[Samba] Problem connecting Samba and Windows Active Directory

Rowland Penny rpenny at samba.org
Wed Aug 25 11:25:48 UTC 2021 

On Wed, 2021-08-25 at 11:11 +0000, Luca Bertoncello via samba wrote:
> Hi Rowland,
> 
> the AD Servers are Windows Server 2019.
> 
> And I didn't realized that "disable netbios = yes" turns off wins...
> I tried commenting the line and restarting Samba and winbind, but it
> still does not work...
> 

Then you don't need wins at all and really shouldn't be using it, AD
relies on dns not wins.

Try this smb.conf:

[global]
        workgroup = AD-QUEO-ORG
        realm = AD.QUEO.ORG
        security = ADS
        server string = NAS Mediaserver
        interfaces = lo, eno1
        bind interfaces only = yes
        log file = /var/log/samba/log.%m
        log level = 1
        deadtime = 15
        disable netbios = yes
        kernel share modes = no
        posix locking = no
        strict locking = no
        use sendfile = yes
        async smb echo handler = yes
        host msdfs = no
        csc policy = disable
        case sensitive = yes
        mangled names = no
        hide unreadable = yes
        hide files = /lost+found/
        hide dot files = no
        veto files =
/.DS_Store/._.DS_Store/._.TemporaryItems/.TemporaryItems/Thumbs.db/
        delete veto files = yes
        kerberos method = system keytab
        map to guest = Bad User
        create krb5 conf = no
        acl map full control = no
        idmap config * : range = 2000-10000
        idmap config AD-QUEO-ORG : backend = ad
        idmap config AD-QUEO-ORG : range = 200000-1000200000
        idmap config AD-QUEO-ORG : unix_primary_group = yes
        idmap config AD-QUEO-ORG : schema_mode = rfc2307
        idmap config AD-QUEO-ORG : unix_nss_info = yes
        winbind cache time = 600
        winbind refresh tickets = yes
        winbind use default domain = true
        load printers = No
        disable spoolss = yes
        printing = bsd
        printcap name = /dev/null
        template homedir = /home/%U
        template shell = /bin/bash

[queo.communication]
        comment = Media Share
        path = /srv/hdd-mirror1/media-share/queo.communication
        valid users = "@AD-QUEO-ORG\Funktion - Zugriff
Netzwerkfreigaben"
        force user = mediashare
        force group = mediashare
        read only = No
        directory mask = 0755
        force directory mode = 0755
        create mask = 0644
        force create mode = 0644
        vfs objects = shadow_copy2
        shadow:snapdir = .zfs/snapshot
        shadow:sort = desc
        shadow: format = -%Y-%m-%d-%H%M
        shadow: snapprefix = ^zfs-auto-
snap_\(frequent\)\{0,1\}\(hourly\)\{0,1\}\(daily\)\{0,1\}\(monthly\)\{0
,1\}
        shadow: delimiter = -20

That will ensure that you will be using SMBv2/SMBv3 that your DC
expects.

Rowland

More information about the samba mailing list