[Samba] authentication issue moving from Samba 4.11.x to 4.13.14
Gaiseric Vandal
gaiseric.vandal at gmail.com
Mon Mar 21 17:17:16 UTC 2022
LDAP is used for user and group lookups at the Unix/Linux level. This
includes nfs and ssh. The authentication itself is typically
kerberos. Presumably if nsswitch.conf pointed to winbind but not ldap
it everything would continue to work.
The sanitized smb.conf file
[global]
# 3/20/22
#For samba 4.13
winbind nss info = rfc2307
min domain uid = 100
template shell = /bin/bash
template homedir = /home/%U
#
smb ports = 445
disable netbios = yes
syslog = 3
#FOLLOWING CONFIGURES THIS A MEMBER SERVER
security = ads
realm=MYDOMAIN.COM
workgroup = MYDOMAIN
domain master = no
domain logons = no
kerberos method = system keytab
include system krb5 conf = no
#END MEM SERVER CONFIG
name resolve order = host wins bcast
# server string is the equivalent of the NT Description field
server string = SERVER1
preferred master = no
# 3/20/22 server min protocol = SMB2
server min protocol = SMB3
server max protocol = SMB3
log level = 3
private dir = /etc/samba/private
lock directory = /var/samba/locks
pid directory = /var/samba/locks
usershare path = /var/samba/locks/usershares
lanman auth = No
client lanman auth = No
client plaintext auth = No
map to guest = Bad User
winbind use default domain = yes
map readonly=no
winbind enum users = Yes
winbind enum groups = Yes
winbind:rpc only = Yes
idmap config *:backend = tdb
idmap config *:range = 2000-2999
idmap config MYDOMAIN:backend = ad
idmap config MYDOMAIN:schema_mode = rfc2307
idmap config MYDOMAIN:range = 100-1999
name resolve order = host wins bcast
load printers = yes
local master = no
[Share11]
vfs objects = full_audit
full_audit:prefix = %u|%I|%m|%S
full_audit:success = connect disconnect open pread pwrite
full_audit:failure = none
full_audit:facility = LOCAL7
full_audit:priority = NOTICE
path = /Share1
read only = No
hide special files = Yes
map archive = No
guest ok = yes
map archive = No
inherit permissions = Yes
inherit acls = Yes
nfs4:acedup = merge
nfs4:chown = yes
nfs4:mode = special
map readonly = no
ea support = yes
store dos attributes = yes
On 3/21/22 12:05, Rowland Penny via samba wrote:
> On Mon, 2022-03-21 at 11:04 -0400, Gaiseric Vandal via samba wrote:
>> I have several Solaris 11.4 servers in an AD domain. File sharing
>> is
>> provide to Windows clients via Samba, and to Linux clients via nfs.
>>
>> We also support some git repos over ssh.
> Please post the entire 'global' portion of your smb.conf, also, do you
> use the 'ldap' for anything else ?
>
> Rowland
>
>
>
More information about the samba
mailing list