[Samba] access to share with dns alias hostname
banda bassotti
bandabasotti at gmail.com
Thu Sep 26 14:19:09 UTC 2019
Hi, below the required files:
smb.conf of ucs master:
[global]
logging = file
max log size = 0
netbios name = ucs
server role = active directory domain controller
name resolve order = wins host bcast
server string = Univention Corporate Server
server services = -dns -smb +s3fs -nbt
server role check:inhibit = yes
# use nmbd; to disable set samba4/service/nmb to s4
nmbd_proxy_logon:cldap_server=127.0.0.1
workgroup = LAN
realm = LAN.CORP
tls enabled = yes
tls keyfile = /etc/univention/ssl/
ucsdc.comune.padova.it/private.key
tls certfile = /etc/univention/ssl/
ucsdc.comune.padova.it/cert.pem
tls cafile = /etc/univention/ssl/ucsCA/CAcert.pem
tls verify peer = ca_and_name
ldap server require strong auth = no
dsdb:schema update allowed = no
max open files = 32808
ntlm auth = yes
machine password timeout = 0
acl allow execute always = True
# ignore interfaces in samba/register/exclude/interfaces
bind interfaces only = yes
interfaces = lo eth0
kccsrv:samba_kcc = False
debug hirestimestamp = yes
debug pid = yes
winbind separator = +
template shell = /bin/bash
template homedir = /home/%D-%U
idmap config * : backend = tdb
idmap config * : range = 300000-400000
passwd chat = *New*password* %n\n *Re-enter*new*password* %n\n
*password*changed*
obey pam restrictions = yes
encrypt passwords = yes
spoolss: architecture = Windows x64
; domain service lookup related settings
preferred master = yes
local master = yes
domain master = yes
wins support = yes
; miscellaneous settings, mostly for file services
oplocks = yes
large readwrite = yes
read raw = yes
write raw = yes
max xmit = 65535
acl:search = no
host msdfs = yes
kernel oplocks = yes
deadtime = 15
getwd cache = yes
wide links = no
store dos attributes = yes
logon home = \\ucs\%U
logon drive = I:
logon path = \\ucs\%U\windows-profiles\%a
preserve case = yes
short preserve case = yes
guest account = nobody
map to guest = Bad User
admin users = administrator join-backup
usershare max shares = 0
smb.conf of new member server:
[global]
workgroup = LAN
realm = lan.corp
netbios name = fs1
netbios aliases = oldsamba3
security = ADS
logging = file
log level = 1 auth_audit:3
log file = /var/log/samba/%m.log
idmap config *:backend = tdb
idmap config *:range = 300000-400000
idmap config LAN:backend = rid
idmap config LAN:range = 500000-700000
vfs objects = acl_xattr full_audit
map acl inherit = Yes
store dos attributes = Yes
winbind separator = +
winbind use default domain = yes
winbind offline logon = yes
winbind cache time = 3600
winbind enum groups = yes
winbind enum users = yes
template homedir = /home/%U
usershare allow guests = yes
usershare path =
username map = /etc/samba/user.map
Il giorno gio 26 set 2019 alle ore 13:05 Rowland penny via samba <
samba at lists.samba.org> ha scritto:
> On 26/09/2019 11:44, banda bassotti wrote:
> > Hi, no it doesn't work:
> >
> > [2019/09/26 12:06:18.715651, 1]
> > ../../source3/librpc/crypto/gse.c:660(gse_get_server_auth_token)
> > gss_accept_sec_context failed with [ Miscellaneous failure (see
> > text): Failed to find cifs/oldsamba at lan.corp(kvno 107) in keytab
> > MEMORY:cifs_srv_keytab (arcfour-hmac-md5)]
> >
> > rowland, you are right we have before migrated the old samba3 domain
> > to a new UCS (univention).
>
> Then a question:
>
> Are you paying UCS anything ?
>
> If so, get them to sort it out for you, that is what you are paying for.
>
> If not, then post the smb.conf from the UCS machine and the smb.conf
> from the old machine.
>
> Rowland
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list