[Samba] access to share with dns alias hostname
Rowland penny
rpenny at samba.org
Thu Sep 26 18:06:57 UTC 2019
On 26/09/2019 17:51, banda bassotti wrote:
> yes nothing
>
> # ps ax | grep '[n]mdb'
> #
Hmm, I expected you to get a result.
So, why are there these lines in the DC smb.conf:
server services = -dns -smb +s3fs -nbt
server role check:inhibit = yes
# use nmbd; to disable set samba4/service/nmb to s4
nmbd_proxy_logon:cldap_server=127.0.0.1
It looks to me (and I could be wrong) that they are turning off the
'nbt' portion of the 'samba' daemon and trying to run 'nmdb' instead,
this is not allowed.
Another thing that amused me was that they seem to have gone to all the
trouble of creating certificates (why else put them in smb.conf) and
then they turn off ldaps with 'ldap server require strong auth = no'
They also seem to add numerous default lines and lines that I would
never add, for instance:
idmap config * : range = 300000-400000
That will do nothing on a DC.
Are you sure that you haven't added anything to the DC smb.conf ?
I am loathe to tell you to remove any lines, because something in UCS
may depend on them (it shouldn't) and it may actually just put them back.
There is nothing intrinsically wrong with your smb.conf on the 'member
server', I think you just need to add a cifs SPN to the computers object
in AD, something like this, run on the DC:
samba-tool spn add cifs/fs1 fs1$
This should add the SPN to the computer, you will need to create a
keytab and copy it to fs1 and merge it with any existing keytab.
You will also need to make whatever is mounting whatever you are
mounting aware of the new SPN.
Rowland
More information about the samba
mailing list