[Samba] R: R: winbindd no access console with root

Corrado Ravinetto corrado.ravinetto at lanificiocerruti.com
Thu Dec 22 10:57:14 UTC 2022 



>On 22/12/2022 10:18, Corrado Ravinetto via samba wrote:
>> I compiled by my self and it's a domain member's role 😊

>No, I was trying to find out if you had compiled without the DC components, but it sounds like you just ran:

>./configure
>make
>make install

yes

>and everything ended up in /usr/local/samba/

Yes

>>
>> [global]
>>          client min protocol = NT1
>>          log file = /var/log/samba/message.log
>>          max log size = 1000
>>          ntlm auth = ntlmv1-permitted
>>          os level = 250
>>          realm = LXCERRUTI.COM
>>          security = ADS
>>          server min protocol = NT1
>>          server role = member server
>>          server string = Samba Member - Versione %v
>>          winbind offline logon = Yes
>>          winbind use default domain = Yes
>>          workgroup = LXCERRUTI
>>          idmap config * : range = 100000-107999
>>          idmap config lxcerruti : backend = ad
>>          idmap config lxcerruti : range = 0-99999
>>          idmap config lxcerruti : unix_nss_info = yes
>>          idmap config * : backend = tdb
>>          acl allow execute always = Yes
>>
>>
>> [Vol1]
>>          admin users = @g_admin
>>          comment = Home Directory per ogni User
>>          create mask = 0777
>>          directory mask = 0777
>>          hide unreadable = Yes
>>          path = /Cerruti
>>          read only = No
>>          vfs objects = recycle
>>          recycle:maxsize = 500000000
>>          recycle:exclude = *.tmp *.ldb *.temp ~$* *.LCK *.dmp
>>          recycle:versions = yes
>>          recycle:keeptree = yes
>>          recycle:touch = yes
>>          recycle:repository = .recycle/%U
>>

>It looks like you upgraded from an NT4-style domain and are still thinking in NT4-style ways.

Yes, this is an upgrade from an old samba 3

>There is an obvious reason why 'root' isn't working, perhaps you will understand why after reading this:

>https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member#Configuring_Samba

I red this, but my Domain User have rid = 503 and all users have like primarygroup 503
Then i can't change this to all my users.
I haven't unix user, only my linux user is root thai i use to manage my linux box
So what can i change to use ONLY root as account ??

>Do you still have any pre-vista Windows machines in your domain ?
>If not, you can remove all the SMBv1 lines.

Yes, too much xp ☹

>I would also suggest you read this:

>https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs

>And then set the share permissions from Windows, this will you much finer access control.

>Rowland

Thanks a lot


[Lanificio F.lli CERRUTI]


Corrado Ravinetto
Sistemi informativi
corrado.ravinetto at lanificiocerruti.com <mailto:corrado.ravinetto at lanificiocerruti.com>
T: +39 015 3591283
[Lanificio F.lli CERRUTI]
Lanificio F.lli Cerruti S.p.A.
Via Cernaia 40, 13900 - Biella (BI) Italy
www.lanificiocerruti.com <http://www.lanificiocerruti.com/>

[Twitter] <https://twitter.com/Lan_Cerruti> [Facebook]  <https://www.facebook.com/LanificioCerruti> [Instagram]  <https://www.instagram.com/lanificiocerruti/>

Rispetta l'ambiente, non stampare questa mail se non necessario
Respect the environment, don't print unless necessary

[Unesco]

More information about the samba mailing list