[Samba] Problem connecting Samba and Windows Active Directory
Rowland Penny
rpenny at samba.org
Wed Aug 25 11:06:54 UTC 2021
On Wed, 2021-08-25 at 10:39 +0000, Luca Bertoncello via samba wrote:
> Hi Rowland,
>
> hier the smb.conf:
>
> -------------------------------------
> [global]
> server string = NAS Mediaserver
> interfaces = lo, eno1
> bind interfaces only = yes
> wins server = ad01.ad.queo.org, ad02.ad.queo.org
> name resolve order = wins, host
> multicast dns register = no
> enable core files = no
> log file = /var/log/samba/log.%m
> log level = 1
> deadtime = 15
> disable netbios = yes
> lm announce = no
> local master = no
> enhanced browsing = no
> reset on zero vc = yes
> kernel share modes = no
> posix locking = no
> strict locking = no
> use sendfile = yes
> async smb echo handler = yes
> host msdfs = no
> csc policy = disable
>
> case sensitive = yes
> mangled names = no
> hide unreadable = yes
> hide files = /lost+found/
> hide dot files = no
> veto files =
> /.DS_Store/._.DS_Store/._.TemporaryItems/.TemporaryItems/Thumbs.db/
> delete veto files = yes
>
> workgroup = AD-QUEO-ORG
> realm = AD.QUEO.ORG
> server role = MEMBER
> server services = +smb
> security = ADS
> kerberos method = system keytab
> obey pam restrictions = no
> map to guest = Bad User
> guest account = nobody
> client signing = auto
> client min protocol = NT1
> server signing = auto
> server min protocol = NT1
> create krb5 conf = no
> acl map full control = no
> idmap config * : range = 2000-10000
> idmap config AD-QUEO-ORG : backend = ad
> idmap config AD-QUEO-ORG : range = 200000-1000200000
> idmap config AD-QUEO-ORG : unix_primary_group = yes
> idmap config AD-QUEO-ORG : schema_mode = rfc2307
> idmap config AD-QUEO-ORG : unix_nss_info = yes
> winbind cache time = 600
> winbind enum users = yes
> winbind enum groups = yes
> winbind refresh tickets = yes
> winbind use default domain = true
> winbind nss info = rfc2307
> utmp = no
> load printers = No
> disable spoolss = yes
> printing = bsd
> printcap name = /dev/null
>
> template homedir = /home/%U
> template shell = /bin/bash
>
> [queo.communication]
> comment = Media Share
> path = /srv/hdd-mirror1/media-share/queo.communication
> valid users = "@AD-QUEO-ORG\Funktion - Zugriff
> Netzwerkfreigaben"
> force user = mediashare
> force group = mediashare
> read only = No
> directory mask = 0755
> force directory mode = 0755
> create mask = 0644
> force create mode = 0644
> vfs objects = shadow_copy2
> shadow:snapdir = .zfs/snapshot
> shadow:sort = desc
> shadow: format = -%Y-%m-%d-%H%M
> shadow: snapprefix = ^zfs-auto-
> snap_\(frequent\)\{0,1\}\(hourly\)\{0,1\}\(daily\)\{0,1\}\(monthly\)\
> {0,1\}
> shadow: delimiter = -20
>
I should also have asked what your AD server is ?
Do you realise that with 'disable netbios = yes' in your smb.conf, you
have turned off wins ?
More to follow when I find out what your DC is.
Rowland
More information about the samba
mailing list