[Samba] Primary group is 0 and contains 0 supplementary groups
Rowland penny
rpenny at samba.org
Fri Oct 4 12:23:20 UTC 2019
On 04/10/2019 12:40, Robson Vitor Mendonça via samba wrote:
> I haven't learned to use the list yet, sorry! :(
What email client are you using ?
Normally, you would 'reply to list' or just 'reply'.
>
> See below the two smb.conf
>
> ### smb.conf - AD
Remove these lines from the AD DC smb.conf:
ldap server require strong auth = no
tls enabled = no
security = user
vfs objects = acl_xattr
map acl inherit = Yes
store dos attributes = Yes
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
winbind offline logon = false
winbind nss info = rfc2307
encrypt passwords = Yes
template shell = /usr/sbin/nologin
>
>
>
> ### smb.conf - File Server
And these from the Unix domain member:
password server = srv-samba.tco.lan
encrypt passwords = yes
idmap_ldb:use rfc2307 = yes
idmap config DOMINIO : schema_mode = rfc2307
winbind enum users = yes
winbind enum groups = yes
winbind expand groups = 10
os level = 20
map to guest = bad user
acl map full control = true
ea support = yes
dos filetimes = yes
enable privileges = yes
restrict anonymous = 2
strict allocate = yes
guest ok = no
template shell = /usr/sbin/nologin
The above lines either are defaults or have no reason to be where they are.
Unless you have a very good reason for using SMBv1, I would also remove
'ntlm auth = yes' from both smb.conf files.
Are all your client workstations Windows PCs ?
If so, remove the 'valid users' & 'write list' lines and read this:
https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs
Rowland
More information about the samba
mailing list