Robson Vitor Mendonça
2019-Oct-04 11:40 UTC
[Samba] Primary group is 0 and contains 0 supplementary groups
I haven't learned to use the list yet, sorry! :( See below the two smb.conf ### smb.conf - AD [global] netbios name = SRV-SAMBA realm = DOMINIO.LAN workgroup = DOMINIO dns forwarder = X.X.X.X server role = active directory domain controller idmap_ldb:use rfc2307 = yes ntlm auth = yes ldap server require strong auth = no tls enabled = no security = user vfs objects = acl_xattr map acl inherit = Yes store dos attributes = Yes log level = 1 auth:5 winbind:5 log file = /var/log/samba/log.%U max log size = 5000 timestamp logs = Yes winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes winbind refresh tickets = Yes winbind offline logon = false winbind nss info = rfc2307 template homedir = /samba/usuarios/home/%U template shell = /usr/sbin/nologin encrypt passwords = Yes [netlogon] path = /var/lib/samba/sysvol/dominio.lan/scripts browseable = no read only = No [sysvol] path = /var/lib/samba/sysvol browseable = no read only = No ### smb.conf - File Server [global] server string = Arquivos %h server role = MEMBER SERVER security = ADS realm = DOMINIO.LAN workgroup = DOMINIO password server = srv-samba.tco.lan encrypt passwords = yes dedicated keytab file = /etc/krb5.keytab kerberos method = secrets and keytab log level = 9 log file = /var/log/samba/log.%m idmap_ldb:use rfc2307 = yes idmap config * : backend = tdb ;idmap config * : range = 10000-20000 idmap config * : range = 3000-7999 idmap config DOMINIO : backend = rid ;idmap config DOMINIO : range = 30000-40000 idmap config DOMINIO : schema_mode = rfc2307 idmap config DOMINIO : range = 10000-999999 winbind refresh tickets = yes winbind offline logon = yes winbind enum users = yes winbind enum groups = yes winbind nested groups = yes winbind expand groups = 10 winbind use default domain = yes os level = 20 domain master = no local master = no preferred master = no map to guest = bad user host msdfs = no netbios name = srv-arquivos client min protocol = SMB2 client max protocol = SMB3 unix extensions = no reset on zero vc = yes veto files = /.bash_logout/.bash_profile/.bash_history/.bashrc/ hide unreadable = yes acl group control = yes acl map full control = true ea support = yes vfs objects = acl_xattr store dos attributes = yes dos filemode = yes dos filetimes = yes enable privileges = yes restrict anonymous = 2 strict allocate = yes guest ok = no load printers = no printing = bsd printcap name = /dev/null disable spoolss = yes ntlm auth = yes map acl inherit = yes template shell = /usr/sbin/nologin template homedir = /dados/usuarios/%U [Publico] comment = Publico path = /dados/publico create mask = 0770 directory mask = 0770 browseable = yes valid users = @"Domain Admins" @"Domain Users" write list = @"Domain Admins" @"Domain Users" [COMP01] comment = COMP01 path = /dados/comp01 read only = no inherit acls = yes valid users = @"DOMINIO\Domain Admins" @"DOMINIO\group01" write list = @"DOMINIO\Domain Admins" @"DOMINIO\group01" Thanks! Atenciosamente, Robson Vitor Mendon?a
Rowland penny
2019-Oct-04 12:23 UTC
[Samba] Primary group is 0 and contains 0 supplementary groups
On 04/10/2019 12:40, Robson Vitor Mendon?a via samba wrote:> I haven't learned to use the list yet, sorry! :(What email client are you using ? Normally, you would 'reply to list' or just 'reply'.> > See below the two smb.conf > > ### smb.conf - ADRemove these lines from the AD DC smb.conf: ldap server require strong auth = no tls enabled? = no security = user vfs objects = acl_xattr map acl inherit = Yes store dos attributes = Yes winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes winbind offline logon = false winbind nss info = rfc2307 encrypt passwords = Yes template shell = /usr/sbin/nologin> > > > ### smb.conf - File ServerAnd these from the Unix domain member: ?? password server = srv-samba.tco.lan ?? encrypt passwords = yes ?? idmap_ldb:use rfc2307 = yes ?? idmap config DOMINIO : schema_mode = rfc2307 ?? winbind enum users = yes ?? winbind enum groups = yes ?? winbind expand groups = 10 ?? os level = 20 ?? map to guest = bad user ?? acl map full control = true ?? ea support = yes ?? dos filetimes = yes ?? enable privileges = yes ?? restrict anonymous = 2 ?? strict allocate = yes ?? guest ok = no ?? template shell = /usr/sbin/nologin The above lines either are defaults or have no reason to be where they are. Unless you have a very good reason for using SMBv1, I would also remove 'ntlm auth = yes' from both smb.conf files. Are all your client workstations Windows PCs ? If so, remove the 'valid users' & 'write list' lines and read this: https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs Rowland
Seemingly Similar Threads
- Primary group is 0 and contains 0 supplementary groups
- Primary group is 0 and contains 0 supplementary groups
- Primary group is 0 and contains 0 supplementary groups
- weird error rights in folders
- Rights Issues - one user getting: "Primary group is 0 and contains 0 supplementary groups" on standalone server