[Samba] Windows 10 cannot connect without SMB1
K. R. Foley
kr at cybsft.com
Sun Feb 28 20:30:15 UTC 2021
On 2/28/21 1:55 PM, Rowland penny via samba wrote:
> On 28/02/2021 19:17, K. R. Foley wrote:
>>
>> Okay. Turns out the problem with the script was that the
>> /etc/resolv.conf had been overwritten. After I resolved that, I was
>> able to run the script and capture the output below:
>>
>> Collected config --- 2021-02-28-12:54 -----------
>>
>> -
>> -----------
>> Checking file: /etc/resolv.conf
>> ; generated by /usr/sbin/dhclient-script
>> search local.richardshapiro.com
>> nameserver 10.50.20.87
>
>
> OK, you need to find out what is running /usr/sbin/dhclient-script and
> stop it.
I will deal with this.
>
>> -----------
>> Checking file: /etc/nsswitch.conf
>>
>> passwd: files sss
>> shadow: files sss
>> group: files sss
>> #initgroups: files sss
>
>
> If sssd is installed, I would remove it, then replace all the 'sss'
> with 'winbind' except on the 'shadow' line, which should just be
> 'files'. You will also need to create the winbind links :
> https://wiki.samba.org/index.php/Configuring_Winbindd_on_a_Samba_AD_DC
>
> Note: Apart from removing the 'sss', you only need to do this if you
> want your users to login to the DC.
>
Done.
>> -----------
>> Checking file: /usr/local/samba/etc/smb.conf
>> # Global parameters
>> [global]
>> netbios name = SS-PROD
>> realm = LOCAL.RICHARDSHAPIRO.COM
>> server role = active directory domain controller
>> server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
>> winbindd, ntp_signd, kcc, dnsupdate
>> workgroup = LOCAL
>> idmap_ldb:use rfc2307 = yes
>> #log level = 10
>> [sysvol]
>> path = /usr/local/samba/var/locks/sysvol
>> read only = No
>>
>> [netlogon]
>> path =
>> /usr/local/samba/var/locks/sysvol/local.richardshapiro.com/scripts
>> read only = No
>> -----------
>> Detected bind DLZ enabled..
>> Warning, detected bind is enabled in smb.conf, but no /etc/bind
>> directory found
>
>
> Your smb.conf shows that you are using bind9, but as the script was
> written for Debian, your bind (named) files are all in
> /etc/named.conf, so can you post that file.
>
>
Contents of /etc/named.conf
# Global Configuration Options
options {
auth-nxdomain yes;
directory "/var/named";
notify no;
empty-zones-enable no;
# IP addresses and network ranges allowed to query the DNS server:
allow-query {
127.0.0.1;
10.50.20.0/24;
192.168.100.0/24;
#10.99.1.0/24;
};
# IP addresses and network ranges allowed to run recursive queries:
# (Zones not served by this DNS server)
allow-recursion {
127.0.0.1;
10.50.20.0/24;
192.168.100.0/24;
#10.1.1.0/24;
};
# Forward queries that can not be answered from own zones
# to these DNS servers:
# forwarders {
# 8.8.8.8;
# 8.8.4.4;
# };
# Disable zone transfers
allow-transfer {
none;
};
tkey-gssapi-keytab "/usr/local/samba/bind-dns/dns.keytab";
minimal-responses yes;
};
# Root Servers
# (Required for recursive DNS queries)
zone "." {
type hint;
file "named.root";
};
# localhost zone
zone "localhost" {
type master;
file "master/localhost.zone";
};
# 127.0.0. zone.
zone "0.0.127.in-addr.arpa" {
type master;
file "master/0.0.127.zone";
};
include "/usr/local/samba/bind-dns/named.conf";
More information about the samba
mailing list