[Samba] Problem connecting Samba and Windows Active Directory
Luca Bertoncello
L.Bertoncello at queo-group.com
Wed Aug 25 11:29:36 UTC 2021
Hi Rowland,
So, I tried your file.
Same problem... ☹
On starting I see in syslog:
Aug 25 13:27:57 nasmedia02 winbindd[569167]: [2021/08/25 13:27:57.901160, 0] ../../source3/winbindd/winbindd_cm.c:1873(wb_open_internal_pipe)
Aug 25 13:27:57 nasmedia02 winbindd[569167]: open_internal_pipe: Could not connect to dssetup pipe: NT_STATUS_RPC_INTERFACE_NOT_FOUND
Aug 25 13:27:57 nasmedia02 winbindd[569167]: [2021/08/25 13:27:57.901261, 0] ../../source3/rpc_server/rpc_ncacn_np.c:453(rpcint_dispatch)
Aug 25 13:27:57 nasmedia02 winbindd[569167]: rpcint_dispatch: DCE/RPC fault in call lsarpc:2E - DCERPC_NCA_S_OP_RNG_ERROR
Aug 25 13:27:57 nasmedia02 winbindd[569167]: [2021/08/25 13:27:57.902720, 0] ../../source3/winbindd/wb_lookupsids.c:662(wb_lookupsids_recv)
Aug 25 13:27:57 nasmedia02 winbindd[569167]: res_names->count = 0, expected 1
Any other idea?
Thanks
Luca
-----Ursprüngliche Nachricht-----
Von: samba <samba-bounces at lists.samba.org> Im Auftrag von Rowland Penny via samba
Gesendet: Mittwoch, 25. August 2021 13:26
An: samba at lists.samba.org
Betreff: Re: [Samba] Problem connecting Samba and Windows Active Directory
On Wed, 2021-08-25 at 11:11 +0000, Luca Bertoncello via samba wrote:
> Hi Rowland,
>
> the AD Servers are Windows Server 2019.
>
> And I didn't realized that "disable netbios = yes" turns off wins...
> I tried commenting the line and restarting Samba and winbind, but it
> still does not work...
>
Then you don't need wins at all and really shouldn't be using it, AD relies on dns not wins.
Try this smb.conf:
[global]
workgroup = AD-QUEO-ORG
realm = AD.QUEO.ORG
security = ADS
server string = NAS Mediaserver
interfaces = lo, eno1
bind interfaces only = yes
log file = /var/log/samba/log.%m
log level = 1
deadtime = 15
disable netbios = yes
kernel share modes = no
posix locking = no
strict locking = no
use sendfile = yes
async smb echo handler = yes
host msdfs = no
csc policy = disable
case sensitive = yes
mangled names = no
hide unreadable = yes
hide files = /lost+found/
hide dot files = no
veto files =
/.DS_Store/._.DS_Store/._.TemporaryItems/.TemporaryItems/Thumbs.db/
delete veto files = yes
kerberos method = system keytab
map to guest = Bad User
create krb5 conf = no
acl map full control = no
idmap config * : range = 2000-10000
idmap config AD-QUEO-ORG : backend = ad
idmap config AD-QUEO-ORG : range = 200000-1000200000
idmap config AD-QUEO-ORG : unix_primary_group = yes
idmap config AD-QUEO-ORG : schema_mode = rfc2307
idmap config AD-QUEO-ORG : unix_nss_info = yes
winbind cache time = 600
winbind refresh tickets = yes
winbind use default domain = true
load printers = No
disable spoolss = yes
printing = bsd
printcap name = /dev/null
template homedir = /home/%U
template shell = /bin/bash
[queo.communication]
comment = Media Share
path = /srv/hdd-mirror1/media-share/queo.communication
valid users = "@AD-QUEO-ORG\Funktion - Zugriff Netzwerkfreigaben"
force user = mediashare
force group = mediashare
read only = No
directory mask = 0755
force directory mode = 0755
create mask = 0644
force create mode = 0644
vfs objects = shadow_copy2
shadow:snapdir = .zfs/snapshot
shadow:sort = desc
shadow: format = -%Y-%m-%d-%H%M
shadow: snapprefix = ^zfs-auto-
snap_\(frequent\)\{0,1\}\(hourly\)\{0,1\}\(daily\)\{0,1\}\(monthly\)\{0
,1\}
shadow: delimiter = -20
That will ensure that you will be using SMBv2/SMBv3 that your DC expects.
Rowland
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list