[Samba] R: join member failed
Rowland Penny
rpenny at samba.org
Tue Dec 13 15:33:23 UTC 2022
On 13/12/2022 15:22, Corrado Ravinetto via samba wrote:
>
>> Your join looks successful to me. The dns update error isn't a major issue (which you've already resolved, you say). What do you mean by "can't access to my
>
>> member anymore"? Can you be more specific about what is happening?
>
>
> With smbclient
>
> [root at dm Cerruti]# smbclient -L dm
> Password for [Administrator at LXCERRUTI.COM]:
> gse_get_client_auth_token: gss_init_sec_context failed with [ Miscellaneous failure (see text): TGT has been revoked (cifs/dm at LXCERRUTI.COM)](2529638932)
> gensec_spnego_client_negTokenInit_step: gse_krb5: creating NEG_TOKEN_INIT for cifs/dm failed (next[(null)]): NT_STATUS_LOGON_FAILURE
> Anonymous login successful
>
> Sharename Type Comment
> --------- ---- -------
> Vol1 Disk Home Directory per ogni User
> TexC Disk TexC per controlli finali
> MagFil Disk Share per Magazzino Filati
> LFC Disk Share per Outlet
> McLFC Disk Share per gestione Outlet
> Osra Disk Share per ufficio Paghe
> IPC$ IPC IPC Service (Samba Member - Versione 4.17.3)
> Reconnecting with SMB1 for workgroup listing.
> gse_get_client_auth_token: gss_init_sec_context failed with [ Miscellaneous failure (see text): TGT has been revoked (cifs/dm at LXCERRUTI.COM)](2529638932)
> gensec_spnego_client_negTokenInit_step: gse_krb5: creating NEG_TOKEN_INIT for cifs/dm failed (next[(null)]): NT_STATUS_LOGON_FAILURE
> Anonymous login successful
>
> Server Comment
> --------- -------
> DM Samba Member - Versione 4.17.3
> SRVPAGHE
>
> Workgroup Master
> --------- -------
> LXCERRUTI SRVPAGHE
>
>
> This is my smb.conf
>
> [global]
> client min protocol = NT1
> dns update command = /usr/local/samba/sbin/samba_dnsupdate --use-samba-tool
> log file = /var/log/samba/message.log
> log level = 1
> max log size = 1000
> ntlm auth = ntlmv1-permitted
> os level = 250
> realm = LXCERRUTI.COM
> security = ADS
> server min protocol = NT1
> server role = member server
> server string = Samba Member - Versione %v
> username map = /usr/local/samba/etc/user.map
Why is your user.map in a place that suggest you compiled Samba
yourself, but the logfile doesn't ?
> winbind offline logon = Yes
> winbind use default domain = Yes
> workgroup = LXCERRUTI
> idmap config * : range = 9000-17999
> idmap config lxcerruti : backend = ad
> idmap config lxcerruti : range = 500-7999
> idmap config lxcerruti : schema_mode = rfc2307
> idmap config lxcerruti : unix_nss_info = yes
> idmap config lxcerruti : unix_primary_group = yes
> acl allow execute always = Yes
Have you some reason for using SMBv1 ?
Also, why are you using such strange ranges for the idmap config lines ?
>
> [Vol1]
> admin users = @g_admin
> comment = Home Directory per ogni User
> create mask = 0777
> directory mask = 0777
> hide unreadable = Yes
> path = /Cerruti
> read only = No
Can I ask you to read 'man vfs_acl_xattr' and then set up your smb.conf
correctly, you are still using the old way of doing things
Rowland
More information about the samba
mailing list