[Samba] access to share with dns alias hostname

Rowland penny rpenny at samba.org
Thu Sep 26 18:06:57 UTC 2019


On 26/09/2019 17:51, banda bassotti wrote:
> yes nothing
>
> # ps ax | grep '[n]mdb'
> #

Hmm, I expected you to get a result.

So, why are there these lines in the DC smb.conf:

         server services = -dns -smb +s3fs -nbt

         server role check:inhibit = yes
         # use nmbd; to disable set samba4/service/nmb to s4
         nmbd_proxy_logon:cldap_server=127.0.0.1

It looks to me (and I could be wrong) that they are turning off the 
'nbt' portion of the 'samba' daemon and trying to run 'nmdb' instead, 
this is not allowed.

Another thing that amused me was that they seem to have gone to all the 
trouble of creating certificates (why else put them in smb.conf) and 
then they turn off ldaps with 'ldap server require strong auth = no'

They also seem to add numerous default lines and lines that I would 
never add, for instance:

         idmap config * : range = 300000-400000

That will do nothing on a DC.

Are you sure that you haven't added anything to the DC smb.conf ?

I am loathe to tell you to remove any lines, because something in UCS 
may depend on them (it shouldn't) and it may actually just put them back.

There is nothing intrinsically wrong with your smb.conf on the 'member 
server', I think you just need to add a cifs SPN to the computers object 
in AD, something like this, run on the DC:

samba-tool spn add cifs/fs1 fs1$

This should add the SPN to the computer, you will need to create a 
keytab and copy it to fs1 and merge it with any existing keytab.

You will also need to make whatever is mounting whatever you are 
mounting aware of the new SPN.

Rowland





More information about the samba mailing list