[Samba] access to share with dns alias hostname

banda bassotti bandabasotti at gmail.com
Fri Sep 27 04:47:35 UTC 2019 

ciao,  adding the lines below

  kerberos method = dedicated keytab
  dedicated keytab file = /etc/samba/fs.keytab

and the spn for the old machine authentication works correctly.

thanks for support.

Il giorno gio 26 set 2019 alle ore 20:07 Rowland penny via samba <
samba at lists.samba.org> ha scritto:

> On 26/09/2019 17:51, banda bassotti wrote:
> > yes nothing
> >
> > # ps ax | grep '[n]mdb'
> > #
>
> Hmm, I expected you to get a result.
>
> So, why are there these lines in the DC smb.conf:
>
>          server services = -dns -smb +s3fs -nbt
>
>          server role check:inhibit = yes
>          # use nmbd; to disable set samba4/service/nmb to s4
>          nmbd_proxy_logon:cldap_server=127.0.0.1
>
> It looks to me (and I could be wrong) that they are turning off the
> 'nbt' portion of the 'samba' daemon and trying to run 'nmdb' instead,
> this is not allowed.
>
> Another thing that amused me was that they seem to have gone to all the
> trouble of creating certificates (why else put them in smb.conf) and
> then they turn off ldaps with 'ldap server require strong auth = no'
>
> They also seem to add numerous default lines and lines that I would
> never add, for instance:
>
>          idmap config * : range = 300000-400000
>
> That will do nothing on a DC.
>
> Are you sure that you haven't added anything to the DC smb.conf ?
>
> I am loathe to tell you to remove any lines, because something in UCS
> may depend on them (it shouldn't) and it may actually just put them back.
>
> There is nothing intrinsically wrong with your smb.conf on the 'member
> server', I think you just need to add a cifs SPN to the computers object
> in AD, something like this, run on the DC:
>
> samba-tool spn add cifs/fs1 fs1$
>
> This should add the SPN to the computer, you will need to create a
> keytab and copy it to fs1 and merge it with any existing keytab.
>
> You will also need to make whatever is mounting whatever you are
> mounting aware of the new SPN.
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list