Em ter., 8 de abr. de 2025 ?s 12:22, Rowland Penny via samba < samba at lists.samba.org> escreveu:> On Tue, 8 Apr 2025 11:36:19 -0300 > "Douglas G. Oechsler via samba" <samba at lists.samba.org> wrote: > > > Hello! > > How are you? > > > > I updated samba 4.18 to 4.20 and made a new samba ad member with samba > > 4.20. So transfer FSMO from 4.18 to 4.20. Follow commands to fix > > something and finish disable 4.18. > > All appears to work well for about 20 days > > Could it actually have been 30 days ? > > Yes, or + or -> > and yesterday while > > trying to configure special permissions on RSAT windows (read, write > > and no erase) at the finish command it made total control and no > > respect to the special permissions command. What can be wrong? When > > was 4.18 its working. > > > > *The samba version on samba server files is 4.20.2* package distro > > How have you setup the file server ? > Can we please see your smb.conf file ? > Is sssd running as well ? > >no, sssd not running We have winbind. The samba file server config: cat /etc/samba/smb.conf [global] bind interfaces only = Yes interfaces = lo ens18 dedicated keytab file = /etc/krb5.keytab kerberos method = secrets and keytab log file = /var/log/samba/%m.log min domain uid = 0 realm = MYDOMAIN.DOM username map = /etc/samba/user.map security = ADS template homedir = /home/%U template shell = /bin/bash winbind refresh tickets = Yes winbind use default domain = Yes workgroup = MYDOMAIN idmap config mydomain : range = 10000-999999 idmap config mydomain : backend = rid idmap config * : range = 3000-7999 idmap config * : backend = tdb map acl inherit = Yes vfs objects = acl_xattr store dos attributes = yes [Disco-Arquivos] path = /mnt/diskrede/ read only = no browseable = yes ----------------------------------------------> > > > System Operating > > > > Rocky Linux version: > > NAME="Rocky Linux" > > VERSION="9.5 (Blue Onyx)" > > ID="rocky" > > ID_LIKE="rhel centos fedora" > > VERSION_ID="9.5" > > PLATFORM_ID="platform:el9" > > PRETTY_NAME="Rocky Linux 9.5 (Blue Onyx)" > > ANSI_COLOR="0;32" > > LOGO="fedora-logo-icon" > > CPE_NAME="cpe:/o:rocky:rocky:9::baseos" > > HOME_URL="https://rockylinux.org/" > > VENDOR_NAME="RESF" > > VENDOR_URL="https://resf.org/" > > BUG_REPORT_URL="https://bugs.rockylinux.org/" > > SUPPORT_END="2032-05-31" > > ROCKY_SUPPORT_PRODUCT="Rocky-Linux-9" > > ROCKY_SUPPORT_PRODUCT_VERSION="9.5" > > REDHAT_SUPPORT_PRODUCT="Rocky Linux" > > REDHAT_SUPPORT_PRODUCT_VERSION="9.5" > > > > ----------------------------------------------------------- > > > > > > *Samba version on AD-DC * > > Version 4.20.8-tranquilit-1 > > I take it that you followed Tranquils instructions to set up the DC. > >Yes Rowland, some people say that Tranquils works nice. But, I Think compiled mode was working well for me. What do you think about? Thanks> Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >-- *Douglas Giovani Oechsler* e-mail: doguibnu at gmail.com <douglasgiovani at oechsler.com.br> *Prudent?polis - PR*
On Tue, 8 Apr 2025 14:41:27 -0300 "Douglas G. Oechsler via samba" <samba at lists.samba.org> wrote:> Em ter., 8 de abr. de 2025 ?s 12:22, Rowland Penny via samba < > samba at lists.samba.org> escreveu: > > > On Tue, 8 Apr 2025 11:36:19 -0300 > > "Douglas G. Oechsler via samba" <samba at lists.samba.org> wrote: > > > > > Hello! > > > How are you? > > > > > > I updated samba 4.18 to 4.20 and made a new samba ad member with > > > samba 4.20. So transfer FSMO from 4.18 to 4.20. Follow commands > > > to fix something and finish disable 4.18. > > > All appears to work well for about 20 days > > > > Could it actually have been 30 days ? > > > > Yes, or + or -If it was 30 days, it could be a kerberos problem, the kerberos ticket isn't being renewed correctly, which is why I asked about sssd, if both are running, then it is possible that the wrong package updates the ticket (and hence becomes the owner).> > > > > > and yesterday while > > > trying to configure special permissions on RSAT windows (read, > > > write and no erase) at the finish command it made total control > > > and no respect to the special permissions command. What can be > > > wrong? When was 4.18 its working. > > > > > > *The samba version on samba server files is 4.20.2* package > > > distroThe problem with Samba 4.20.x is that it is, from the Samba point of view, in security fixes only mode, so if you are hitting a bug, then it is unlikely to get fixed (unless redhat decides to backport any such fix) and indeed it might have already have been fixed in a later version. I suggest you use the TranquiIT Samba packages (you can get 4.21.5) everywhere and see if the problem persists.> > > > How have you setup the file server ? > > Can we please see your smb.conf file ? > > Is sssd running as well ? > > > > > no, sssd not running > We have winbind.Good, but did you follow any of the redhat instructions ?> > > The samba file server config: > > cat /etc/samba/smb.conf > [global] > > bind interfaces only = Yes > interfaces = lo ens18 > dedicated keytab file = /etc/krb5.keytab > kerberos method = secrets and keytab > log file = /var/log/samba/%m.log > min domain uid = 0 > realm = MYDOMAIN.DOM > username map = /etc/samba/user.map > security = ADS > template homedir = /home/%U > template shell = /bin/bash > winbind refresh tickets = Yes > winbind use default domain = Yes > workgroup = MYDOMAIN > idmap config mydomain : range = 10000-999999 > idmap config mydomain : backend = rid > idmap config * : range = 3000-7999 > idmap config * : backend = tdb > map acl inherit = Yes > vfs objects = acl_xattr > store dos attributes = yes > > > [Disco-Arquivos] > > path = /mnt/diskrede/ > read only = no > browseable = yesNothing really wrong there, you could almost be looking at my smb.conf ;-) Rowland