[Samba] Help - Samba 412 could not use Kerberos name to enter share
Rowland penny
rpenny at samba.org
Sat Jan 23 20:58:30 UTC 2021
On 23/01/2021 19:56, Paul.LKW via samba wrote:
> Dear All:
> I have a freebsd-12.2 new box with Samba-4.12 installed however after
> follow the
> "https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller"
> I find I could not open the share by \\o.o\User\someone but I could
> open the \\o.o\netlogon\without any problem, however if I use
> \\10.10.100.10\Users\someone could be opened but
> \\10.10.100.10\netlogon could not be opened (Asking for
> login/password), below is my config file.
Hmm, this works for myself, but with one difference, you seem to just
using the dns domain name, whereas I used the FQDN of the DC, speaking
of which, it isn't recommended to use a DC as a fileserver.
>
> # Global parameters
> [global]
> dns forwarder = 8.8.8.8
> netbios name = HOME
> realm = O.O
> server role = active directory domain controller
> workgroup = AD
> idmap_ldb:use rfc2307 = yes
> vfs objects = dfs_samba4 zfsacl acl_xattr
> socket options = TCP_NODELAY
I would let the kernel deal with the socket options
>
> [sysvol]
> path = /var/db/samba4/sysvol
> read only = No
>
> [netlogon]
> path = /var/db/samba4/sysvol/o.o/scripts
> read only = No
>
> [Profiles]
> path = /HOME/Profiles
> read only = No
> oplocks = No
ER, no: see here
https://wiki.samba.org/index.php/Roaming_Windows_User_Profiles
But not the 'posix' part.
>
> [Users]
> path = /HOME/Users
> read only = No
> force create mode = 0600
> force directory mode = 0700
> map acl inherit = yes
Again no, you cannot use the 'force' lines etc on a DC
Rowland
More information about the samba
mailing list