[Samba] User mapping?

Mon Aug 10 09:30:39 UTC 2020

@Nick, Yes, windows keeps trying to remove smb1 from  you computer. 
Always check it again after you have problems with old servers. 

@Rowland:
> You must be lucky, I cannot get them to work unless I set 'server max 
> protocol = NT1'
Even if you make sure SMB1 client is enabled in windows 10 client? 
Should work, not seeing any problems here and i still have 2 smb1 servers running.

Greetz, 

Louis

> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Simon Matthews via samba
> Verzonden: vrijdag 7 augustus 2020 23:45
> Aan: sambalist
> Onderwerp: Re: [Samba] User mapping?
> 
> On 8/7/20 1:57 PM, Simon Matthews wrote:
> > On 8/7/20 12:58 PM, Rowland penny via samba wrote:
> >> On 07/08/2020 20:12, Simon Matthews wrote:
> >>>
> >>> The client is running CentOS 7:
> >>>
> >>> # cat /etc/redhat-release
> >>> CentOS Linux release 7.8.2003 (Core)
> >>>
> >>> After another attempt, I have successfully joined the 
> linux client to
> >>> the domain:
> >>>
> >>> # net rpc join MEMBER  -S raidserver -U root%<password>
> >>> Using short domain name -- BLUE
> >>> Joined 'TURQUOISE' to domain 'BLUE'
> >>>
> >>> Note that the hostname of the Linux client is actually 
> "H2". Turquoise
> >>> is a hold over from what it was earlier. "turquoise" 
> resolves on the
> >>> network:
> >>>
> >>> $ ping turquoise
> >>> PING h2.sj.bps (192.168.254.105) 56(84) bytes of data.
> >>> 64 bytes from h2.sj.bps (192.168.254.105): icmp_seq=1 ttl=64
> >>> time=0.264 ms
> >> I would suggest you stop it resolving if it has gone away.
> >>>
> >>> Client config:
> >>> =========
> >>>
> >>> [global]
> >>>
> >>>
> >>>    workgroup = BLUE
> >>>    password server = raidserver
> >>>    security = domain
> >>>    idmap config * : range = 16777216-33554431
> >>
> >> This is where your problems start, you do not have enough lines, I
> >> would expect something like this:
> >>
> >>     idmap config * : backend = tdb
> >>     idmap config * : range = 100000-9999999
> >>     idmap config BLUE : backend = rid
> >>     idmap config BLUE : range = 500-99999
> >>
> >>> template shell = /bin/false
> >>>    kerberos method = secrets only
> >> You do not use kerberos with a PDC
> >>> winbind use default domain = false
> >> If you want to remove the domain name 'BLUE\' from users 
> and groups,
> >> change 'false' to 'yes'
> >>>
> >>>    winbind offline logon = true
> >>>    username map = /etc/samba/usermap.txt    # This file is empty.
> >>>
> >>>     server string = Samba Server Version %v
> >>>
> >>>     netbios name = TURQUOISE
> >> If the clients name isn't 'turquoise' remove the above line and let
> >> Samba set it for you.
> >>> # client ntlmv2 auth = yes
> >>>     # ntlm auth = no
> >>>
> >>>     interfaces = lo eth1
> >>>
> >>>     local master = no
> >>>     os level = 20
> >>>     preferred master = no
> >>>
> >>>     wins support = no
> >>
> >> Might be an idea to replace the above line with 'wins 
> server = <PDC IP>'
> >>
> >> Add this line:
> >>
> >> client max protocol = NT1
> >>
> >>>
> >>> Config on PDC (raidserver):
> >>> =================
> >>
> >> Not a lot wrong with the PDC smb.conf
> >>
> >> Again, can I stress that it would be a very good idea to 
> upgrade to AD,
> >
> > Yes, but I have limited resources for IT and the upgrade to AD is
> > somewhat intrusive to the network (I am thinking of the 
> impact to DNS).
> >
> > The changes you suggested have worked. Thank you very much.
> 
> No, I was wrong about this. The name mapping is correct but 
> the numeric
> IDs are different, so I still have permission issues:
> 
> # ls -al
> total 28
> drwxrwxrwx.  4 <user> blue 4096 Aug  7 14:40 .
> drwxr-xr-x. 12 <user> blue 4096 Aug  6 13:06 ..
> drwxr-xr-x.  2 <user> blue 4096 Aug  7 14:40 New folder
> 
> "New folder" is an empty folder I created from the Windows 
> machine after
> setting the directory perms to 777. However, when we look at 
> the actual
> UIDs:
> 
> # ls -aln
> total 28
> drwxrwxrwx.  4     2002      441 4096 Aug  7 14:40 .
> drwxr-xr-x. 12     2002      441 4096 Aug  6 13:06 ..
> drwxr-xr-x.  2 16777216 16777222 4096 Aug  7 14:40 New folder
> 
> Simon
> 
> 
> Blue Pearl Software, Inc. will collect and process 
> information about you that may be subject to data protection 
> laws. For more information about how we use and disclose your 
> personal information, how we protect your information, our 
> legal basis to use your information, your rights and who you 
> can contact, please refer to the relevant sections of our 
> Privacy note at www.bluepearlsoftware.com/privacypolicy.
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
> 