samba - Dec 2020 - rights -- structures

On 14/12/2020 10:26, Maurizio Caloro wrote:
>> Sorry, but I do not understand any of the above, please re-write it.
>>
>> Rowland
> Ok now the Service smbd  nmbd and Winbind are still running fine, the Samba
> Fileserver machine are now fresh join to domain, yes
> I see this machine, like before.
>
> I have a understanding Mismatch
> If try to add to folder the Permission, like
>
> chown "Maurizio Caloro:smbadmin" "Maurizio Caloro"
> chown: invalid user: 'Maurizio Caloro:smbadmin'
>
> why this arnt see the user that exist in this domain......
>
> # cat smb.conf
> [global]
>     workgroup = CARAG
>     security = ADS
>     realm = CARAG.LOCAL
>
>     winbind refresh tickets = Yes
>     winbind use default domain = yes
>     vfs objects = acl_xattr
>     map acl inherit = Yes
>     store dos attributes = Yes
>
>
> If changing here the line Security from ADS to DOMAIN the Service, smbd
nmdb
> and winbind will be failed to start.
It would, you do not use 'domain' with an AD domain.

Can you please try this smb.conf:

[global]
 ??? workgroup = CARAG
 ??? security = ADS
 ??? realm = CARAG.LOCAL

 ??? dedicated keytab file = /etc/krb5.keytab
 ??? kerberos method = secrets and keytab
 ??? server string = Samba Client %h

 ??? winbind use default domain = yes
 ??? winbind expand groups = 2
 ??? winbind refresh tickets = Yes
 ??? winbind offline logon = yes
 ??? dns proxy = no

 ??? idmap config * : backend = tdb
 ??? idmap config * : range = 3000-7999
 ??? idmap config CARAG : backend = rid
 ??? idmap config CARAG : range = 10000-999999
 ??? template shell = /bin/bash
 ??? template homedir = /home/%U

 ??? domain master = no
 ??? local master = no
 ??? preferred master = no
 ??? host msdfs = no

 ??? # user Administrator workaround, without it you are unable to set 
privileges
 ??? username map = /etc/samba/user.map

 ??? # For ACL support on domain member
 ??? vfs objects = acl_xattr
 ??? map acl inherit = Yes
 ??? store dos attributes = Yes

 ??? # Share Setting Globally
 ??? unix extensions = no
 ??? reset on zero vc = yes
 ??? hide unreadable = yes

 ??? # disable printing completely
 ??? load printers = no
 ??? printing = bsd
 ??? printcap name = /dev/null
 ??? disable spoolss = yes

 ??? # logging
 ??? log level = 0
 ??? max log size = 1000

[USERHOME]
 ??????? path = /shares/Userhome/
 ??????? read only = no

Then create /etc/samba/user.map containing this:

!root = CARAG\Administrator

Restart winbind, smbd and nmbd

Rowland

Rowland, thanks for your flowers!
Ok Winbind smbd nmbd are running now ? also after restart the services.

Please now I need to assign the rights to folder, try  this way
	root at srvcar005:/shares/Userhome# chown "mauriziocaloro:smbadmin"
"Maurizio Caloro"
	chown: invalid user: ?mauriziocaloro:smbadmin?

please its seems that the fileserver arnt joint to domain?


-----Urspr?ngliche Nachricht-----
Von: samba <samba-bounces at lists.samba.org> Im Auftrag von Rowland penny
via samba
Gesendet: Montag, 14. Dezember 2020 11:33
An: sambalist <samba at lists.samba.org>
Betreff: Re: [Samba] rights -- structures

On 14/12/2020 10:26, Maurizio Caloro wrote:
It would, you do not use 'domain' with an AD domain.

Can you please try this smb.conf:

[global]
     workgroup = CARAG
     security = ADS
     realm = CARAG.LOCAL

     dedicated keytab file = /etc/krb5.keytab
     kerberos method = secrets and keytab
     server string = Samba Client %h

     winbind use default domain = yes
     winbind expand groups = 2
     winbind refresh tickets = Yes
     winbind offline logon = yes
     dns proxy = no

     idmap config * : backend = tdb
     idmap config * : range = 3000-7999
     idmap config CARAG : backend = rid
     idmap config CARAG : range = 10000-999999
     template shell = /bin/bash
     template homedir = /home/%U

     domain master = no
     local master = no
     preferred master = no
     host msdfs = no

     # user Administrator workaround, without it you are unable to set
privileges
     username map = /etc/samba/user.map

     # For ACL support on domain member
     vfs objects = acl_xattr
     map acl inherit = Yes
     store dos attributes = Yes

     # Share Setting Globally
     unix extensions = no
     reset on zero vc = yes
     hide unreadable = yes

     # disable printing completely
     load printers = no
     printing = bsd
     printcap name = /dev/null
     disable spoolss = yes

     # logging
     log level = 0
     max log size = 1000

[USERHOME]
         path = /shares/Userhome/
         read only = no

Then create /etc/samba/user.map containing this:

!root = CARAG\Administrator

Restart winbind, smbd and nmbd

Rowland




--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba