[Samba] samba fails to connect to windows file share joined to domain
Rowland Penny
rpenny at samba.org
Tue Dec 12 17:15:24 UTC 2023
On Tue, 12 Dec 2023 09:46:51 -0700
jacek burghardt via samba <samba at lists.samba.org> wrote:
> I am using arch linux
> This is my fstab entry using cred for windows domain user
>
> //winnas/radio /radio cifs
> credentials=/etc/samba/credentials/radiorec,vers=2.0,uid=1000,gid=1000,iocharset=utf8,sec=krb5i,nofail
> 0 0
>
> I run hardening kitty scripts .
Can you provide a link to those scripts ?
>
> Windows and osx clients can mount the shares but linux has an issue.
>
>
> [global]
>
> netbios name = radiorec
>
> socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
> winbind sealed pipes = false
> require strong key = false
> winbind sealed pipes:HEBE = true
> require strong key:HEBE = true
> lanman auth = no
> ntlm auth = yes
> ntlm auth = mschapv2-and-ntlmv2-only
> client signing = auto
> server signing = auto
> winbind enum users = yes
> winbind gid = 10000-20000
> workgroup = hebe
> os level = 20
> winbind enum groups = yes
> password server = den-dc01.hebe.us
> preferred master = no
> winbind separator = +
> max log size = 50
> log file = /var/log/samba/log.%m
> dns proxy = no
> realm = hebe.us
> security = ADS
> wins server = 192.168.1.8
> wins proxy = no
> client signing = auto
> server signing = auto
> domain master = auto
> server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
> drepl, winbindd, ntp_signd, kcc, dnsupdate
> idmap_ldb:use rfc2307 = yes
> ldap server require strong auth = No
> idmap config * : backend = tdb
> idmap config * : range = 10000-20000
> winbind use default domain = Yes
> winbind enum users = Yes
> winbind enum groups = Yes
> winbind nested groups = Yes
> winbind separator = +
> winbind refresh tickets = yes
> winbind offline logon = yes
> winbind cache time = 300
> template shell = /bin/bash
> template homedir = /home/%D/%U
> inherit acls = Yes
> map acl inherit = Yes
> acl group control = yes
> load printers = no
> debug level = 3
> use sendfile = no
> vfs objects = acl_xattr shadow_copy2
>
> [sysvol]
> path = /usr/share/samba/sysvol
> read only = No
>
> [netlogon]
>
To be honest, I am surprised anything can mount the shares (which you
haven't provided), but I am more worried about your smb.conf, it
appears to be partially for a Unix domain member (but not complete),
the other part appears to be for a DC, but again not complete, what do
you think it is ?
Rowland
More information about the samba
mailing list