[Samba] Often errors in logs
Rowland penny
rpenny at samba.org
Wed Oct 7 19:20:40 UTC 2020
On 07/10/2020 19:58, Скогорев Дмитрий Юрьевич wrote:
> Centos 8
> samba 4.12.2
> systemd
When I asked 'how are you running Samba', I meant what as :-D
But your smb.conf tells me.
>
> [global]
> dns forwarder = 8.8.8.8
> netbios name = XX-DC04
> realm = XXXX.XXXX
> server role = active directory domain controller
> workgroup = XX
> idmap_ldb:use rfc2307 = yes
> allow dns updates = nonsecure and secure
> nsupdate command = /usr/bin/nsupdate -g
> log file = /var/log/samba/samba_1802.log
> ntlm auth = yes
Do you really need NTLMv1 ?
> max log size = 50000
> log level = 1 auth:1
> vfs objects = acl_xattr
Ah, that will not help, 'acl_xattr' is one of the default vfs objects
and by setting it, you have turned the other one off, I suggest you
remove the line, you will still get 'acl_xattr', but more importantly,
you will turn the other one back on again.
> map acl inherit = yes
> store dos attributes = yes
> dsdb:schema update allowed = true
You should only have the 'dsdb' set when you are adding a schema extension.
> tls enabled = yes
> tls keyfile = /usr/local/samba/private/tls/dc04_key.pem
> tls certfile = /usr/local/samba/private/tls/dc04_crt.pem
> tls cafile =
> ldap server require strong auth = no
Interesting, you have gone to all the trouble of creating your own
certificates and then told Samba to not bother about it =-O
> [netlogon]
> path = /usr/local/samba/var/locks/sysvol/xxxx.xxxx/scripts
> read only = No
> write ok = Yes
> [sysvol]
> path = /usr/local/samba/var/locks/sysvol
> read only = No
> write ok = Yes
'write ok' is a synonym for 'writeable', which is a reverse synonym for
'read only', or to put it another way, 'read only = No' and 'write ok =
Yes' mean the same, so you only need one of them.
Try making the changes I suggest and see what happens.
Rowland
More information about the samba
mailing list