Luca Bertoncello
2021-Aug-25 10:39 UTC
[Samba] Problem connecting Samba and Windows Active Directory
Hi Rowland,
hier the smb.conf:
-------------------------------------
[global]
server string = NAS Mediaserver
interfaces = lo, eno1
bind interfaces only = yes
wins server = ad01.ad.queo.org, ad02.ad.queo.org
name resolve order = wins, host
multicast dns register = no
enable core files = no
log file = /var/log/samba/log.%m
log level = 1
deadtime = 15
disable netbios = yes
lm announce = no
local master = no
enhanced browsing = no
reset on zero vc = yes
kernel share modes = no
posix locking = no
strict locking = no
use sendfile = yes
async smb echo handler = yes
host msdfs = no
csc policy = disable
case sensitive = yes
mangled names = no
hide unreadable = yes
hide files = /lost+found/
hide dot files = no
veto files =
/.DS_Store/._.DS_Store/._.TemporaryItems/.TemporaryItems/Thumbs.db/
delete veto files = yes
workgroup = AD-QUEO-ORG
realm = AD.QUEO.ORG
server role = MEMBER
server services = +smb
security = ADS
kerberos method = system keytab
obey pam restrictions = no
map to guest = Bad User
guest account = nobody
client signing = auto
client min protocol = NT1
server signing = auto
server min protocol = NT1
create krb5 conf = no
acl map full control = no
idmap config * : range = 2000-10000
idmap config AD-QUEO-ORG : backend = ad
idmap config AD-QUEO-ORG : range = 200000-1000200000
idmap config AD-QUEO-ORG : unix_primary_group = yes
idmap config AD-QUEO-ORG : schema_mode = rfc2307
idmap config AD-QUEO-ORG : unix_nss_info = yes
winbind cache time = 600
winbind enum users = yes
winbind enum groups = yes
winbind refresh tickets = yes
winbind use default domain = true
winbind nss info = rfc2307
utmp = no
load printers = No
disable spoolss = yes
printing = bsd
printcap name = /dev/null
template homedir = /home/%U
template shell = /bin/bash
[queo.communication]
comment = Media Share
path = /srv/hdd-mirror1/media-share/queo.communication
valid users = "@AD-QUEO-ORG\Funktion - Zugriff
Netzwerkfreigaben"
force user = mediashare
force group = mediashare
read only = No
directory mask = 0755
force directory mode = 0755
create mask = 0644
force create mode = 0644
vfs objects = shadow_copy2
shadow:snapdir = .zfs/snapshot
shadow:sort = desc
shadow: format = -%Y-%m-%d-%H%M
shadow: snapprefix =
^zfs-auto-snap_\(frequent\)\{0,1\}\(hourly\)\{0,1\}\(daily\)\{0,1\}\(monthly\)\{0,1\}
shadow: delimiter = -20
-------------------------------------
-----Urspr?ngliche Nachricht-----
Von: samba <samba-bounces at lists.samba.org> Im Auftrag von Rowland Penny
via samba
Gesendet: Mittwoch, 25. August 2021 12:12
An: samba at lists.samba.org
Betreff: Re: [Samba] Problem connecting Samba and Windows Active Directory
Please post your smb.conf
Rowland Penny
2021-Aug-25 11:06 UTC
[Samba] Problem connecting Samba and Windows Active Directory
On Wed, 2021-08-25 at 10:39 +0000, Luca Bertoncello via samba wrote:> Hi Rowland, > > hier the smb.conf: > > ------------------------------------- > [global] > server string = NAS Mediaserver > interfaces = lo, eno1 > bind interfaces only = yes > wins server = ad01.ad.queo.org, ad02.ad.queo.org > name resolve order = wins, host > multicast dns register = no > enable core files = no > log file = /var/log/samba/log.%m > log level = 1 > deadtime = 15 > disable netbios = yes > lm announce = no > local master = no > enhanced browsing = no > reset on zero vc = yes > kernel share modes = no > posix locking = no > strict locking = no > use sendfile = yes > async smb echo handler = yes > host msdfs = no > csc policy = disable > > case sensitive = yes > mangled names = no > hide unreadable = yes > hide files = /lost+found/ > hide dot files = no > veto files > /.DS_Store/._.DS_Store/._.TemporaryItems/.TemporaryItems/Thumbs.db/ > delete veto files = yes > > workgroup = AD-QUEO-ORG > realm = AD.QUEO.ORG > server role = MEMBER > server services = +smb > security = ADS > kerberos method = system keytab > obey pam restrictions = no > map to guest = Bad User > guest account = nobody > client signing = auto > client min protocol = NT1 > server signing = auto > server min protocol = NT1 > create krb5 conf = no > acl map full control = no > idmap config * : range = 2000-10000 > idmap config AD-QUEO-ORG : backend = ad > idmap config AD-QUEO-ORG : range = 200000-1000200000 > idmap config AD-QUEO-ORG : unix_primary_group = yes > idmap config AD-QUEO-ORG : schema_mode = rfc2307 > idmap config AD-QUEO-ORG : unix_nss_info = yes > winbind cache time = 600 > winbind enum users = yes > winbind enum groups = yes > winbind refresh tickets = yes > winbind use default domain = true > winbind nss info = rfc2307 > utmp = no > load printers = No > disable spoolss = yes > printing = bsd > printcap name = /dev/null > > template homedir = /home/%U > template shell = /bin/bash > > [queo.communication] > comment = Media Share > path = /srv/hdd-mirror1/media-share/queo.communication > valid users = "@AD-QUEO-ORG\Funktion - Zugriff > Netzwerkfreigaben" > force user = mediashare > force group = mediashare > read only = No > directory mask = 0755 > force directory mode = 0755 > create mask = 0644 > force create mode = 0644 > vfs objects = shadow_copy2 > shadow:snapdir = .zfs/snapshot > shadow:sort = desc > shadow: format = -%Y-%m-%d-%H%M > shadow: snapprefix = ^zfs-auto- > snap_\(frequent\)\{0,1\}\(hourly\)\{0,1\}\(daily\)\{0,1\}\(monthly\)\ > {0,1\} > shadow: delimiter = -20 >I should also have asked what your AD server is ? Do you realise that with 'disable netbios = yes' in your smb.conf, you have turned off wins ? More to follow when I find out what your DC is. Rowland