[Samba] setting up a new ADS infrastructure

Rowland penny rpenny at samba.org
Mon Jun 24 13:31:08 UTC 2019 

On 24/06/2019 13:34, Stefan Froehlich via samba wrote:
> Both of them, yes, and wbinfo(1) works as well:
>
> | sfroehli at herakles:~$ getent passwd test
> | test:*:10001:10000:Max Mustermann:/home/test:/bin/bash
> | sfroehli at herakles:~$ getent passwd SYNTHESIS\\test
> | test:*:10001:10000:Max Mustermann:/home/test:/bin/bash
> | sfroehli at herakles:~$ wbinfo --uid-info=10001
> | test:*:10001:10000:Max Mustermann:/home/test:/bin/bash
> | sfroehli at herakles:~$ wbinfo --user-info=test
> | test:*:10001:10000:Max Mustermann:/home/test:/bin/bash
>
> I can also chown files to this user and pretty much everything. But
> as soon as I want to connect to the server (be it "-L" or be it a
> certain share) this failure occurs.
>
OK, I re-read the info for your fileserver and found another mistake:

You have this in /etc/hosts:

192.168.122.12 herakles.synthesis.synth.intern herakles

So the short hostname is 'herakles', but you have this in smb.conf:

netbios name = AKTENSCHRANK

That is a no-no, the 'netbios name' (if given) must be the short 
hostname in uppercase.

Can I suggest you try this smb.conf:

[global]
server string = Aktenschrank
workgroup = SYNTHESIS
security = ADS
realm = SYNTHESIS.SYNTH.INTERN

preferred master = no
domain master = no
local master = no

# extended ACL support
vfs objects = acl_xattr
map acl inherit = yes
store dos attributes = yes

username map = /etc/samba/user.map

# debugging
debuglevel = 1
log file = /var/log/samba/log.%m
max log size = 1000
logging = file

idmap config *:backend = tdb
idmap config *:range = 1000-9999
idmap config SYNTHESIS:backend = ad
idmap config SYNTHESIS:schema_mode = rfc2307
idmap config SYNTHESIS:range = 10000-9999999
idmap config SYNTHESIS:unix_nss_info = yes

winbind enum groups = yes
winbind enum users = yes
winbind use default domain = yes
winbind refresh tickets = yes

[users]
comment = Home Directories
path = /home
browseable = no
read only = no
force create mode = 0600
force directory mode = 0700

[profiles]
comment = User profiles
path = /home/profiles
browseable = no
read only = no
force create mode = 0600
force directory mode = 0700

Rowland

More information about the samba mailing list