On Fri, 3 Feb 2017 16:55:20 +0100 Łukasz Sellmann via samba <samba at lists.samba.org> wrote:> yes, permissions are set as default by apt package instalator > > > ls -al > > -rw------- 1 root root 1082 sty 13 23:25 secrets.keytab > > samba,smbd deamons have run as root user >can you post the smb.conf, /etc/hosts, /etc/hostname, /etc/resolv.conf and /etc/krb5.conf. Can you also give us the hostname and ipaddress of the DC Rowland
*/etc/samba/smb.conf *
# Global parameters
[global]
workgroup = GSBK
realm = biuro.gsbk.pl
netbios name = DC1
server role = active directory domain controller
dns forwarder = 192.168.0.1
ldap server require strong auth = no
allow dns updates = nonsecure and secure
require strong key = no
vfs objects = acl_xattr
map acl inherit = yes
store dos attributes = yes
unix extensions = no
winbind nss info = rfc2307
winbind enum users = yes
winbind enum groups = yes
idmap_ldb:use rfc2307 = yes
[netlogon]
path = /var/lib/samba/sysvol/biuro.gsbk.pl/scripts
read only = no
browseable = no
[sysvol]
path = /var/lib/samba/sysvol
read only = no
browseable = no
*/etc/krb.conf*
[libdefaults]
default_realm = BIURO.GSBK.PL
dns_lookup_realm = false
dns_lookup_kdc = true
*/etc/hosts*
192.168.0.3 DC1
127.0.0.1 localhost
# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
*/etc/hostname*
DC1
*/etc/resolv.conf*
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by
resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 192.168.0.3
search biuro.gsbk.pl
DC1 is the main DC
pozdrawiam
Łukasz Sellmann
2017-02-03 17:15 GMT+01:00 Rowland Penny via samba <samba at
lists.samba.org>:
> On Fri, 3 Feb 2017 16:55:20 +0100
> Łukasz Sellmann via samba <samba at lists.samba.org> wrote:
>
> > yes, permissions are set as default by apt package instalator
> >
> > > ls -al
> > > -rw------- 1 root root 1082 sty 13 23:25 secrets.keytab
> >
> > samba,smbd deamons have run as root user
> >
>
> can you post the smb.conf, /etc/hosts, /etc/hostname, /etc/resolv.conf
> and /etc/krb5.conf.
> Can you also give us the hostname and ipaddress of the DC
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
On Fri, 3 Feb 2017 17:39:17 +0100 Łukasz Sellmann via samba <samba at lists.samba.org> wrote:> */etc/samba/smb.conf * > > # Global parameters > [global] > > workgroup = GSBK > realm = biuro.gsbk.pl > netbios name = DC1 > server role = active directory domain controller > dns forwarder = 192.168.0.1 > > ldap server require strong auth = no > allow dns updates = nonsecure and secure > require strong key = no > > vfs objects = acl_xattr > map acl inherit = yes > store dos attributes = yes > unix extensions = no > winbind nss info = rfc2307OK, just who is it that is telling people to add the above five lines to a DC smb.conf ??? Whoever it is, will they please stop doing it, or to put it another way: Remove those lines, they should only be in a Unix domain member smb.conf> winbind enum users = yes > winbind enum groups = yes > idmap_ldb:use rfc2307 = yes > > > [netlogon] > path = /var/lib/samba/sysvol/biuro.gsbk.pl/scripts > read only = no > browseable = no > > [sysvol] > path = /var/lib/samba/sysvol > read only = no > browseable = noAgain, remove the browseable lines, there is no browsing on a Samba AD DC.> */etc/krb.conf* > > [libdefaults] > default_realm = BIURO.GSBK.PL > dns_lookup_realm = false > dns_lookup_kdc = true > > > */etc/hosts* > > 192.168.0.3 DC1 > 127.0.0.1 localhost > # The following lines are desirable for IPv6 capable hosts > ::1 localhost ip6-localhost ip6-loopback > ff02::1 ip6-allnodes > ff02::2 ip6-allrouters >The 192.168.0.3 line should be: 192.168.0.3 dc1.biuro.gsbk.pl dc1 Provided, of course, that DC1 has a fixed IP and it should have a fixed IP> */etc/hostname* > > DC1 > > */etc/resolv.conf* > > # Dynamic resolv.conf(5) file for glibc resolver(3) generated by > resolvconf(8) > # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE > OVERWRITTEN nameserver 192.168.0.3 > search biuro.gsbk.pl >I personally would remove resolvconf, it is totally unneeded on a machine with a fixed IP Rowland