[Samba] winbind use default domain = yes doesn't work on Samba 4.13?

Jiří Černý cerny at svmetal.cz
Fri Nov 20 13:45:55 UTC 2020 

Yes.
In the first name, I wrote DOMAIN, but our real workgroup is SVMETAL,
as you cas see in smb.conf.

 [global]
 netbios name = fs0001
 workgroup = SVMETAL
 security = ADS
 realm = SAMDOM.SVMETAL.CZ
 dedicated keytab file = /etc/krb5.keytab
 kerberos method = secrets and keytab

 acl allow execute always = True
 
 idmap config *:backend = tdb
 idmap config *:range = 70001-99999
 idmap config SVMETAL:backend = ad
 idmap config SVMETAL:schema_mode = rfc2307
 idmap config SVMETAL:range = 500-40000 #for legacy reasons
 idmap config SVMETAL:unix_nss_info = yes
 idmap config SVMETAL:unix_primary_group = yes

 winbind nss info = rfc2307
 winbind use default domain = yes
 winbind refresh tickets = Yes

 log level = 2
 max log size = 1024000

 map to guest = bad user

 load printers = no
 printing = bsd
 printcap name = /dev/null
 disable spoolss = yes

#Enable SMB1
 ntlm auth = yes 
 server min protocol = LANMAN1

 allow insecure wide links = yes

 map acl inherit = Yes
 store dos attributes = Yes

 vfs objects = full_audit acl_xattr btrfs
 vfs_full_audit:prefix = %U|%I|%M|%S
 full_audit:success = unlink rmdir pwrite
 full_audit:failure = none
 full_audit:facility = local5
 full_audit:priority = NOTICE

#BTRFS log errors workaround
 get quota command = /etc/samba/samba-btrfs-quota.sh

#Shares
[Company]
 path = /home/samba/fs0001/Company
 read only = no
 follow symlinks = yes
 wide links = yes
 vfs objects = full_audit acl_xattr recycle btrfs
 recycle:repository = .recycle/%U
 recycle:touch = Yes
 recycle:keeptree = Yes
 recycle:versions = Yes
 recycle:directory_mode = 0777
 recycle:subdir_mode = 0700
 recycle:noversions =
*.tmp,*.temp,*.o,*.obj,*.TMP,*.TEMP,*.db,.~lock*,$*,~$*
 recycle:exclude =
*.tmp,*.temp,*.o,*.obj,*.TMP,*.TEMP,*.db,.~lock*,$*,~$*
 recycle:excludedir = /recycle,/tmp,/temp,/TMP,/TEMP



Thanks
Jiri


>>> Rowland penny <rpenny at samba.org> 19.11.2020 16:26 >>>
On 19/11/2020 15:02, Jiří Černý via samba wrote:
> Hello everybody.
>
> I just upgraded our Fedora fileserver to version 30, which has Samba
> 4.13.2.
>
> So, we have user dmu60evo in our domain, but on client machine, we
are
> not able to use username in format DOMAIN\dmu60evo. So we have to
use
> winbind use default domain = yes.

Please post your smb.conf

Rowland

More information about the samba mailing list