samba - Aug 2016 - Hyper-V Virtual Machines fail to start on Samba shares

On 08/05/2016 03:50 AM, Rowland Penny wrote:
> On Fri, 5 Aug 2016 08:38:09 +0200
> Adam Błaszczykowski <adam.blaszczykowski at gmail.com> wrote:
>
>> ok sorry for that, now should be ok :-D
>>
>> *smb.conf:*
>> [global]
>>      workgroup = RES
>>      netbios name = dsshp2
>>      vfs objects = acl_xattr shadow_copy2 fileid
>>      fileid:mapping = fsid
>>      encrypt passwords = yes
>>      domain logons = no
>>      log level = 3
>>      log file = /var/log/samba/log.%m
>>      max log size = 6000
>>      socket options = TCP_NODELAY IPTOS_LOWDELAY
>>      os level = 0
>>      local master = no
>>      locking = yes
>>      preferred master = no
>>      domain master = no
>>      invalid users = root
>>      guest account = nobody
>>      map to guest = Bad User
>>      wide links = no
>>      force unknown acl user = yes
>>      winbind enum users = yes
>>      winbind enum groups = yes
>>      winbind refresh tickets = yes
>>      winbind request timeout = 200
>>      printcap cache time = 0
>>      passdb backend = tdbsam
>>      unix extensions = no
>>      server max protocol = SMB3
>>      shadow: snapdir = .zfs/snapshot
>>      shadow: sort = desc
>>      shadow: format = autosnap_%Y-%m-%d-%H%M%S
>>      shadow: localtime = yes
>>      kernel oplocks = yes
>>      store dos attributes = yes
>>      veto files >>
/.nfs/._.DS_Store/:2eFBCLockFolder/.FBCLockFolder/:2eFBCIndex/.FBCIndex/:2eDS_Store/.DS_Store/TheVolumeSettingsFolder/TheFindByContentFolder/Temporary
>> Items/Network Trash
>> Folder/.AppleDB/:2eVolumeIcon.icns/.VolumeIcon.icns/Icon?/.Ap$
>>      wins server >>      admin users =
"RES+administrator"
>>      idmap config * : backend = autorid
>>      idmap config * : range = 1000000-19999999
>>      idmap config * : rangesize = 1000000
>>      security = ads
>>      server role = member
>>      realm = RES.LOCAL
>>      workgroup = RES
>>      allow trusted domains = yes
>> [s1]
>>      short preserve case=yes
>>      inherit owner=no
>>      valid users>>      case sensitive=no
>>      map acl inherit=yes
>>      guest ok=yes
>>      preserve case=yes
>>      inherit permissions=yes
>>      default case=lower
>>      path=/Pools/Pool-0/d1/s1
>>      read only=no
>>      guest only=yes
>>      access based share enum=no
>>      writeable=yes
>>      public=yes
>>
> Lets start here:
>      admin users = "RES+administrator"
>
> You seem to be using '+' as the winbind separator, but the default
is
> '\' and I cannot see this line ' winbind separator = +' in
your
> smb.conf. You should also probably map 'Administrator' to
'root' with a
> usermap.
>
> Next your AD users & groups, you have this:
>
>      idmap config * : backend = autorid
>      idmap config * : range = 1000000-19999999
>      idmap config * : rangesize = 1000000
>
> The '*' range is for the BUILTIN users & groups etc, you do not
seem to
> have anywhere to map your normal users. Can I suggest you have a look
> here:
> https://wiki.samba.org/index.php/Setup_Samba_as_an_AD_Domain_Member
>
> There are other minor things I would change, but the above are the main
> ones.
>
> Could you also please keep your posts on list.
>
> Rowland
>
What about the use of 'realm = RES.LOCAL'?

On Fri, 5 Aug 2016 04:47:05 -0400
Steve Ankeny <steve_a at cinergymetro.net> wrote:

> What about the use of 'realm = RES.LOCAL'?
> 
 
I have given up bothering about people who are unwise enough to
use .local. It must be splattered all over the internet by now that
.local shouldn't be used.

Rowland

Am 05.08.2016 um 14:18 schrieb Rowland Penny:
> On Fri, 5 Aug 2016 04:47:05 -0400
> Steve Ankeny <steve_a at cinergymetro.net> wrote:
>
>
>> What about the use of 'realm = RES.LOCAL'?
>
>
> I have given up bothering about people who are unwise enough to
> use .local. It must be splattered all over the internet by now that
> .local shouldn't be used
to be honest - unwise where the fools which came to the idea making 
.local a defined reserved TLD after it was used for decades freely 
instead use .zeroconf for what .local was abused for

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL:
<http://lists.samba.org/pipermail/samba/attachments/20160805/bcadc09c/signature.sig>