[Samba] Problem with SPNEGO on full trust 2016 DC <> Samba 4.10.7 AD

ASW Global aswsupplyservices at outlook.com
Tue Oct 15 12:56:18 UTC 2019


I've read the documentation that domain trusts should be fully supported with both Kerberos and NTLM authentication. I've created a new 2016 domain on a Windows box and created a Samba domain on a Linux box with a BIND9_DLZ backend. Both servers can resolve both DNS domains forwards and backwards and I am able to connect a Windows 10 client to the Samba domain without any issues. The problem occurs when create a full  external trust between the two domains. The trust is created successfully with samba-tool however the verify fails with TRUST[WERR_NO_LOGON_SERVERS] VERIFY_STATUS_RETURNED.

The end result is a trust relation that fully works with Kerberos authentication (such as logging in on the trusted domain from a domain connected to the other) but this won't work with NTLM authentication outside of it's realm. I am constantly getting this error message in the wb-DOMAIN logs:

Starting GENSEC submechanism ntlmssp
[2019/10/15 07:06:26.589018,  1, pid=12457, effective(0, 0), real(0, 0), class=rpc_parse] ../../librpc/ndr/ndr.c:422(ndr_print_debug)
       negotiate: struct NEGOTIATE_MESSAGE
          Signature                : 'NTLMSSP'
          MessageType              : NtLmNegotiate (1)
          NegotiateFlags           : 0x62088215 (1644724757)
                 1: NTLMSSP_NEGOTIATE_UNICODE
                 0: NTLMSSP_NEGOTIATE_OEM
                 1: NTLMSSP_REQUEST_TARGET
                 1: NTLMSSP_NEGOTIATE_SIGN
                 0: NTLMSSP_NEGOTIATE_SEAL
                 0: NTLMSSP_NEGOTIATE_DATAGRAM
                 0: NTLMSSP_NEGOTIATE_LM_KEY
                 0: NTLMSSP_NEGOTIATE_NETWARE
                 1: NTLMSSP_NEGOTIATE_NTLM
                 0: NTLMSSP_NEGOTIATE_NT_ONLY
                 0: NTLMSSP_ANONYMOUS
                 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED
                 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED
                 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL
                 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN
                 0: NTLMSSP_TARGET_TYPE_DOMAIN
                 0: NTLMSSP_TARGET_TYPE_SERVER
                 0: NTLMSSP_TARGET_TYPE_SHARE
                 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
                 0: NTLMSSP_NEGOTIATE_IDENTIFY
                 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY
                 0: NTLMSSP_NEGOTIATE_TARGET_INFO
                 1: NTLMSSP_NEGOTIATE_VERSION
                 1: NTLMSSP_NEGOTIATE_128
                 1: NTLMSSP_NEGOTIATE_KEY_EXCH
                 0: NTLMSSP_NEGOTIATE_56
          DomainNameLen            : 0x0000 (0)
          DomainNameMaxLen         : 0x0000 (0)
          DomainName               : *
              DomainName               : ''
          WorkstationLen           : 0x0000 (0)
          WorkstationMaxLen        : 0x0000 (0)
          Workstation              : *
              Workstation              : ''
          Version: struct ntlmssp_VERSION
              ProductMajorVersion      : NTLMSSP_WINDOWS_MAJOR_VERSION_6 (6)
              ProductMinorVersion      : NTLMSSP_WINDOWS_MINOR_VERSION_1 (1)
              ProductBuild             : 0x0000 (0)
              Reserved: ARRAY(3)
                  [0]                      : 0x00 (0)
                  [1]                      : 0x00 (0)
                  [2]                      : 0x00 (0)
              NTLMRevisionCurrent      : NTLMSSP_REVISION_W2K3 (15)
                  [2]                      : 0x00 (0)
              NTLMRevisionCurrent      : NTLMSSP_REVISION_W2K3 (15)
[2019/10/15 07:06:26.589188, 10, pid=12457, effective(0, 0), real(0, 0), class=auth] ../../auth/gensec/gensec.c:455(gensec_update_send)
  gensec_update_send: ntlmssp[0x5625297aa300]: subreq: 0x5625299b9330
[2019/10/15 07:06:26.589207, 10, pid=12457, effective(0, 0), real(0, 0), class=auth] ../../auth/gensec/gensec.c:455(gensec_update_send)
  gensec_update_send: spnego[0x56252a561b00]: subreq: 0x562529ff3510
[2019/10/15 07:06:26.589223, 10, pid=12457, effective(0, 0), real(0, 0), class=auth] ../../auth/gensec/gensec.c:512(gensec_update_done)
  gensec_update_done: ntlmssp[0x5625297aa300]: NT_STATUS_MORE_PROCESSING_REQUIRED tevent_req[0x5625299b9330/../../auth/ntlmssp/ntlmssp.c:180]: state[2] error[0 (0x0)]  state[struct gensec_ntlmssp_update_state (0x5625299b94e0)] timer[(nil)] finish[../../auth/ntlmssp/ntlmssp.c:215]
[2019/10/15 07:06:26.589246, 10, pid=12457, effective(0, 0), real(0, 0), class=auth] ../../auth/gensec/gensec.c:512(gensec_update_done)
  gensec_update_done: spnego[0x56252a561b00]: NT_STATUS_MORE_PROCESSING_REQUIRED tevent_req[0x562529ff3510/../../auth/gensec/spnego.c:1600]: state[2] error[0 (0x0)]  state[struct gensec_spnego_update_state (0x562529ff36c0)] timer[(nil)] finish[../../auth/gensec/spnego.c:2070]
[2019/10/15 07:06:26.589508,  3, pid=12457, effective(0, 0), real(0, 0), class=auth] ../../auth/ntlmssp/ntlmssp_client.c:273(ntlmssp_client_challenge)
  Got challenge flags:
[2019/10/15 07:06:26.589527,  3, pid=12457, effective(0, 0), real(0, 0), class=auth] ../../auth/ntlmssp/ntlmssp_util.c:72(debug_ntlmssp_flags)
  Got NTLMSSP neg_flags=0x62898215
    NTLMSSP_NEGOTIATE_UNICODE
    NTLMSSP_REQUEST_TARGET
    NTLMSSP_NEGOTIATE_SIGN
    NTLMSSP_NEGOTIATE_NTLM
    NTLMSSP_NEGOTIATE_ALWAYS_SIGN
    NTLMSSP_TARGET_TYPE_DOMAIN
    NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
    NTLMSSP_NEGOTIATE_TARGET_INFO
    NTLMSSP_NEGOTIATE_VERSION
    NTLMSSP_NEGOTIATE_128
    NTLMSSP_NEGOTIATE_KEY_EXCH
[2019/10/15 07:06:26.589577,  1, pid=12457, effective(0, 0), real(0, 0), class=rpc_parse] ../../librpc/ndr/ndr.c:422(ndr_print_debug)
       challenge: struct CHALLENGE_MESSAGE
          Signature                : 'NTLMSSP'
          MessageType              : NtLmChallenge (0x2)
          TargetNameLen            : 0x0008 (8)
          TargetNameMaxLen         : 0x0008 (8)
          TargetName               : *
              TargetName               : 'ASW'
          NegotiateFlags           : 0x62898215 (1653178901)
                 1: NTLMSSP_NEGOTIATE_UNICODE
                 0: NTLMSSP_NEGOTIATE_OEM
                 1: NTLMSSP_REQUEST_TARGET
                 1: NTLMSSP_NEGOTIATE_SIGN
                 0: NTLMSSP_NEGOTIATE_SEAL
                 0: NTLMSSP_NEGOTIATE_DATAGRAM
                 0: NTLMSSP_NEGOTIATE_LM_KEY
                 0: NTLMSSP_NEGOTIATE_NETWARE
                 1: NTLMSSP_NEGOTIATE_NTLM
                 0: NTLMSSP_NEGOTIATE_NT_ONLY
                 0: NTLMSSP_ANONYMOUS
                 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED
                 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED
                 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED
                 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED
                 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL
                 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN
                 1: NTLMSSP_TARGET_TYPE_DOMAIN
                 0: NTLMSSP_TARGET_TYPE_SERVER
                 0: NTLMSSP_TARGET_TYPE_SHARE
                 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
                 0: NTLMSSP_NEGOTIATE_IDENTIFY
                 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY
                 1: NTLMSSP_NEGOTIATE_TARGET_INFO
                 1: NTLMSSP_NEGOTIATE_VERSION
                 1: NTLMSSP_NEGOTIATE_128
                 1: NTLMSSP_NEGOTIATE_KEY_EXCH
                 0: NTLMSSP_NEGOTIATE_56
          ServerChallenge          : 9577d49bcff93241
          Reserved                 : 0000000000000000
          TargetInfoLen            : 0x00c2 (194)
          TargetInfoMaxLen         : 0x00c2 (194)
          TargetInfo               : *
              TargetInfo: struct AV_PAIR_LIST
                  count                    : 0x00000007 (7)
                  pair: ARRAY(7)
                      pair: struct AV_PAIR
                          AvId                     : MsvAvNbDomainName (0x2)
                          AvLen                    : 0x0008 (8)
                          Value                    : union ntlmssp_AvValue(case 0x2)
                          AvNbDomainName           : 'ASW'
                      pair: struct AV_PAIR
                          AvId                     : MsvAvNbComputerName (0x1)
                          AvLen                    : 0x0014 (20)
                          Value                    : union ntlmssp_AvValue(case 0x1)
                          AvNbComputerName         : 'ASWSERVER'
                      pair: struct AV_PAIR
                          AvId                     : MsvAvDnsDomainName (0x4)
                          AvLen                    : 0x0024 (36)
                          Value                    : union ntlmssp_AvValue(case 0x4)
                          AvDnsDomainName          : 'ASW.aswglobal.net'
                      pair: struct AV_PAIR
                          AvId                     : MsvAvDnsComputerName (0x3)
                          AvLen                    : 0x003a (58)
                          Value                    : union ntlmssp_AvValue(case 0x3)
                          AvDnsComputerName        : 'aswserver.asw.aswglobal.net'
                      pair: struct AV_PAIR
                          AvId                     : MsvAvDnsTreeName (0x5)
                          AvLen                    : 0x0024 (36)
                          Value                    : union ntlmssp_AvValue(case 0x5)
                          AvDnsTreeName            : 'ASW.aswglobal.net'
                      pair: struct AV_PAIR
                          AvDnsTreeName            : 'ASW.aswglobal.net'
                      pair: struct AV_PAIR
                          AvId                     : MsvAvTimestamp (0x7)
                          AvLen                    : 0x0008 (8)
                          Value                    : union ntlmssp_AvValue(case 0x7)
                          AvTimestamp              : Tue Oct 15 07:06:27 2019 EDT
                      pair: struct AV_PAIR
                          AvId                     : MsvAvEOL (0x0)
                          AvLen                    : 0x0000 (0)
                          Value                    : union ntlmssp_AvValue(case 0x0)
          Version: struct ntlmssp_VERSION
              ProductMajorVersion      : NTLMSSP_WINDOWS_MAJOR_VERSION_10 (0xA)
              ProductMinorVersion      : NTLMSSP_WINDOWS_MINOR_VERSION_0 (0x0)
              ProductBuild             : 0x3839 (14393)
              Reserved                 : 000000
              NTLMRevisionCurrent      : NTLMSSP_REVISION_W2K3 (0xF)
[2019/10/15 07:06:26.589905,  1, pid=12457, effective(0, 0), real(0, 0), class=rpc_parse] ../../librpc/ndr/ndr.c:422(ndr_print_debug)
       authenticate: struct AUTHENTICATE_MESSAGE
          Signature                : 'NTLMSSP'
          MessageType              : NtLmAuthenticate (3)
          LmChallengeResponseLen   : 0x0000 (0)
          LmChallengeResponseMaxLen: 0x0000 (0)
          LmChallengeResponse      : *
              LmChallengeResponse      : union ntlmssp_LM_RESPONSE_with_len(case 0)
          NtChallengeResponseLen   : 0x0000 (0)
          NtChallengeResponseMaxLen: 0x0000 (0)
          NtChallengeResponse      : *
              NtChallengeResponse      : union ntlmssp_NTLM_RESPONSE_with_len(case 0)
          DomainNameLen            : 0x0000 (0)
          DomainNameMaxLen         : 0x0000 (0)
          DomainName               : *
              DomainName               : ''
          UserNameLen              : 0x0000 (0)
          UserNameMaxLen           : 0x0000 (0)
          UserName                 : *
              UserName                 : ''
          WorkstationLen           : 0x0000 (0)
          WorkstationMaxLen        : 0x0000 (0)
          Workstation              : *
              Workstation              : ''
          EncryptedRandomSessionKeyLen: 0x0010 (16)
          EncryptedRandomSessionKeyMaxLen: 0x0010 (16)
          EncryptedRandomSessionKey: *
              EncryptedRandomSessionKey: DATA_BLOB length=16
  [0000] 81 EE CC 4D B3 48 F7 A9   57 E9 E6 94 B7 55 59 DE   ...M.H.. W....UY.
          NegotiateFlags           : 0x62008a15 (1644202517)
                 1: NTLMSSP_NEGOTIATE_UNICODE
                 0: NTLMSSP_NEGOTIATE_OEM
                 1: NTLMSSP_REQUEST_TARGET
                 0: NTLMSSP_NEGOTIATE_OEM
                 1: NTLMSSP_REQUEST_TARGET
                 1: NTLMSSP_NEGOTIATE_SIGN
                 0: NTLMSSP_NEGOTIATE_SEAL
                 0: NTLMSSP_NEGOTIATE_DATAGRAM
                 0: NTLMSSP_NEGOTIATE_LM_KEY
                 0: NTLMSSP_NEGOTIATE_NETWARE
                 1: NTLMSSP_NEGOTIATE_NTLM
                 0: NTLMSSP_NEGOTIATE_NT_ONLY
                 1: NTLMSSP_ANONYMOUS
                 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED
                 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED
                 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL
                 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN
                 0: NTLMSSP_TARGET_TYPE_DOMAIN
                 0: NTLMSSP_TARGET_TYPE_SERVER
                 0: NTLMSSP_TARGET_TYPE_SHARE
                 0: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
                 0: NTLMSSP_NEGOTIATE_IDENTIFY
                 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY
                 0: NTLMSSP_NEGOTIATE_TARGET_INFO
                 1: NTLMSSP_NEGOTIATE_VERSION
                 1: NTLMSSP_NEGOTIATE_128
                 1: NTLMSSP_NEGOTIATE_KEY_EXCH
                 0: NTLMSSP_NEGOTIATE_56
          Version: struct ntlmssp_VERSION
              ProductMajorVersion      : NTLMSSP_WINDOWS_MAJOR_VERSION_6 (6)
              ProductMinorVersion      : NTLMSSP_WINDOWS_MINOR_VERSION_1 (1)
              ProductBuild             : 0x0000 (0)
              Reserved: ARRAY(3)
                  [0]                      : 0x00 (0)
                  [1]                      : 0x00 (0)
                  [2]                      : 0x00 (0)
              NTLMRevisionCurrent      : NTLMSSP_REVISION_W2K3 (15)
[2019/10/15 07:06:26.590148,  3, pid=12457, effective(0, 0), real(0, 0), class=auth] ../../auth/ntlmssp/ntlmssp_client.c:761(ntlmssp_client_challenge)
  NTLMSSP: Set final flags:
[2019/10/15 07:06:26.590160,  3, pid=12457, effective(0, 0), real(0, 0), class=auth] ../../auth/ntlmssp/ntlmssp_util.c:72(debug_ntlmssp_flags)
  Got NTLMSSP neg_flags=0x62008a15
    NTLMSSP_NEGOTIATE_UNICODE
    NTLMSSP_REQUEST_TARGET
    NTLMSSP_NEGOTIATE_SIGN
    NTLMSSP_NEGOTIATE_NTLM
    NTLMSSP_ANONYMOUS
    NTLMSSP_NEGOTIATE_ALWAYS_SIGN
    NTLMSSP_NEGOTIATE_VERSION
    NTLMSSP_NEGOTIATE_128
    NTLMSSP_NEGOTIATE_KEY_EXCH
[2019/10/15 07:06:26.590195,  3, pid=12457, effective(0, 0), real(0, 0), class=auth] ../../auth/ntlmssp/ntlmssp_sign.c:514(ntlmssp_sign_reset)
  NTLMSSP Sign/Seal - Initialising with flags:
[2019/10/15 07:06:26.590195,  3, pid=12457, effective(0, 0), real(0, 0), class=auth] ../../auth/ntlmssp/ntlmssp_sign.c:514(ntlmssp_sign_reset)
  NTLMSSP Sign/Seal - Initialising with flags:
[2019/10/15 07:06:26.590206,  3, pid=12457, effective(0, 0), real(0, 0), class=auth] ../../auth/ntlmssp/ntlmssp_util.c:72(debug_ntlmssp_flags)
  Got NTLMSSP neg_flags=0x62008a15
    NTLMSSP_NEGOTIATE_UNICODE
    NTLMSSP_REQUEST_TARGET
    NTLMSSP_NEGOTIATE_SIGN
    NTLMSSP_NEGOTIATE_NTLM
    NTLMSSP_ANONYMOUS
    NTLMSSP_NEGOTIATE_ALWAYS_SIGN
    NTLMSSP_NEGOTIATE_VERSION
    NTLMSSP_NEGOTIATE_128
    NTLMSSP_NEGOTIATE_KEY_EXCH
[2019/10/15 07:06:26.590240,  5, pid=12457, effective(0, 0), real(0, 0), class=auth] ../../auth/ntlmssp/ntlmssp_sign.c:638(ntlmssp_sign_reset)
  NTLMSSP Sign/Seal - using NTLM1
[2019/10/15 07:06:26.590268, 10, pid=12457, effective(0, 0), real(0, 0), class=auth] ../../auth/gensec/gensec.c:455(gensec_update_send)
  gensec_update_send: ntlmssp[0x5625297aa300]: subreq: 0x562529bcbfd0
[2019/10/15 07:06:26.590283, 10, pid=12457, effective(0, 0), real(0, 0), class=auth] ../../auth/gensec/gensec.c:455(gensec_update_send)
  gensec_update_send: spnego[0x56252a561b00]: subreq: 0x562529ff3510
[2019/10/15 07:06:26.590298, 10, pid=12457, effective(0, 0), real(0, 0), class=auth] ../../auth/gensec/gensec.c:512(gensec_update_done)
  gensec_update_done: ntlmssp[0x5625297aa300]: NT_STATUS_OK tevent_req[0x562529bcbfd0/../../auth/ntlmssp/ntlmssp.c:180]: state[2] error[0 (0x0)]  state[struct gensec_ntlmssp_update_state (0x562529bcc180)] timer[(nil)] finish[../../auth/ntlmssp/ntlmssp.c:222]
[2019/10/15 07:06:26.590320, 10, pid=12457, effective(0, 0), real(0, 0), class=auth] ../../auth/gensec/gensec.c:512(gensec_update_done)
  gensec_update_done: spnego[0x56252a561b00]: NT_STATUS_MORE_PROCESSING_REQUIRED tevent_req[0x562529ff3510/../../auth/gensec/spnego.c:1600]: state[2] error[0 (0x0)]  state[struct gensec_spnego_update_state (0x562529ff36c0)] timer[(nil)] finish[../../auth/gensec/spnego.c:2070]
[2019/10/15 07:06:26.590744,  3, pid=12457, effective(0, 0), real(0, 0)] ../../source3/libsmb/cliconnect.c:1693(cli_session_setup_creds_done_spnego)
  SPNEGO login failed: {Access Denied} A process has requested access to an object but has not been granted those access rights.
[2019/10/15 07:06:26.590770,  1, pid=12457, effective(0, 0), real(0, 0), class=winbind] ../../source3/winbindd/winbindd_cm.c:1255(cm_prepare_connection)
  anonymous session setup to aswserver.asw.aswglobal.net failed with NT_STATUS_ACCESS_DENIED
[2019/10/15 07:06:26.590799,  1, pid=12457, effective(0, 0), real(0, 0), class=winbind] ../../source3/winbindd/winbindd_cm.c:1305(cm_prepare_connection)
  Failed to prepare SMB connection to aswserver.asw.aswglobal.net: NT_STATUS_ACCESS_DENIED
[2019/10/15 07:06:26.590817, 10, pid=12457, effective(0, 0), real(0, 0), class=tdb] ../../source3/lib/gencache.c:222(gencache_set_data_blob)
  gencache_set_data_blob: Adding cache entry with key=[NEG_CONN_CACHE/ASW,aswserver.asw.aswglobal.net] and timeout=[Tue Oct 15 07:07:26 2019 EDT] (60 seconds ahead)
[2019/10/15 07:06:26.590838,  9, pid=12457, effective(0, 0), real(0, 0)] ../../source3/libsmb/conncache.c:189(add_failed_connection_entry)
  add_failed_connection_entry: added domain ASW (aswserver.asw.aswglobal.net) to failed conn cache
[2019/10/15 07:06:26.590851, 10, pid=12457, effective(0, 0), real(0, 0), class=tdb] ../../source3/lib/gencache.c:276(gencache_del)
  Deleting cache entry (key=[SAFJOIN/DOMAIN/ASW])
[2019/10/15 07:06:26.590864, 10, pid=12457, effective(0, 0), real(0, 0), class=tdb] ../../source3/lib/gencache.c:276(gencache_del)
  Deleting cache entry (key=[SAF/DOMAIN/ASW])
[2019/10/15 07:06:26.590876, 10, pid=12457, effective(0, 0), real(0, 0), class=tdb] ../../source3/lib/gencache.c:222(gencache_set_data_blob)
  gencache_set_data_blob: Adding cache entry with key=[NEG_CONN_CACHE/ASW.aswglobal.net,aswserver.asw.aswglobal.net] and timeout=[Tue Oct 15 07:07:26 2019 EDT] (60 seconds ahead)
[2019/10/15 07:06:26.590893,  9, pid=12457, effective(0, 0), real(0, 0)] ../../source3/libsmb/conncache.c:189(add_failed_connection_entry)
  add_failed_connection_entry: added domain asw.aswglobal.net (aswserver.asw.aswglobal.net) to failed conn cache
[2019/10/15 07:06:26.590906, 10, pid=12457, effective(0, 0), real(0, 0), class=tdb] ../../source3/lib/gencache.c:276(gencache_del)
  Deleting cache entry (key=[SAFJOIN/DOMAIN/ASW.ASWGLOBAL.NET])
[2019/10/15 07:06:26.590918, 10, pid=12457, effective(0, 0), real(0, 0), class=tdb] ../../source3/lib/gencache.c:276(gencache_del)
  Deleting cache entry (key=[SAF/DOMAIN/ASW.ASWGLOBAL.NET])
[2019/10/15 07:06:26.590958, 10, pid=12457, effective(0, 0), real(0, 0), class=winbind] ../../source3/winbindd/winbindd_cm.c:406(set_domain_offline)

I have a simple out of box smb.conf:

[global]
        bind interfaces only = yes
        interfaces = 127.0.0.1 10.0.0.40
        netbios name = ASW-OTHER
        realm = OTHER.ASWGLOBAL.NET
        server role = active directory domain controller
        server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate
        workgroup = OTHER
        idmap_ldb:use rfc2307 = yes
        log file = /var/log/samba/log.%m
        max log size = 1000
        panic action = /usr/share/samba/panic-action %d

[sysvol]
        path = /var/lib/samba/sysvol
        read only = No

[netlogon]
        path = /var/lib/samba/sysvol/ops.aswglobal.net/scripts
        read only = No
wbinfo --online-status
BUILTIN : active connection
OTHER : active connection
ASW : no active connection



More information about the samba mailing list