Hi all,
I search A LOT before post here but I didn't find a right answer.
I can list Samba shares on a server but I CANT access the content (view, read or
write).
Here is my complete config with debug steps.
######### kinit boubou; klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: boubou at DOMAIN.QC.CA
Valid starting Expires Service principal
04/08/17 16:03:00 05/08/17 02:03:00 krbtgt/DOMAIN.QC.CA at DOMAIN.QC.CA
renew until 05/08/17 16:02:55
# net ads testjoin
Join is OK
# wbinfo -P
checking the NETLOGON for domain[DOMAIN] dc connection to
"dc1.domain.qc.ca" succeeded
**** getent passwd + getent group work perfectly. I can list all users/groups.
#################################################################################
# service smbd status
smbd is running.
# service nmbd status
nmbd is running.
# service winbind status
winbind is running.
# krb5.conf
https://pastebin.com/gDhMnM4B
# nsswitch.conf
https://pastebin.com/HEk1LwJg
# smb.conf
https://pastebin.com/f5hqStFk
# log.winbindd
https://pastebin.com/nxv13gd9
drwsrwxrwx 10 root domain users 4.0K Jun 13 16:00 site
Do you see something wrong in my config ?
How can I find what fail ?
Thanks in advance for your help!
Sébastien
On Sat, 5 Aug 2017 13:21:28 -0400 Sébastien Boulianne via samba <samba at lists.samba.org> wrote:> > Do you see something wrong in my config ?Lots and when I stop laughing I will reply in full, but first, you have in smb.conf: security = ADS and server role = standalone server So, which do you want it to be, a Unix domain member (ADS) or a standalone server ? it cannot be both! Rowland
On Sat, 5 Aug 2017 14:34:40 -0400 <Sebastien.Boulianne at cpu.ca> wrote:> > I want access the files on this server from my pc which part of a > domain then I will comment out the standardone line. So what else ? >Then you need to set up your machine correctly for Samba and this includes using winbind instead of sssd can I suggest you start by reading this: https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member It will also help if you consult 'man smb.conf' Rowland
Hi, I checked my config this week. I did some changes. I can now list the share FTPFiles but I cant view the files. What can be wrong ? # krb5.conf https://pastebin.com/gDhMnM4B # nsswitch.conf https://pastebin.com/HEk1LwJg # smb.conf https://pastebin.com/f5hqStFk # log.winbindd https://pastebin.com/nxv13gd9 drwsrwxrwx 10 root domain users 4.0K Jun 13 16:00 site Thanks in advance Sébastien Boulianne Administrateur réseau & système / Network & System Administrator (Linux, Solaris & Windows). Gestion des infrastructures / Infrastructure Management. CCNA / CompTIA Server+ / Spécialiste en supervision. sebastien.boulianne at cpu.ca -----Message d'origine----- De : Sebastien Boulianne Envoyé : 5 août 2017 14:35 À : 'Rowland Penny' <rpenny at samba.org> Objet : RE: [Samba] Share access problem. Hi Rowland, Please respect. I want to learn it. I want access the files on this server from my pc which part of a domain then I will comment out the standardone line. So what else ? Thanks in advance sir. -----Message d'origine----- De : samba [mailto:samba-bounces at lists.samba.org] De la part de Rowland Penny via samba Envoyé : 5 août 2017 14:19 À : samba at lists.samba.org Objet : Re: [Samba] Share access problem. On Sat, 5 Aug 2017 13:21:28 -0400 Sébastien Boulianne via samba <samba at lists.samba.org> wrote:> > Do you see something wrong in my config ?Lots and when I stop laughing I will reply in full, but first, you have in smb.conf: security = ADS and server role = standalone server So, which do you want it to be, a Unix domain member (ADS) or a standalone server ? it cannot be both! Rowland -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
On Fri, 11 Aug 2017 14:59:36 -0400 <Sebastien.Boulianne at cpu.ca> wrote:> Hi, > > I checked my config this week. > I did some changes. > > I can now list the share FTPFiles but I cant view the files. > What can be wrong ? > > # krb5.conf > https://pastebin.com/gDhMnM4B > > # nsswitch.conf > https://pastebin.com/HEk1LwJg > > # smb.conf > https://pastebin.com/f5hqStFk > > # log.winbindd > https://pastebin.com/nxv13gd9 >OK, I would change /etc/krb5.conf to just this: [libdefaults] default_realm = DOMAIN.QC.CA dns_lookup_realm = false dns_lookup_kdc = true In /etc/nsswitch.conf change: passwd: files winbind systemd sss group: files winbind systemd sss shadow: files systemd sss To: passwd: files winbind group: files winbind shadow: files Change: hosts: files docker [NOTFOUND=return] gw_name mdns4_minimal [NOTFOUND=return] resolve [!UNAVAIL=return] dns myhostname mymachines To: hosts: files dns Change: protocols: db files winbind services: db files winbind sss To: protocols: db files services: db files Change: netgroup: nis files winbind sss To: netgroup: nis I would remove all these lines from smb.conf: logon drive = H: max xmit = 32768 min receivefile size = 2048 map to guest = Bad User obey pam restrictions = Yes pam password change = Yes passdb backend = smbpasswd passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully*. passwd program = /usr/bin/passwd %u password server = domainmaster2.domain.qc.ca domainmaster1.domain.qc.ca restrict anonymous = 1 unix password sync = Yes deadtime = 15 idmap gid = 10000-20000 winbind cache time = 30 winbind enum groups = Yes winbind enum users = Yes dns proxy = No wins server = 10.20.1.64 aio read size = 2048 aio write size = 2048 use sendfile = Yes write cache size = 1024000 I would change this line: idmap config * : range = 10000-20000 To: idmap config * : range = 3000-7999 I would add: idmap config DOMAIN : backend = rid idmap config DOMAIN : range = 10000-999999 template shell = /bin/bash template homedir = /home/%U vfs objects = acl_xattr map acl inherit = Yes store dos attributes = Yes With these changes it should work, but it is your computer, so the choice is yours, use winbind or sssd for authentication, you cannot use both. Rowland