[Samba] Primary group is 0 and contains 0 supplementary groups
Robson Vitor Mendonça
robsonvitorm at gmail.com
Fri Oct 4 11:40:36 UTC 2019
I haven't learned to use the list yet, sorry! :(
See below the two smb.conf
### smb.conf - AD
[global]
netbios name = SRV-SAMBA
realm = DOMINIO.LAN
workgroup = DOMINIO
dns forwarder = X.X.X.X
server role = active directory domain controller
idmap_ldb:use rfc2307 = yes
ntlm auth = yes
ldap server require strong auth = no
tls enabled = no
security = user
vfs objects = acl_xattr
map acl inherit = Yes
store dos attributes = Yes
log level = 1 auth:5 winbind:5
log file = /var/log/samba/log.%U
max log size = 5000
timestamp logs = Yes
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
winbind refresh tickets = Yes
winbind offline logon = false
winbind nss info = rfc2307
template homedir = /samba/usuarios/home/%U
template shell = /usr/sbin/nologin
encrypt passwords = Yes
[netlogon]
path = /var/lib/samba/sysvol/dominio.lan/scripts
browseable = no
read only = No
[sysvol]
path = /var/lib/samba/sysvol
browseable = no
read only = No
### smb.conf - File Server
[global]
server string = Arquivos %h
server role = MEMBER SERVER
security = ADS
realm = DOMINIO.LAN
workgroup = DOMINIO
password server = srv-samba.tco.lan
encrypt passwords = yes
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
log level = 9
log file = /var/log/samba/log.%m
idmap_ldb:use rfc2307 = yes
idmap config * : backend = tdb
;idmap config * : range = 10000-20000
idmap config * : range = 3000-7999
idmap config DOMINIO : backend = rid
;idmap config DOMINIO : range = 30000-40000
idmap config DOMINIO : schema_mode = rfc2307
idmap config DOMINIO : range = 10000-999999
winbind refresh tickets = yes
winbind offline logon = yes
winbind enum users = yes
winbind enum groups = yes
winbind nested groups = yes
winbind expand groups = 10
winbind use default domain = yes
os level = 20
domain master = no
local master = no
preferred master = no
map to guest = bad user
host msdfs = no
netbios name = srv-arquivos
client min protocol = SMB2
client max protocol = SMB3
unix extensions = no
reset on zero vc = yes
veto files = /.bash_logout/.bash_profile/.bash_history/.bashrc/
hide unreadable = yes
acl group control = yes
acl map full control = true
ea support = yes
vfs objects = acl_xattr
store dos attributes = yes
dos filemode = yes
dos filetimes = yes
enable privileges = yes
restrict anonymous = 2
strict allocate = yes
guest ok = no
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
ntlm auth = yes
map acl inherit = yes
template shell = /usr/sbin/nologin
template homedir = /dados/usuarios/%U
[Publico]
comment = Publico
path = /dados/publico
create mask = 0770
directory mask = 0770
browseable = yes
valid users = @"Domain Admins" @"Domain Users"
write list = @"Domain Admins" @"Domain Users"
[COMP01]
comment = COMP01
path = /dados/comp01
read only = no
inherit acls = yes
valid users = @"DOMINIO\Domain Admins" @"DOMINIO\group01"
write list = @"DOMINIO\Domain Admins" @"DOMINIO\group01"
Thanks!
Atenciosamente,
Robson Vitor Mendonça
More information about the samba
mailing list