = Yes
> enable privileges = Yes
> encrypt passwords = Yes
> enhanced browsing = Yes
> enumports command = /usr/local/bin/show-ports.sh
> eventlog list =
> get quota command =
> getwd cache = Yes
> gpo update command = /usr/local/samba/sbin/samba_gpoupdate
> guest account = nobody
> homedir map = auto.home
> host msdfs = Yes
> hostname lookups = No
> idmap backend = tdb
> idmap cache time = 604800
> idmap gid =
> idmap negative cache time = 120
> idmap uid =
> include system krb5 conf = Yes
> init logon delay = 100
> init logon delayed hosts =
> interfaces = lo ens192
> iprint server =
> keepalive = 300
> kerberos encryption types = all
> kerberos method = secrets and keytab
> kernel change notify = Yes
> kpasswd port = 464
> krb5 port = 88
> lanman auth = No
> large readwrite = Yes
> ldap admin dn =
> ldap connection timeout = 2
> ldap debug level = 0
> ldap debug threshold = 10
> ldap delete dn = No
> ldap deref = auto
> ldap follow referral = Auto
> ldap group suffix =
> ldap idmap suffix =
> ldap machine suffix =
> ldap page size = 1000
> ldap passwd sync = no
> ldap replication sleep = 1000
> ldap server require strong auth = No
> ldap ssl = start tls
> ldap ssl ads = No
> ldap suffix =
> ldap timeout = 15
> ldap user suffix =
> lm announce = Auto
> lm interval = 60
> load printers = No
> local master = Yes
> lock directory = /usr/local/samba/var/lock
> lock spin time = 200
> log file = /var/log/samba/log.%m
> logging = file
> log level = 2
> log nt token command =
> logon drive =
> logon home = \\%N\%U
> logon path = \\%N\%U\profile
> logon script =
> log writeable files on exit = No
> lpq cache time = 30
> lsa over netlogon = No
> machine password timeout = 604800
> mangle prefix = 1
> mangling method = hash2
> map to guest = Bad User
> max disk size = 0
> max log size = 0
> max mux = 50
> max open files = 65535
> max smbd processes = 0
> max stat cache size = 256
> max ttl = 259200
> max wins ttl = 518400
> max xmit = 65535
> mdns name = netbios
> message command =
> min receivefile size = 16384
> min wins ttl = 21600
> mit kdc command =
> multicast dns register = Yes
> name cache timeout = 3600
> name resolve order = lmhosts wins host bcast
> nbt client socket address = 0.0.0.0
> nbt port = 137
> ncalrpc dir = /usr/local/samba/var/run/ncalrpc
> netbios aliases =
> netbios name = TEST
> netbios scope =
> neutralize nt4 emulation = No
> NIS homedir = No
> nmbd bind explicit broadcast = Yes
> nsupdate command = /usr/bin/nsupdate -g
> ntlm auth = ntlmv1-permitted
> nt pipe support = Yes
> ntp signd socket directory = /usr/local/samba/var/lib/ntp_signd
> nt status support = Yes
> null passwords = No
> obey pam restrictions = No
> old password allowed period = 120
> oplock break wait time = 0
> os2 driver map =
> os level = 255
> pam password change = Yes
> panic action =
> passdb backend = samba_dsdb
> passdb expand explicit = No
> passwd chat = *New*password* %n\n *ReType*new*password*
> %n\n*passwd:*all*authentication*tokens*updated*successfully*
> passwd chat debug = No
> passwd chat timeout = 2
> passwd program = /usr/local/samba/bin/smbpasswd %u
> password hash gpg key ids =
> password hash userPassword schemes =
> password server = TEST.facility.local
> perfcount module =
> pid directory = /usr/local/samba/var/run
> preferred master = Yes
> prefork children = 1
> preload modules =
> printcap cache time = 0
> printcap name = cups
> private dir = /usr/local/samba/private
> raw NTLMv2 auth = No
> read raw = Yes
> realm = FACILITY.LOCAL
> registry shares = No
> reject md5 clients = No
> reject md5 servers = No
> remote announce =
> remote browse sync =
> rename user script =
> require strong key = Yes
> reset on zero vc = No
> restrict anonymous = 0
> rndc command = /usr/sbin/rndc
> root directory =
> rpc big endian = No
> rpc server dynamic port range = 49152-65535
> rpc server port = 0
> samba kcc command = /usr/local/samba/sbin/samba_kcc
> security = USER
> server max protocol = SMB3
> server min protocol = LANMAN1
> server multi channel support = No
> server role = active directory domain controller
> server schannel = Yes
> server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, 
> drepl, winbindd,
> ntp_signd, kcc, dnsupdate
> server signing = required
> server string = TEST Samba Server
> set primary group script =
> set quota command =
> share backend = classic
> show add printer wizard = Yes
> shutdown script =
> smb2 leases = Yes
> smb2 max credits = 8192
> smb2 max read = 8388608
> smb2 max trans = 8388608
> smb2 max write = 8388608
> smbd profiling level = off
> smb passwd file = /usr/local/samba/private/smbpasswd
> smb ports = 445 139
> socket options = IPTOS_LOWDELAY TCP_NODELAY SO_RCVBUF=65536 
> SO_SNDBUF=65536
> spn update command = /usr/local/samba/sbin/samba_spnupdate
> stat cache = Yes
> state directory = /usr/local/samba/var/locks
> svcctl list =
> syslog = 1
> syslog only = No
> template homedir = /home/%D/%U
> template shell = /bin/bash
> time server = No
> timestamp logs = Yes
> tls cafile = tls/ca.pem
> tls certfile = tls/cert.pem
> tls crlfile =
> tls dh params file =
> tls enabled = Yes
> tls keyfile = tls/key.pem
> tls priority = NORMAL:-VERS-SSL3.0
> tls verify peer = as_strict_as_possible
> unicode = Yes
> unix charset = UTF-8
> unix extensions = Yes
> unix password sync = Yes
> use mmap = Yes
> username level = 0
> username map =
> username map cache time = 0
> username map script =
> usershare allow guests = No
> usershare max shares = 0
> usershare owner only = Yes
> usershare path = /usr/local/samba/var/locks/usershares
> usershare prefix allow list =
> usershare prefix deny list =
> usershare template share =
> utmp = No
> utmp directory =
> web port = 901
> winbind cache time = 300
> winbindd socket directory = /usr/local/samba/var/run/winbindd
> winbind enum groups = Yes
> winbind enum users = Yes
> winbind expand groups = 10
> winbind max clients = 2000
> winbind max domain connections = 1
> winbind nested groups = Yes
> winbind normalize names = Yes
> winbind nss info = rfc2307
> winbind offline logon = Yes
> winbind reconnect delay = 30
> winbind refresh tickets = Yes
> winbind request timeout = 60
> winbind rpc only = Yes
> winbind scan trusted domains = Yes
> winbind sealed pipes = Yes
> winbind separator = \
> winbind use default domain = Yes
> wins hook =
> wins proxy = Yes
> wins server =
> wins support = Yes
> workgroup = FACILITY
> write raw = Yes
> wtmp directory =
> rpc_server:tcpip = no
> rpc_server:winreg = embedded
> rpc_server:ntsvcs = embedded
> rpc_server:eventlog = embedded
> rpc_server:srvsvc = embedded
> rpc_server:svcctl = embedded
> rpc_server:default = external
> idmap config * : range = 1000000-1999999
> full_audit:priority = notice
> full_audit:facility = local5
> full_audit:success = connect disconnect opendir mkdir rmdir 
> closedir open
> close read pread write pwrite sendfile rename unlink chmod 
> fchmod chown
> fchown chdir ftruncate lock symlink readlink link mknod
> full_audit:failure = connect disconnect
> full_audit:prefix = IP=%I|USER=%u|MACHINE=%m|VOLUME=%S
> spoolssd:prefork_min_children = 5
> spoolssd:prefork_max_children = 75
> spoolssd:prefork_spawn_rate = 5
> spoolssd:prefork_max_allowed_clients = 200
> spoolssd:prefork_child_min_life = 60
> rpc_daemon:spoolssd = embedded
> rpc_server:spoolss = embedded
> spoolss: architecture = Windows x64
> server role check:inhibit = yes
> winbindd:use external pipes = true
> idmap_ldb:use rfc2307 = Yes
> idmap config * : backend = tdb
> access based share enum = No
> acl allow execute always = No
> acl check permissions = Yes
> acl group control = No
> acl map full control = Yes
> administrative share = No
> admin users =
> afs share = No
> aio read size = 16384
> aio write behind =
> aio write size = 16384
> allocation roundup size = 1048576
> available = Yes
> blocking locks = Yes
> block size = 1024
> browseable = Yes
> case sensitive = No
> comment =
> copy =
> create mask = 0744
> csc policy = manual
> cups options = raw
> default case = lower
> default devmode = Yes
> delete readonly = No
> delete veto files = No
> dfree cache time = 0
> dfree command =
> directory mask = 0755
> directory name cache size = 100
> dmapi support = No
> dont descend =
> dos filemode = No
> dos filetime resolution = No
> dos filetimes = Yes
> durable handles = Yes
> ea support = No
> fake directory create times = No
> fake oplocks = No
> follow symlinks = Yes
> force create mode = 0000
> force directory mode = 0000
> force group =
> force printername = Yes
> force unknown acl user = No
> force user =
> fstype = NTFS
> guest ok = No
> guest only = No
> hide dot files = Yes
> hide files =
> hide special files = No
> hide unreadable = No
> hide unwriteable files = No
> hosts allow = ALL 127.0.0.1
> hosts deny =
> include =
> inherit acls = Yes
> inherit owner = no
> inherit permissions = Yes
> invalid users =
> kernel oplocks = No
> kernel share modes = Yes
> level2 oplocks = Yes
> locking = Yes
> lppause command =
> lpq command = %p
> lpresume command =
> lprm command =
> magic output =
> magic script =
> mangled names = yes
> mangling char = ~
> map acl inherit = Yes
> map archive = No
> map hidden = No
> map readonly = no
> map system = No
> max connections = 0
> max print jobs = 1000
> max reported print jobs = 0
> min print space = 0
> msdfs proxy =
> msdfs root = No
> msdfs shuffle referrals = No
> nt acl support = Yes
> ntvfs handler = unixuid, default
> oplocks = Yes
> path =
> posix locking = Yes
> postexec =
> preexec =
> preexec close = No
> preserve case = Yes
> printable = No
> print command =
> printer name =
> printing = cups
> printjob username = %U
> print notify backchannel = No
> queuepause command =
> queueresume command =
> read list =
> read only = Yes
> root postexec =
> root preexec =
> root preexec close = No
> short preserve case = Yes
> smb encrypt = No
> spotlight = No
> store dos attributes = Yes
> strict allocate = Yes
> strict locking = No
> strict rename = No
> strict sync = No
> sync always = No
> use client driver = No
> use sendfile = Yes
> valid users =
> veto files =
> veto oplock files =
> vfs objects = dfs_samba4 acl_xattr
> volume =
> wide links = No
> write cache size = 0
> write list =
> 
> 
> [homes]
> admin users = "@Domain Admins"
> browseable = No
> comment = Home Directories
> create mask = 0644
> force create mode = 0660
> force directory mode = 0770
> hide files = /Recycle Bin/
> path = /home/homes/%U
> read only = No
> valid users = "@Domain Users"
> veto files = /*.encrypted/*.ecc/*.ccc/
> vfs objects = dfs_samba4 full_audit recycle
> recycle:mode = KEEP_DIRECTORIES|VERSION|TOUCH
> recycle:noversions = *.tmp|*.temp|*.dat|*.ini
> recycle:exclude =
> *.tmp|*.temp|*.o|*.obj|~$*|*.??|*.log|*.trace|*.TMP|*.ASV|*.$$$|*.asv
> recycle:touch_mtime = yes
> recycle:touch = Yes
> recycle:keeptree = Yes
> recycle:versions = Yes
> recycle:subdir_mode = 0700
> recycle:directory_mode = 0770
> recycle:maxsize = 0
> recycle:minsize = 0
> recycle:repository = .recycle
> 
> 
> [profiles]
> browseable = No
> comment = Network Profiles Share
> create mask = 0644
> force create mode = 0660
> force directory mode = 0770
> path = /home/profiles
> read only = No
> 
> 
> [netlogon]
> browseable = No
> comment = Network Netlogon Share
> path = /usr/local/samba/var/locks/sysvol/facility.local/scripts
> 
> 
> [sysvol]
> browseable = No
> path = /usr/local/samba/var/locks/sysvol
> read only = No
> 
> 
> [printers]
> browseable = No
> comment = All Printers
> create mask = 0700
> path = /var/spool/samba
> printable = Yes
> write list = administrator "@Domain Admins"
> acl_xattr:ignore system acl = yes
> 
> 
> [print$]
> admin users = "@Domain Admins"
> comment = Printer Drivers
> create mask = 0644
> force create mode = 0660
> force directory mode = 0770
> invalid users = qwerty
> path = /home/printer_drivers
> read only = No
> valid users = "@Domain Users"
> write list = root "@Domain Admins"
> acl_xattr:ignore system acl = yes
> 
> 
> [Share1]
> admin users = "@Domain Admins"
> comment = Share1 Paylasimi
> create mask = 0644
> force create mode = 0660
> force directory mode = 0770
> hide files = /Recycle Bin/
> invalid users = qwerty @Share1_no
> path = /home/TEST/Share1
> read list = abuzer
> read only = No
> valid users = "@Domain Users" abuzer
> veto files = /*.encrypted/*.ecc/*.ccc/
> vfs objects = dfs_samba4 full_audit recycle
> recycle:mode = KEEP_DIRECTORIES|VERSION|TOUCH
> recycle:noversions = *.tmp|*.temp|*.dat|*.ini
> recycle:exclude =
> *.tmp|*.temp|*.o|*.obj|~$*|*.??|*.log|*.trace|*.TMP|*.ASV|*.$$$|*.asv
> recycle:touch_mtime = yes
> recycle:touch = Yes
> recycle:keeptree = Yes
> recycle:versions = Yes
> recycle:subdir_mode = 0700
> recycle:directory_mode = 0770
> recycle:maxsize = 0
> recycle:minsize = 0
> recycle:repository = .recycle
> 
> 
> [brother_mfc9840]
> admin users = "@Domain Admins"
> path = /var/spool/samba
> printable = Yes
> printer name = brother1
> valid users = administrator "@Domain Users"
> write list = "@Domain Admins"
> 
> Bar????
> 
> Rowland Penny via samba <samba at lists.samba.org>, 19 ??ub 2019 
> Sal, 11:54
> tarihinde ??unu yazd??:
> 
> > On Tue, 19 Feb 2019 11:37:43 +0300
> > bar???? tombul via samba <samba at lists.samba.org> wrote:
> >
> > > Dear all,
> > >
> > > We are using samba domain and i upgraded the samba from 4.7.9 to
> > > 4.8.9. With the old version, people in our domain can view and can
> > > share the folders without asking password and the people 
> that out of
> > > the domain can view and shared the folders with
> > > writing \\IP_ADDRESS   PROMPT USERNAME: PASSWORD. with the new
> > > version, there is no problem about viewing and sharing 
> folders with
> > > the people that in the domain but the people that are no 
> in the domain
> > > can not view the \\IP_ADRESS screen.
> > >
> > > Also, with the 4.8.9 version, when ,people in the domain , right
> > > clicked to the shared folders and choose  properties > 
> security, the
> > > system throw out. If i write security = user > security = 
> domain in
> > > the smb.conf folder, there is no problem about the people in the
> > > domain but without active directory people the problem 
> still goes on.
> > > You can see my smb.conf text in the below.
> > >
> > > Could you please help me about this problem?
> > >
> > > It is very URGENT!!
> > >
> >
> > Two things, saying it is urgent doesn't cut any ice here, especially
> > when you SHOUT urgent, Secondly, posting the output of 
> 'testparm -v' is
> > making things worse from the point of view of trying to 
> understand what
> > is going on, just post the output of 'cat'
> >
> > Rowland
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
> >
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
> 




More information about the samba mailing list