[Samba] Fwd: Re: Kerberos and NTLMv2 authentication
Rowland penny
rpenny at samba.org
Mon Jun 17 13:12:56 UTC 2019
On 17/06/2019 13:42, Edouard Guigné via samba wrote:
> Hello,
>
> Please find here the content of my smb.cnf :
>
> [global]
> security = ads
> realm = MYDOMAIN.LOCAL
> workgroup = MYDOMAIN
> kerberos method = secrets and keytab
> server signing = mandatory
> client signing = mandatory
>
> hosts allow = 127. 10.X.X.
> hosts deny = 10.X.X.
>
> log level = 1 auth_audit:3
> local master = no
> domain master = no
> preferred master = no
>
> use sendfile = true
>
> load printers = no
> cups options = raw
> printcap name = /dev/null
>
> disable spoolss = yes
>
> vfs objects = acl_xattr
> map acl inherit = yes
> store dos attributes = yes
>
> idmap config * : backend = tdb
>
> idmap config * : range = 15000-99999
>
> winbind nss info = rfc2307
> idmap config MYDOMAIN : backend = ad
> idmap config MYDOMAIN : schema_mode = rfc2307
>
> idmap config MYDOMAIN : range = 10000-14999
>
> idmap config MYDOMAIN : unix_nss_info = yes
>
> idmap config MYDOMAIN : unix_primary_group = yes
>
> client min protocol = SMB2
>
> username map = /etc/samba/user.map
>
> [groups]
> comment = mycomment
> path = /var/datashared
> public = no
> writable = yes
>
> valid users = @"utilisateurs du domaine at MYDOMAIN.LOCAL"
>
> vfs objects = acl_xattr streams_xattr
>
> [homes]
> comment = Home Directories
> read only = No
> create mask = 0700
> directory mask = 0700
> valid users = @"utilisateurs du domaine at MYDOMAIN.LOCAL"
> path = /home
> hide files = /~*.tmp/profile/desktop.ini/~$*/
> browseable = no
> public = no
> guest ok = no
>
> [printers]
> comment = All Printers
> path = /var/tmp
> printable = Yes
> create mask = 0600
> browseable = No
>
> [print$]
> comment = Printer Drivers
> path = /var/lib/samba/drivers
> write list = root
> create mask = 0664
> directory mask = 0775
>
Provided you have added uidNumbers to your users and (at least) a
gidNumber to Domain Users, that smb.conf has nothing major wrong.
> And the content of my /etc/nsswitch.conf :
>
> bootparams: nisplus [NOTFOUND=return] files
>
> ethers: files
> netmasks: files
> networks: files
> protocols: files
> rpc: files
> services: files sss
>
> netgroup: files sss
>
> publickey: nisplus
>
> automount: files
> aliases: files nisplus
Your nsswitch.conf is a different matter, you either do not have the
passwd, group and shadow lines or you have chosen not to show them.
Rowland
More information about the samba
mailing list