[Samba] Problem connecting Samba and Windows Active Directory

Rowland Penny rpenny at samba.org
Wed Aug 25 11:06:54 UTC 2021


On Wed, 2021-08-25 at 10:39 +0000, Luca Bertoncello via samba wrote:
> Hi Rowland,
> 
> hier the smb.conf:
> 
> -------------------------------------
> [global]
>         server string = NAS Mediaserver
>         interfaces = lo, eno1
>         bind interfaces only = yes
>         wins server = ad01.ad.queo.org, ad02.ad.queo.org
>         name resolve order = wins, host
>         multicast dns register = no
>         enable core files = no
>         log file = /var/log/samba/log.%m
>         log level = 1
>         deadtime = 15
>         disable netbios = yes
>         lm announce = no
>         local master = no
>         enhanced browsing = no
>         reset on zero vc = yes
>         kernel share modes = no
>         posix locking = no
>         strict locking = no
>         use sendfile = yes
>         async smb echo handler = yes
>         host msdfs = no
>         csc policy = disable
> 
>         case sensitive = yes
>         mangled names = no
>         hide unreadable = yes
>         hide files = /lost+found/
>         hide dot files = no
>         veto files =
> /.DS_Store/._.DS_Store/._.TemporaryItems/.TemporaryItems/Thumbs.db/
>         delete veto files = yes
> 
>         workgroup = AD-QUEO-ORG
>         realm = AD.QUEO.ORG
>         server role = MEMBER
>         server services = +smb
>         security = ADS
>         kerberos method = system keytab
>         obey pam restrictions = no
>         map to guest = Bad User
>         guest account = nobody
>         client signing = auto
>         client min protocol = NT1
>         server signing = auto
>         server min protocol = NT1
>         create krb5 conf = no
>         acl map full control = no
>         idmap config * : range = 2000-10000
>         idmap config AD-QUEO-ORG : backend = ad
>         idmap config AD-QUEO-ORG : range = 200000-1000200000
>         idmap config AD-QUEO-ORG : unix_primary_group = yes
>         idmap config AD-QUEO-ORG : schema_mode = rfc2307
>         idmap config AD-QUEO-ORG : unix_nss_info = yes
>         winbind cache time = 600
>         winbind enum users = yes
>         winbind enum groups = yes
>         winbind refresh tickets = yes
>         winbind use default domain = true
>         winbind nss info = rfc2307
>         utmp = no
>         load printers = No
>         disable spoolss = yes
>         printing = bsd
>         printcap name = /dev/null
> 
>         template homedir = /home/%U
>         template shell = /bin/bash
> 
> [queo.communication]
>         comment = Media Share
>         path = /srv/hdd-mirror1/media-share/queo.communication
>         valid users = "@AD-QUEO-ORG\Funktion - Zugriff
> Netzwerkfreigaben"
>         force user = mediashare
>         force group = mediashare
>         read only = No
>         directory mask = 0755
>         force directory mode = 0755
>         create mask = 0644
>         force create mode = 0644
>         vfs objects = shadow_copy2
>         shadow:snapdir = .zfs/snapshot
>         shadow:sort = desc
>         shadow: format = -%Y-%m-%d-%H%M
>         shadow: snapprefix = ^zfs-auto-
> snap_\(frequent\)\{0,1\}\(hourly\)\{0,1\}\(daily\)\{0,1\}\(monthly\)\
> {0,1\}
>         shadow: delimiter = -20
> 

I should also have asked what your AD server is ?

Do you realise that with 'disable netbios = yes' in your smb.conf, you
have turned off wins ?

More to follow when I find out what your DC is.

Rowland





More information about the samba mailing list