Dear all,
We are using samba domain and i upgraded the samba from 4.7.9 to 4.8.9.
With the old version, people in our domain can view and can share the
folders without asking password and the people that out of the domain can
view and shared the folders with
writing \\IP_ADDRESS PROMPT USERNAME: PASSWORD. with the new version,
there is no problem about viewing and sharing folders with the people that
in the domain but the people that are no in the domain
can not view the \\IP_ADRESS screen.
Also, with the 4.8.9 version, when ,people in the domain , right clicked to
the shared folders and choose properties > security, the system throw out.
If i write security = user > security = domain in the smb.conf folder,
there is no problem about the people in the domain but without active
directory people the problem still goes on. You can see my smb.conf text in
the below.
Could you please help me about this problem?
It is very URGENT!!
Kind regards.
[global]
winbind scan trusted domains = Yes
change notify = Yes
kernel change notify = Yes
enumports command = /usr/local/bin/show-ports.sh
ntlm auth = Yes
lanman auth = No
raw NTLMv2 auth = No
client NTLMv2 auth = No
client lanman auth = No
idmap_ldb:use rfc2307 = Yes
algorithmic rid base = 1000
kerberos method = secrets and keytab
dedicated keytab file = /etc/krb5.keytab
winbind max clients = 2000
winbindd:use external pipes = true
winbind cache time = 300
winbind reconnect delay = 30
winbind request timeout = 60
winbind max domain connections = 1
winbindd socket directory = /usr/local/samba/var/run/winbindd
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
winbind nested groups = Yes
winbind expand groups = 10
winbind nss info = rfc2307
winbind refresh tickets = Yes
winbind offline logon = Yes
winbind normalize names = Yes
winbind sealed pipes = Yes
winbind rpc only = Yes
wins proxy = Yes
wins support = Yes
obey pam restrictions = No
ldap server require strong auth = no
server max protocol = SMB3
server min protocol = LANMAN1
server multi channel support = No
client max protocol = default
client min protocol = CORE
restrict anonymous = 0
security = USER
# security = domain
bind interfaces only = Yes
interfaces = lo ens192
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
winbindd, ntp_signd, kcc, dnsupdate
dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr, netlogon,
lsarpc, drsuapi, dssetup, unixinfo, browser, eventlog6, backupkey, remote,
dnsserver
dos charset = CP850
unix charset = UTF-8
workgroup = FACILITY
realm = FACILITY.LOCAL
netbios name = test
### netbios aliases = testx
netbios scope server string = Test Samba Server
hosts allow = ALL 127.0.0.1
guest ok = No
server role = active directory domain controller
server role check:inhibit = yes
log level = 2 passdb:2 auth:3 winbind:2
log file = /var/log/samba/log.%m
rndc command = /usr/sbin/rndc
max log size = 0
set primary group script logging = file
allow dns updates = nonsecure and secure
dns update command = /usr/local/samba/sbin/samba_dnsupdate
pam password change = Yes
smb ports = 445 139
nbt port = 137
kpasswd port = 464
krb5 port = 88
web port = 901
nbt port = 137
dgram port = 138
cldap port = 389
# socket options = IPTOS_LOWDELAY TCP_NODELAY SO_KEEPALIVE
socket options = IPTOS_LOWDELAY TCP_NODELAY SO_RCVBUF=65536
SO_SNDBUF=65536
domain logons = Yes
os level = 255
preferred master = Yes
local master = Yes
domain master = Yes
load printers = No
use client driver = No
show add printer wizard = Yes
printcap cache time = 0
printcap name = cups
cups encrypt = No
cups connection timeout = 60
disable spoolss = No
min print space = 0
max reported print jobs = 0
max print jobs = 1000
print notify backchannel = No
printing = cups
cups options = raw
default devmode = Yes
force printername = Yes
printjob username = %U
lpq cache time = 30
spoolss: architecture = Windows x64
debug timestamp = Yes
debug prefix timestamp = No
debug hires timestamp = Yes
debug pid = No
debug uid = No
debug class = No
timestamp logs = Yes
require strong key = Yes
allow dcerpc auth level connect = No
client ipc signing = default
client ipc max protocol = default
client ipc min protocol = default
nsupdate command = /usr/bin/nsupdate -g
dns proxy = No
allow trusted domains = Yes
guest account = nobody
map to guest = Bad User
guest only = No
config backend = file
encrypt passwords = Yes
smb passwd file = /usr/local/samba/private/smbpasswd
private dir = /usr/local/samba/private
passdb expand explicit = No
passdb backend = tdbsam
passwd chat debug = No
passwd chat timeout = 2
passwd program = /usr/local/samba/bin/smbpasswd %u
passwd chat = *New*password* %n\n *ReType*new*password*
%n\n*passwd:*all*authentication*tokens*updated*successfully*
password server = test.facility.local
old password allowed period = 120
unix password sync = Yes
client plaintext auth = No
enable core files = Yes
large readwrite = Yes
read raw = Yes
write raw = Yes
disable netbios = No
reset on zero vc = No
log writeable files on exit = No
defer sharing violations = Yes
nt pipe support = Yes
nt status support = Yes
max mux = 50
max xmit = 65535
name resolve order = lmhosts wins host bcast
max ttl = 259200
max wins ttl = 518400
min wins ttl = 21600
min receivefile size = 16384
time server = Yes
time server = No
unix extensions = Yes
smb encrypt = off
server signing = mandatory
client signing = mandatory
client use spnego = Yes
client ldap sasl wrapping = sign
enable asu support = No
rpc big endian = No
dead time = 0
getwd cache = Yes
keepalive = 300
smbd profiling level = off
spotlight = No
max smbd processes = 0
max disk size = 0
max open files = 65535
use mmap = Yes
hostname lookups = No
name cache timeout = 3600
clustering = No
ctdb timeout = 0
ctdb locktime warn threshold = 0
smb2 max read = 8388608
smb2 max write = 8388608
smb2 max trans = 8388608
smb2 max credits = 8192
mangling method = hash2
mangle prefix = 1
max stat cache size = 256
stat cache = Yes
machine password timeout = 604800
username map cache time = 0
username level = 0
init logon delay = 100
lm announce = Auto
lm interval = 60
browse list = Yes
enhanced browsing = Yes
smb2 leases = Yes
lock directory = /usr/local/samba/var/lock
state directory = /usr/local/samba/var/locks
cache directory = /usr/local/samba/var/cache
pid directory = /usr/local/samba/var/run
ntp signd socket directory = /usr/local/samba/var/lib/ntp_signd
utmp = No
nmbd bind explicit broadcast = Yes
homedir map = auto.home
afs token lifetime = 604800
afs share = No
NIS homedir = No
registry shares = No
usershare allow guests = No
usershare max shares = 0
usershare owner only = Yes
usershare path = /usr/local/samba/var/locks/usershares
async smb echo handler = No
template homedir = /home/%D/%U
template shell = /bin/bash
create krb5 conf = Yes
ncalrpc dir = /usr/local/samba/var/run/ncalrpc
neutralize nt4 emulation = No
reject md5 servers = No
reject md5 clients = No
set quota command multicast dns register = Yes
samba kcc command = /usr/local/samba/sbin/samba_kcc
spn update command = /usr/local/samba/sbin/samba_spnupdate
share backend = classic
allow nt4 crypto = No
tls enabled = Yes
tls keyfile = tls/key.pem
tls certfile = tls/cert.pem
tls cafile = tls/ca.pem
tls crlfile tls dh params file tls verify peer =
as_strict_as_possible
tls priority = NORMAL:-VERS-SSL3.0
rpc_server:spoolss = external
rpc_daemon:spoolssd = fork
spoolssd:prefork_child_min_life = 60
spoolssd:prefork_max_allowed_clients = 200
spoolssd:prefork_spawn_rate = 5
spoolssd:prefork_max_children = 75
spoolssd:prefork_min_children = 5
acl group control = No
acl map full control = Yes
acl allow execute always = No
force unknown acl user = No
inherit permissions = Yes
inherit acls = Yes
inherit owner = No
map acl inherit = Yes
nt acl support = Yes
administrative share = No
allocation roundup size = 1048576
aio read size = 16384
aio write size = 16384
aio max threads = 100
ea support = No
durable handles = Yes
block size = 1024
directory name cache size = 100
max connections = 0
strict allocate = Yes
strict rename = No
strict sync = No
sync always = No
use sendfile = Yes
write cache size = 0
default case = lower
case sensitive = No
preserve case = Yes
short preserve case = Yes
mangling char = ~
hide dot files = Yes
hide special files = No
hide unreadable = No
hide unwriteable files = No
delete veto files = No
map archive = No
map hidden = No
map system = No
map readonly = No
mangled names = Yes
mangling char = ~
store dos attributes = Yes
dmapi support = No
browseable = Yes
access based share enum = No
blocking locks = Yes
csc policy = manual
lock spin time = 200
oplock break wait time = 0
fake oplocks = No
kernel oplocks = No
kernel share modes = Yes
locking = Yes
oplocks = Yes
level2 oplocks = Yes
posix locking = Yes
strict locking = No
dfree cache time = 0
preexec close = No
root preexec close = No
available = Yes
fstype = NTFS
wide links = No
allow insecure wide links = No
follow symlinks = Yes
delete readonly = No
dos filemode = No
dos filetimes = Yes
dos filetime resolution = No
fake directory create times = No
host msdfs = Yes
msdfs root = No
msdfs shuffle referrals = No
ntvfs handler = unixuid, default
vfs objects = dfs_samba4 acl_xattr
full_audit:prefix = IP=%I|USER=%u|MACHINE=%m|VOLUME=%S
full_audit:failure = connect disconnect
full_audit:success = connect disconnect opendir mkdir rmdir closedir
open close read pread write pwrite sendfile rename unlink chmod fchmod
chown fchown chdir ftruncate lock symlink readlink link mknod
full_audit:facility = local5
full_audit:priority = notice
idmap config * : backend = tdb
idmap config * : range = 1000000-1999999
[homes]
comment = Home Directories
path = /mnt/storage/homes/%U
browseable = No
hide files = /Recycle Bin/
veto files = /*.encrypted/*.ecc/*.ccc/
admin users = "@Domain Admins"
create mask = 0644
force create mode = 0660
force directory mode = 0770
read only = No
valid users = "@Domain Users"
vfs objects = dfs_samba4 full_audit recycle
recycle:repository = .recycle
recycle:minsize = 0
recycle:maxsize = 0
recycle:directory_mode = 0770
recycle:subdir_mode = 0700
recycle:versions = Yes
recycle:keeptree = Yes
recycle:touch = Yes
recycle:touch_mtime = yes
recycle:exclude
*.tmp|*.temp|*.o|*.obj|~$*|*.??|*.log|*.trace|*.TMP|*.ASV|*.$$$|*.asv
recycle:noversions = *.tmp|*.temp|*.dat|*.ini
recycle:mode = KEEP_DIRECTORIES|VERSION|TOUCH
[profiles]
comment = Network Profiles Share
path = /mnt/storage/profiles
#browseable izni bir defalik kurulum esnasinda permision ayarlari esnasinda
acilir.sonra kapatilir.
browseable = No
create mask = 0644
force create mode = 0660
force directory mode = 0770
read only = No
[netlogon]
comment = Network Netlogon Share
path = /usr/local/samba/var/locks/sysvol/facility.local/scripts
read only = Yes
guest ok = No
# write ok = Yes
browseable = No
[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = No
browseable = No
write ok = Yes
[printers]
comment = All Printers
path = /var/spool/samba
create mask = 0700
browseable = yes
guest ok = no
printable = yes
create mode=0700
write list = administrator "@Domain Admins"
acl_xattr:ignore system acl = yes
[print$]
comment = Printer Drivers
path = /mnt/printer_drivers
invalid users = qwerty
valid users = @"Domain Users"
admin users = @"Domain Admins"
write list = root @"Domain Admins"
writeable = Yes
read only = No
browseable = Yes
guest ok = No
create mask = 0660
create mask = 0644
force create mode = 0660
force directory mode = 0770
directory mask = 0755
acl_xattr:ignore system acl = yes
[share1]
comment = share1
path = /home/share1
hide files = /Recycle Bin/
veto files = /*.encrypted/*.ecc/*.ccc/
admin users = "@Domain Admins"
create mask = 0644
force create mode = 0660
force directory mode = 0770
invalid users = qwerty @share_no
read list = sdsdsd
read only = No
valid users = "@Domain Users"
vfs objects = dfs_samba4 full_audit recycle
recycle:repository = .recycle
recycle:minsize = 0
recycle:maxsize = 0
recycle:directory_mode = 0770
recycle:subdir_mode = 0700
recycle:versions = Yes
recycle:keeptree = Yes
recycle:touch = Yes
recycle:touch_mtime = yes
recycle:exclude
*.tmp|*.temp|*.o|*.obj|~$*|*.??|*.log|*.trace|*.TMP|*.ASV|*.$$$|*.asv
recycle:noversions = *.tmp|*.temp|*.dat|*.ini
recycle:mode = KEEP_DIRECTORIES|VERSION|TOUCH
On Tue, 19 Feb 2019 11:37:43 +0300 barış tombul via samba <samba at lists.samba.org> wrote:> Dear all, > > We are using samba domain and i upgraded the samba from 4.7.9 to > 4.8.9. With the old version, people in our domain can view and can > share the folders without asking password and the people that out of > the domain can view and shared the folders with > writing \\IP_ADDRESS PROMPT USERNAME: PASSWORD. with the new > version, there is no problem about viewing and sharing folders with > the people that in the domain but the people that are no in the domain > can not view the \\IP_ADRESS screen. > > Also, with the 4.8.9 version, when ,people in the domain , right > clicked to the shared folders and choose properties > security, the > system throw out. If i write security = user > security = domain in > the smb.conf folder, there is no problem about the people in the > domain but without active directory people the problem still goes on. > You can see my smb.conf text in the below. > > Could you please help me about this problem? > > It is very URGENT!! >Two things, saying it is urgent doesn't cut any ice here, especially when you SHOUT urgent, Secondly, posting the output of 'testparm -v' is making things worse from the point of view of trying to understand what is going on, just post the output of 'cat' Rowland
Dear Rowland, You can see the output of "testparm -v" in the below. kind regards. # Global parameters [global] abort shutdown script add group script add machine script addport command addprinter command add share command add user script add user to group script afs token lifetime = 604800 afs username map aio max threads = 100 algorithmic rid base = 1000 allow dcerpc auth level connect = No allow dns updates = nonsecure and secure allow insecure wide links = No allow nt4 crypto = No allow trusted domains = Yes allow unsafe cluster upgrade = No apply group policies = No async smb echo handler = No auth event notification = No auto services binddns dir = /usr/local/samba/bind-dns bind interfaces only = Yes browse list = Yes cache directory = /usr/local/samba/var/cache change notify = Yes change share command check password script cldap port = 389 client ipc max protocol = default client ipc min protocol = default client ipc signing = default client lanman auth = No client ldap sasl wrapping = sign client max protocol = default client min protocol = CORE client NTLMv2 auth = No client plaintext auth = No client schannel = Yes client signing = required client use spnego principal = No client use spnego = Yes cluster addresses clustering = No config backend = file config file create krb5 conf = Yes ctdbd socket ctdb locktime warn threshold = 0 ctdb timeout = 0 cups connection timeout = 60 cups encrypt = No cups server dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr, netlogon, lsarpc, drsuapi, dssetup, unixinfo, browser, eventlog6, backupkey, remote, dnsserver deadtime = 0 debug class = No debug hires timestamp = Yes debug pid = No debug prefix timestamp = No debug uid = No dedicated keytab file = /etc/krb5.keytab default service defer sharing violations = Yes delete group script deleteprinter command delete share command delete user from group script delete user script dgram port = 138 disable netbios = No disable spoolss = No dns forwarder dns proxy = No dns update command = /usr/local/samba/sbin/samba_dnsupdate domain logons = Yes domain master = Yes dos charset = CP850 enable asu support = No enable core files = Yes enable privileges = Yes encrypt passwords = Yes enhanced browsing = Yes enumports command = /usr/local/bin/show-ports.sh eventlog list get quota command getwd cache = Yes gpo update command = /usr/local/samba/sbin/samba_gpoupdate guest account = nobody homedir map = auto.home host msdfs = Yes hostname lookups = No idmap backend = tdb idmap cache time = 604800 idmap gid idmap negative cache time = 120 idmap uid include system krb5 conf = Yes init logon delay = 100 init logon delayed hosts interfaces = lo ens192 iprint server keepalive = 300 kerberos encryption types = all kerberos method = secrets and keytab kernel change notify = Yes kpasswd port = 464 krb5 port = 88 lanman auth = No large readwrite = Yes ldap admin dn ldap connection timeout = 2 ldap debug level = 0 ldap debug threshold = 10 ldap delete dn = No ldap deref = auto ldap follow referral = Auto ldap group suffix ldap idmap suffix ldap machine suffix ldap page size = 1000 ldap passwd sync = no ldap replication sleep = 1000 ldap server require strong auth = No ldap ssl = start tls ldap ssl ads = No ldap suffix ldap timeout = 15 ldap user suffix lm announce = Auto lm interval = 60 load printers = No local master = Yes lock directory = /usr/local/samba/var/lock lock spin time = 200 log file = /var/log/samba/log.%m logging = file log level = 2 log nt token command logon drive logon home = \\%N\%U logon path = \\%N\%U\profile logon script log writeable files on exit = No lpq cache time = 30 lsa over netlogon = No machine password timeout = 604800 mangle prefix = 1 mangling method = hash2 map to guest = Bad User max disk size = 0 max log size = 0 max mux = 50 max open files = 65535 max smbd processes = 0 max stat cache size = 256 max ttl = 259200 max wins ttl = 518400 max xmit = 65535 mdns name = netbios message command min receivefile size = 16384 min wins ttl = 21600 mit kdc command multicast dns register = Yes name cache timeout = 3600 name resolve order = lmhosts wins host bcast nbt client socket address = 0.0.0.0 nbt port = 137 ncalrpc dir = /usr/local/samba/var/run/ncalrpc netbios aliases netbios name = TEST netbios scope neutralize nt4 emulation = No NIS homedir = No nmbd bind explicit broadcast = Yes nsupdate command = /usr/bin/nsupdate -g ntlm auth = ntlmv1-permitted nt pipe support = Yes ntp signd socket directory = /usr/local/samba/var/lib/ntp_signd nt status support = Yes null passwords = No obey pam restrictions = No old password allowed period = 120 oplock break wait time = 0 os2 driver map os level = 255 pam password change = Yes panic action passdb backend = samba_dsdb passdb expand explicit = No passwd chat = *New*password* %n\n *ReType*new*password* %n\n*passwd:*all*authentication*tokens*updated*successfully* passwd chat debug = No passwd chat timeout = 2 passwd program = /usr/local/samba/bin/smbpasswd %u password hash gpg key ids password hash userPassword schemes password server = TEST.facility.local perfcount module pid directory = /usr/local/samba/var/run preferred master = Yes prefork children = 1 preload modules printcap cache time = 0 printcap name = cups private dir = /usr/local/samba/private raw NTLMv2 auth = No read raw = Yes realm = FACILITY.LOCAL registry shares = No reject md5 clients = No reject md5 servers = No remote announce remote browse sync rename user script require strong key = Yes reset on zero vc = No restrict anonymous = 0 rndc command = /usr/sbin/rndc root directory rpc big endian = No rpc server dynamic port range = 49152-65535 rpc server port = 0 samba kcc command = /usr/local/samba/sbin/samba_kcc security = USER server max protocol = SMB3 server min protocol = LANMAN1 server multi channel support = No server role = active directory domain controller server schannel = Yes server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate server signing = required server string = TEST Samba Server set primary group script set quota command share backend = classic show add printer wizard = Yes shutdown script smb2 leases = Yes smb2 max credits = 8192 smb2 max read = 8388608 smb2 max trans = 8388608 smb2 max write = 8388608 smbd profiling level = off smb passwd file = /usr/local/samba/private/smbpasswd smb ports = 445 139 socket options = IPTOS_LOWDELAY TCP_NODELAY SO_RCVBUF=65536 SO_SNDBUF=65536 spn update command = /usr/local/samba/sbin/samba_spnupdate stat cache = Yes state directory = /usr/local/samba/var/locks svcctl list syslog = 1 syslog only = No template homedir = /home/%D/%U template shell = /bin/bash time server = No timestamp logs = Yes tls cafile = tls/ca.pem tls certfile = tls/cert.pem tls crlfile tls dh params file tls enabled = Yes tls keyfile = tls/key.pem tls priority = NORMAL:-VERS-SSL3.0 tls verify peer = as_strict_as_possible unicode = Yes unix charset = UTF-8 unix extensions = Yes unix password sync = Yes use mmap = Yes username level = 0 username map username map cache time = 0 username map script usershare allow guests = No usershare max shares = 0 usershare owner only = Yes usershare path = /usr/local/samba/var/locks/usershares usershare prefix allow list usershare prefix deny list usershare template share utmp = No utmp directory web port = 901 winbind cache time = 300 winbindd socket directory = /usr/local/samba/var/run/winbindd winbind enum groups = Yes winbind enum users = Yes winbind expand groups = 10 winbind max clients = 2000 winbind max domain connections = 1 winbind nested groups = Yes winbind normalize names = Yes winbind nss info = rfc2307 winbind offline logon = Yes winbind reconnect delay = 30 winbind refresh tickets = Yes winbind request timeout = 60 winbind rpc only = Yes winbind scan trusted domains = Yes winbind sealed pipes = Yes winbind separator = \ winbind use default domain = Yes wins hook wins proxy = Yes wins server wins support = Yes workgroup = FACILITY write raw = Yes wtmp directory rpc_server:tcpip = no rpc_server:winreg = embedded rpc_server:ntsvcs = embedded rpc_server:eventlog = embedded rpc_server:srvsvc = embedded rpc_server:svcctl = embedded rpc_server:default = external idmap config * : range = 1000000-1999999 full_audit:priority = notice full_audit:facility = local5 full_audit:success = connect disconnect opendir mkdir rmdir closedir open close read pread write pwrite sendfile rename unlink chmod fchmod chown fchown chdir ftruncate lock symlink readlink link mknod full_audit:failure = connect disconnect full_audit:prefix = IP=%I|USER=%u|MACHINE=%m|VOLUME=%S spoolssd:prefork_min_children = 5 spoolssd:prefork_max_children = 75 spoolssd:prefork_spawn_rate = 5 spoolssd:prefork_max_allowed_clients = 200 spoolssd:prefork_child_min_life = 60 rpc_daemon:spoolssd = embedded rpc_server:spoolss = embedded spoolss: architecture = Windows x64 server role check:inhibit = yes winbindd:use external pipes = true idmap_ldb:use rfc2307 = Yes idmap config * : backend = tdb access based share enum = No acl allow execute always = No acl check permissions = Yes acl group control = No acl map full control = Yes administrative share = No admin users afs share = No aio read size = 16384 aio write behind aio write size = 16384 allocation roundup size = 1048576 available = Yes blocking locks = Yes block size = 1024 browseable = Yes case sensitive = No comment copy create mask = 0744 csc policy = manual cups options = raw default case = lower default devmode = Yes delete readonly = No delete veto files = No dfree cache time = 0 dfree command directory mask = 0755 directory name cache size = 100 dmapi support = No dont descend dos filemode = No dos filetime resolution = No dos filetimes = Yes durable handles = Yes ea support = No fake directory create times = No fake oplocks = No follow symlinks = Yes force create mode = 0000 force directory mode = 0000 force group force printername = Yes force unknown acl user = No force user fstype = NTFS guest ok = No guest only = No hide dot files = Yes hide files hide special files = No hide unreadable = No hide unwriteable files = No hosts allow = ALL 127.0.0.1 hosts deny include inherit acls = Yes inherit owner = no inherit permissions = Yes invalid users kernel oplocks = No kernel share modes = Yes level2 oplocks = Yes locking = Yes lppause command lpq command = %p lpresume command lprm command magic output magic script mangled names = yes mangling char = ~ map acl inherit = Yes map archive = No map hidden = No map readonly = no map system = No max connections = 0 max print jobs = 1000 max reported print jobs = 0 min print space = 0 msdfs proxy msdfs root = No msdfs shuffle referrals = No nt acl support = Yes ntvfs handler = unixuid, default oplocks = Yes path posix locking = Yes postexec preexec preexec close = No preserve case = Yes printable = No print command printer name printing = cups printjob username = %U print notify backchannel = No queuepause command queueresume command read list read only = Yes root postexec root preexec root preexec close = No short preserve case = Yes smb encrypt = No spotlight = No store dos attributes = Yes strict allocate = Yes strict locking = No strict rename = No strict sync = No sync always = No use client driver = No use sendfile = Yes valid users veto files veto oplock files vfs objects = dfs_samba4 acl_xattr volume wide links = No write cache size = 0 write list [homes] admin users = "@Domain Admins" browseable = No comment = Home Directories create mask = 0644 force create mode = 0660 force directory mode = 0770 hide files = /Recycle Bin/ path = /home/homes/%U read only = No valid users = "@Domain Users" veto files = /*.encrypted/*.ecc/*.ccc/ vfs objects = dfs_samba4 full_audit recycle recycle:mode = KEEP_DIRECTORIES|VERSION|TOUCH recycle:noversions = *.tmp|*.temp|*.dat|*.ini recycle:exclude *.tmp|*.temp|*.o|*.obj|~$*|*.??|*.log|*.trace|*.TMP|*.ASV|*.$$$|*.asv recycle:touch_mtime = yes recycle:touch = Yes recycle:keeptree = Yes recycle:versions = Yes recycle:subdir_mode = 0700 recycle:directory_mode = 0770 recycle:maxsize = 0 recycle:minsize = 0 recycle:repository = .recycle [profiles] browseable = No comment = Network Profiles Share create mask = 0644 force create mode = 0660 force directory mode = 0770 path = /home/profiles read only = No [netlogon] browseable = No comment = Network Netlogon Share path = /usr/local/samba/var/locks/sysvol/facility.local/scripts [sysvol] browseable = No path = /usr/local/samba/var/locks/sysvol read only = No [printers] browseable = No comment = All Printers create mask = 0700 path = /var/spool/samba printable = Yes write list = administrator "@Domain Admins" acl_xattr:ignore system acl = yes [print$] admin users = "@Domain Admins" comment = Printer Drivers create mask = 0644 force create mode = 0660 force directory mode = 0770 invalid users = qwerty path = /home/printer_drivers read only = No valid users = "@Domain Users" write list = root "@Domain Admins" acl_xattr:ignore system acl = yes [Share1] admin users = "@Domain Admins" comment = Share1 Paylasimi create mask = 0644 force create mode = 0660 force directory mode = 0770 hide files = /Recycle Bin/ invalid users = qwerty @Share1_no path = /home/TEST/Share1 read list = abuzer read only = No valid users = "@Domain Users" abuzer veto files = /*.encrypted/*.ecc/*.ccc/ vfs objects = dfs_samba4 full_audit recycle recycle:mode = KEEP_DIRECTORIES|VERSION|TOUCH recycle:noversions = *.tmp|*.temp|*.dat|*.ini recycle:exclude *.tmp|*.temp|*.o|*.obj|~$*|*.??|*.log|*.trace|*.TMP|*.ASV|*.$$$|*.asv recycle:touch_mtime = yes recycle:touch = Yes recycle:keeptree = Yes recycle:versions = Yes recycle:subdir_mode = 0700 recycle:directory_mode = 0770 recycle:maxsize = 0 recycle:minsize = 0 recycle:repository = .recycle [brother_mfc9840] admin users = "@Domain Admins" path = /var/spool/samba printable = Yes printer name = brother1 valid users = administrator "@Domain Users" write list = "@Domain Admins" Barış Rowland Penny via samba <samba at lists.samba.org>, 19 Şub 2019 Sal, 11:54 tarihinde şunu yazdı:> On Tue, 19 Feb 2019 11:37:43 +0300 > barış tombul via samba <samba at lists.samba.org> wrote: > > > Dear all, > > > > We are using samba domain and i upgraded the samba from 4.7.9 to > > 4.8.9. With the old version, people in our domain can view and can > > share the folders without asking password and the people that out of > > the domain can view and shared the folders with > > writing \\IP_ADDRESS PROMPT USERNAME: PASSWORD. with the new > > version, there is no problem about viewing and sharing folders with > > the people that in the domain but the people that are no in the domain > > can not view the \\IP_ADRESS screen. > > > > Also, with the 4.8.9 version, when ,people in the domain , right > > clicked to the shared folders and choose properties > security, the > > system throw out. If i write security = user > security = domain in > > the smb.conf folder, there is no problem about the people in the > > domain but without active directory people the problem still goes on. > > You can see my smb.conf text in the below. > > > > Could you please help me about this problem? > > > > It is very URGENT!! > > > > Two things, saying it is urgent doesn't cut any ice here, especially > when you SHOUT urgent, Secondly, posting the output of 'testparm -v' is > making things worse from the point of view of trying to understand what > is going on, just post the output of 'cat' > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
Hai, Rowland did mean, post it without the -v.. Since its an AD server. Run : samba-tool testparm Can you post that that gives a better insight. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > bar???? tombul via samba > Verzonden: dinsdag 19 februari 2019 11:37 > Aan: Rowland Penny > CC: samba > Onderwerp: Re: [Samba] samba 4.8x problem > > Dear Rowland, > > You can see the output of "testparm -v" in the below. > > kind regards. > # Global parameters > [global] > abort shutdown script > add group script > add machine script > addport command > addprinter command > add share command > add user script > add user to group script > afs token lifetime = 604800 > afs username map > aio max threads = 100 > algorithmic rid base = 1000 > allow dcerpc auth level connect = No > allow dns updates = nonsecure and secure > allow insecure wide links = No > allow nt4 crypto = No > allow trusted domains = Yes > allow unsafe cluster upgrade = No > apply group policies = No > async smb echo handler = No > auth event notification = No > auto services > binddns dir = /usr/local/samba/bind-dns > bind interfaces only = Yes > browse list = Yes > cache directory = /usr/local/samba/var/cache > change notify = Yes > change share command > check password script > cldap port = 389 > client ipc max protocol = default > client ipc min protocol = default > client ipc signing = default > client lanman auth = No > client ldap sasl wrapping = sign > client max protocol = default > client min protocol = CORE > client NTLMv2 auth = No > client plaintext auth = No > client schannel = Yes > client signing = required > client use spnego principal = No > client use spnego = Yes > cluster addresses > clustering = No > config backend = file > config file > create krb5 conf = Yes > ctdbd socket > ctdb locktime warn threshold = 0 > ctdb timeout = 0 > cups connection timeout = 60 > cups encrypt = No > cups server > dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr, netlogon, > lsarpc, drsuapi, dssetup, unixinfo, browser, eventlog6, > backupkey, remote, > dnsserver > deadtime = 0 > debug class = No > debug hires timestamp = Yes > debug pid = No > debug prefix timestamp = No > debug uid = No > dedicated keytab file = /etc/krb5.keytab > default service > defer sharing violations = Yes > delete group script > deleteprinter command > delete share command > delete user from group script > delete user script > dgram port = 138 > disable netbios = No > disable spoolss = No > dns forwarder > dns proxy = No > dns update command = /usr/local/samba/sbin/samba_dnsupdate > domain logons = Yes > domain master = Yes > dos charset = CP850 > enable asu support = No > enable core files = Yes > enable privileges = Yes > encrypt passwords = Yes > enhanced browsing = Yes > enumports command = /usr/local/bin/show-ports.sh > eventlog list > get quota command > getwd cache = Yes > gpo update command = /usr/local/samba/sbin/samba_gpoupdate > guest account = nobody > homedir map = auto.home > host msdfs = Yes > hostname lookups = No > idmap backend = tdb > idmap cache time = 604800 > idmap gid > idmap negative cache time = 120 > idmap uid > include system krb5 conf = Yes > init logon delay = 100 > init logon delayed hosts > interfaces = lo ens192 > iprint server > keepalive = 300 > kerberos encryption types = all > kerberos method = secrets and keytab > kernel change notify = Yes > kpasswd port = 464 > krb5 port = 88 > lanman auth = No > large readwrite = Yes > ldap admin dn > ldap connection timeout = 2 > ldap debug level = 0 > ldap debug threshold = 10 > ldap delete dn = No > ldap deref = auto > ldap follow referral = Auto > ldap group suffix > ldap idmap suffix > ldap machine suffix > ldap page size = 1000 > ldap passwd sync = no > ldap replication sleep = 1000 > ldap server require strong auth = No > ldap ssl = start tls > ldap ssl ads = No > ldap suffix > ldap timeout = 15 > ldap user suffix > lm announce = Auto > lm interval = 60 > load printers = No > local master = Yes > lock directory = /usr/local/samba/var/lock > lock spin time = 200 > log file = /var/log/samba/log.%m > logging = file > log level = 2 > log nt token command > logon drive > logon home = \\%N\%U > logon path = \\%N\%U\profile > logon script > log writeable files on exit = No > lpq cache time = 30 > lsa over netlogon = No > machine password timeout = 604800 > mangle prefix = 1 > mangling method = hash2 > map to guest = Bad User > max disk size = 0 > max log size = 0 > max mux = 50 > max open files = 65535 > max smbd processes = 0 > max stat cache size = 256 > max ttl = 259200 > max wins ttl = 518400 > max xmit = 65535 > mdns name = netbios > message command > min receivefile size = 16384 > min wins ttl = 21600 > mit kdc command > multicast dns register = Yes > name cache timeout = 3600 > name resolve order = lmhosts wins host bcast > nbt client socket address = 0.0.0.0 > nbt port = 137 > ncalrpc dir = /usr/local/samba/var/run/ncalrpc > netbios aliases > netbios name = TEST > netbios scope > neutralize nt4 emulation = No > NIS homedir = No > nmbd bind explicit broadcast = Yes > nsupdate command = /usr/bin/nsupdate -g > ntlm auth = ntlmv1-permitted > nt pipe support = Yes > ntp signd socket directory = /usr/local/samba/var/lib/ntp_signd > nt status support = Yes > null passwords = No > obey pam restrictions = No > old password allowed period = 120 > oplock break wait time = 0 > os2 driver map > os level = 255 > pam password change = Yes > panic action > passdb backend = samba_dsdb > passdb expand explicit = No > passwd chat = *New*password* %n\n *ReType*new*password* > %n\n*passwd:*all*authentication*tokens*updated*successfully* > passwd chat debug = No > passwd chat timeout = 2 > passwd program = /usr/local/samba/bin/smbpasswd %u > password hash gpg key ids > password hash userPassword schemes > password server = TEST.facility.local > perfcount module > pid directory = /usr/local/samba/var/run > preferred master = Yes > prefork children = 1 > preload modules > printcap cache time = 0 > printcap name = cups > private dir = /usr/local/samba/private > raw NTLMv2 auth = No > read raw = Yes > realm = FACILITY.LOCAL > registry shares = No > reject md5 clients = No > reject md5 servers = No > remote announce > remote browse sync > rename user script > require strong key = Yes > reset on zero vc = No > restrict anonymous = 0 > rndc command = /usr/sbin/rndc > root directory > rpc big endian = No > rpc server dynamic port range = 49152-65535 > rpc server port = 0 > samba kcc command = /usr/local/samba/sbin/samba_kcc > security = USER > server max protocol = SMB3 > server min protocol = LANMAN1 > server multi channel support = No > server role = active directory domain controller > server schannel = Yes > server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, > drepl, winbindd, > ntp_signd, kcc, dnsupdate > server signing = required > server string = TEST Samba Server > set primary group script > set quota command > share backend = classic > show add printer wizard = Yes > shutdown script > smb2 leases = Yes > smb2 max credits = 8192 > smb2 max read = 8388608 > smb2 max trans = 8388608 > smb2 max write = 8388608 > smbd profiling level = off > smb passwd file = /usr/local/samba/private/smbpasswd > smb ports = 445 139 > socket options = IPTOS_LOWDELAY TCP_NODELAY SO_RCVBUF=65536 > SO_SNDBUF=65536 > spn update command = /usr/local/samba/sbin/samba_spnupdate > stat cache = Yes > state directory = /usr/local/samba/var/locks > svcctl list > syslog = 1 > syslog only = No > template homedir = /home/%D/%U > template shell = /bin/bash > time server = No > timestamp logs = Yes > tls cafile = tls/ca.pem > tls certfile = tls/cert.pem > tls crlfile > tls dh params file > tls enabled = Yes > tls keyfile = tls/key.pem > tls priority = NORMAL:-VERS-SSL3.0 > tls verify peer = as_strict_as_possible > unicode = Yes > unix charset = UTF-8 > unix extensions = Yes > unix password sync = Yes > use mmap = Yes > username level = 0 > username map > username map cache time = 0 > username map script > usershare allow guests = No > usershare max shares = 0 > usershare owner only = Yes > usershare path = /usr/local/samba/var/locks/usershares > usershare prefix allow list > usershare prefix deny list > usershare template share > utmp = No > utmp directory > web port = 901 > winbind cache time = 300 > winbindd socket directory = /usr/local/samba/var/run/winbindd > winbind enum groups = Yes > winbind enum users = Yes > winbind expand groups = 10 > winbind max clients = 2000 > winbind max domain connections = 1 > winbind nested groups = Yes > winbind normalize names = Yes > winbind nss info = rfc2307 > winbind offline logon = Yes > winbind reconnect delay = 30 > winbind refresh tickets = Yes > winbind request timeout = 60 > winbind rpc only = Yes > winbind scan trusted domains = Yes > winbind sealed pipes = Yes > winbind separator = \ > winbind use default domain = Yes > wins hook > wins proxy = Yes > wins server > wins support = Yes > workgroup = FACILITY > write raw = Yes > wtmp directory > rpc_server:tcpip = no > rpc_server:winreg = embedded > rpc_server:ntsvcs = embedded > rpc_server:eventlog = embedded > rpc_server:srvsvc = embedded > rpc_server:svcctl = embedded > rpc_server:default = external > idmap config * : range = 1000000-1999999 > full_audit:priority = notice > full_audit:facility = local5 > full_audit:success = connect disconnect opendir mkdir rmdir > closedir open > close read pread write pwrite sendfile rename unlink chmod > fchmod chown > fchown chdir ftruncate lock symlink readlink link mknod > full_audit:failure = connect disconnect > full_audit:prefix = IP=%I|USER=%u|MACHINE=%m|VOLUME=%S > spoolssd:prefork_min_children = 5 > spoolssd:prefork_max_children = 75 > spoolssd:prefork_spawn_rate = 5 > spoolssd:prefork_max_allowed_clients = 200 > spoolssd:prefork_child_min_life = 60 > rpc_daemon:spoolssd = embedded > rpc_server:spoolss = embedded > spoolss: architecture = Windows x64 > server role check:inhibit = yes > winbindd:use external pipes = true > idmap_ldb:use rfc2307 = Yes > idmap config * : backend = tdb > access based share enum = No > acl allow execute always = No > acl check permissions = Yes > acl group control = No > acl map full control = Yes > administrative share = No > admin users > afs share = No > aio read size = 16384 > aio write behind > aio write size = 16384 > allocation roundup size = 1048576 > available = Yes > blocking locks = Yes > block size = 1024 > browseable = Yes > case sensitive = No > comment > copy > create mask = 0744 > csc policy = manual > cups options = raw > default case = lower > default devmode = Yes > delete readonly = No > delete veto files = No > dfree cache time = 0 > dfree command > directory mask = 0755 > directory name cache size = 100 > dmapi support = No > dont descend > dos filemode = No > dos filetime resolution = No > dos filetimes = Yes > durable handles = Yes > ea support = No > fake directory create times = No > fake oplocks = No > follow symlinks = Yes > force create mode = 0000 > force directory mode = 0000 > force group > force printername = Yes > force unknown acl user = No > force user > fstype = NTFS > guest ok = No > guest only = No > hide dot files = Yes > hide files > hide special files = No > hide unreadable = No > hide unwriteable files = No > hosts allow = ALL 127.0.0.1 > hosts deny > include > inherit acls = Yes > inherit owner = no > inherit permissions = Yes > invalid users > kernel oplocks = No > kernel share modes = Yes > level2 oplocks = Yes > locking = Yes > lppause command > lpq command = %p > lpresume command > lprm command > magic output > magic script > mangled names = yes > mangling char = ~ > map acl inherit = Yes > map archive = No > map hidden = No > map readonly = no > map system = No > max connections = 0 > max print jobs = 1000 > max reported print jobs = 0 > min print space = 0 > msdfs proxy > msdfs root = No > msdfs shuffle referrals = No > nt acl support = Yes > ntvfs handler = unixuid, default > oplocks = Yes > path > posix locking = Yes > postexec > preexec > preexec close = No > preserve case = Yes > printable = No > print command > printer name > printing = cups > printjob username = %U > print notify backchannel = No > queuepause command > queueresume command > read list > read only = Yes > root postexec > root preexec > root preexec close = No > short preserve case = Yes > smb encrypt = No > spotlight = No > store dos attributes = Yes > strict allocate = Yes > strict locking = No > strict rename = No > strict sync = No > sync always = No > use client driver = No > use sendfile = Yes > valid users > veto files > veto oplock files > vfs objects = dfs_samba4 acl_xattr > volume > wide links = No > write cache size = 0 > write list > > > [homes] > admin users = "@Domain Admins" > browseable = No > comment = Home Directories > create mask = 0644 > force create mode = 0660 > force directory mode = 0770 > hide files = /Recycle Bin/ > path = /home/homes/%U > read only = No > valid users = "@Domain Users" > veto files = /*.encrypted/*.ecc/*.ccc/ > vfs objects = dfs_samba4 full_audit recycle > recycle:mode = KEEP_DIRECTORIES|VERSION|TOUCH > recycle:noversions = *.tmp|*.temp|*.dat|*.ini > recycle:exclude > *.tmp|*.temp|*.o|*.obj|~$*|*.??|*.log|*.trace|*.TMP|*.ASV|*.$$$|*.asv > recycle:touch_mtime = yes > recycle:touch = Yes > recycle:keeptree = Yes > recycle:versions = Yes > recycle:subdir_mode = 0700 > recycle:directory_mode = 0770 > recycle:maxsize = 0 > recycle:minsize = 0 > recycle:repository = .recycle > > > [profiles] > browseable = No > comment = Network Profiles Share > create mask = 0644 > force create mode = 0660 > force directory mode = 0770 > path = /home/profiles > read only = No > > > [netlogon] > browseable = No > comment = Network Netlogon Share > path = /usr/local/samba/var/locks/sysvol/facility.local/scripts > > > [sysvol] > browseable = No > path = /usr/local/samba/var/locks/sysvol > read only = No > > > [printers] > browseable = No > comment = All Printers > create mask = 0700 > path = /var/spool/samba > printable = Yes > write list = administrator "@Domain Admins" > acl_xattr:ignore system acl = yes > > > [print$] > admin users = "@Domain Admins" > comment = Printer Drivers > create mask = 0644 > force create mode = 0660 > force directory mode = 0770 > invalid users = qwerty > path = /home/printer_drivers > read only = No > valid users = "@Domain Users" > write list = root "@Domain Admins" > acl_xattr:ignore system acl = yes > > > [Share1] > admin users = "@Domain Admins" > comment = Share1 Paylasimi > create mask = 0644 > force create mode = 0660 > force directory mode = 0770 > hide files = /Recycle Bin/ > invalid users = qwerty @Share1_no > path = /home/TEST/Share1 > read list = abuzer > read only = No > valid users = "@Domain Users" abuzer > veto files = /*.encrypted/*.ecc/*.ccc/ > vfs objects = dfs_samba4 full_audit recycle > recycle:mode = KEEP_DIRECTORIES|VERSION|TOUCH > recycle:noversions = *.tmp|*.temp|*.dat|*.ini > recycle:exclude > *.tmp|*.temp|*.o|*.obj|~$*|*.??|*.log|*.trace|*.TMP|*.ASV|*.$$$|*.asv > recycle:touch_mtime = yes > recycle:touch = Yes > recycle:keeptree = Yes > recycle:versions = Yes > recycle:subdir_mode = 0700 > recycle:directory_mode = 0770 > recycle:maxsize = 0 > recycle:minsize = 0 > recycle:repository = .recycle > > > [brother_mfc9840] > admin users = "@Domain Admins" > path = /var/spool/samba > printable = Yes > printer name = brother1 > valid users = administrator "@Domain Users" > write list = "@Domain Admins" > > Bar???? > > Rowland Penny via samba <samba at lists.samba.org>, 19 ??ub 2019 > Sal, 11:54 > tarihinde ??unu yazd??: > > > On Tue, 19 Feb 2019 11:37:43 +0300 > > bar???? tombul via samba <samba at lists.samba.org> wrote: > > > > > Dear all, > > > > > > We are using samba domain and i upgraded the samba from 4.7.9 to > > > 4.8.9. With the old version, people in our domain can view and can > > > share the folders without asking password and the people > that out of > > > the domain can view and shared the folders with > > > writing \\IP_ADDRESS PROMPT USERNAME: PASSWORD. with the new > > > version, there is no problem about viewing and sharing > folders with > > > the people that in the domain but the people that are no > in the domain > > > can not view the \\IP_ADRESS screen. > > > > > > Also, with the 4.8.9 version, when ,people in the domain , right > > > clicked to the shared folders and choose properties > > security, the > > > system throw out. If i write security = user > security = > domain in > > > the smb.conf folder, there is no problem about the people in the > > > domain but without active directory people the problem > still goes on. > > > You can see my smb.conf text in the below. > > > > > > Could you please help me about this problem? > > > > > > It is very URGENT!! > > > > > > > Two things, saying it is urgent doesn't cut any ice here, especially > > when you SHOUT urgent, Secondly, posting the output of > 'testparm -v' is > > making things worse from the point of view of trying to > understand what > > is going on, just post the output of 'cat' > > > > Rowland > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >