[Samba] Not able to access samba share with domain name

Rowland penny rpenny at samba.org
Tue Oct 8 08:30:59 UTC 2019


On 08/10/2019 05:44, Kumar, Arjit (SSTO) wrote:
> Hi,
>
> Below is the smb.conf file.
>
> global]
> 	workgroup = ADSSERVER  #same for both machine
> 	netbios name = hp-ux  #Specific based on machine domain name
> 	server string = Samba Server
> 	security = DOMAIN
> 	encrypt passwords = Yes
> #	password server = *
> 	password server = IP #same for both machine
> #	syslog = 0
> 	log level = 3
> 	log file = /var/opt/samba/log.%m
> 	max log size = 1000
> 	preferred master = No
> 	local master = No
> 	domain master = No
> 	read only = No
> 	create mask = 0774
> #	short preserve case = No
> 	short preserve case = Yes
> 	dos filetime resolution = Yes
> 	ntlm auth = No
> 	lanman auth = No
> 	client ntlmv2 auth = Yes
> 	client lanman auth = No
> 	client plaintext auth = No
> 	min protocol = SMB2
> 	max protocol = SMB3
> 	unix extensions = No
>
> [homes]
> 	comment = Home Directories
> 	browseable = No
>
There are lots of lines there that you do not need (and some missing 
ones that you do need, more later), but the major problem is 'security = 
DOMAIN', it should be 'security = ADS', try this smb.conf:

[global]
     workgroup = ADSSERVER
     server string = Samba Server
     security = ADS

     log level = 3
     log file = /var/opt/samba/log.%m
     max log size = 1000
     preferred master = No
     local master = No
     domain master = No
     dos filetime resolution = Yes
     server min protocol = SMB2
     client min protocol = SMB2

[homes]
     comment = Home Directories
     browseable = No
     read only = No
     create mask = 0700
     directory mask = 0700
     valid users = %S

But there is still one big problem, there are no authentication lines. I 
would expect to see (at least) something like this:

     idmap config * : backend = tdb
     idmap config * : range = 3000-7999
     idmap config ADSSERVER : backend = rid
     idmap config ADSSERVER : range = 10000-999999

Never used HP-UX, but I would imagine it authenticates similar to Linux, 
but if you do not have the lines above (or similar) are all your users 
in /etc/passwd ?

Rowland





More information about the samba mailing list