Eleuterio Contracampo
2017-Apr-21 14:39 UTC
[Samba] Fwd: Unable to change passwords from Win XP Pro clients
Hello everyone, First time with Samba 4. I've got it running mostly (with Windows 7 clients, everything works like a charm.), but I-m struggling with an issue that is driving me nuts (spent countless hours trying out stuff and googleing without luck): When users log in from Win XP Pro terminals, and are forced to change initially assigned passwords, they get an error (1728: error in RCP protocol) and cannot continue. If as an administrator, I force a given password, accounts work without a problem. **Some background about my setup:* PDC: SERV5N BDC: SERV6N root at serv5n:/var/log/samba# samba --version Version 4.3.11-Ubuntu root at serv5n:/var/log/samba# uname -a Linux serv5n.mydomain.org.ar 4.4.0-72-generic #93-Ubuntu SMP Fri Mar 31 14:07:41 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux root at serv5n:/var/log/samba# wbinfo -t checking the trust secret for domain MYDOMAIN via RPC calls succeeded root at serv6n:/var/log/samba# samba-tool ldapcmp ldap://SERV5N ldap://SERV6N -Uadministrator --filter=WhenChanged GENSEC backend 'gssapi_spnego' registered GENSEC backend 'gssapi_krb5' registered GENSEC backend 'gssapi_krb5_sasl' registered GENSEC backend 'spnego' registered GENSEC backend 'schannel' registered GENSEC backend 'naclrpc_as_system' registered GENSEC backend 'sasl-EXTERNAL' registered GENSEC backend 'ntlmssp' registered GENSEC backend 'ntlmssp_resume_ccache' registered GENSEC backend 'http_basic' registered GENSEC backend 'http_ntlm' registered GENSEC backend 'krb5' registered GENSEC backend 'fake_gssapi_krb5' registered Password for [MYDOMAIN\administrator]: * Comparing [DOMAIN] context... * Objects to be compared: 571 * Result for [DOMAIN]: SUCCESS * Comparing [CONFIGURATION] context... * Objects to be compared: 1616 * Result for [CONFIGURATION]: SUCCESS * Comparing [SCHEMA] context... * Objects to be compared: 1550 * Result for [SCHEMA]: SUCCESS * Comparing [DNSDOMAIN] context... * Objects to be compared: 50 * Result for [DNSDOMAIN]: SUCCESS * Comparing [DNSFOREST] context... * Objects to be compared: 18 * Result for [DNSFOREST]: SUCCESS **My smb.conf (PDC):* # Global parameters [global] workgroup = MYDOMAIN realm = MYDOMAIN.ORG.AR netbios name = SERV5N server role = active directory domain controller wins support = yes dns forwarder = 8.8.8.8 allow dns updates = nonsecure idmap_ldb:use rfc2307 = yes security = user map to guest = bad user guest account = nobody tls enabled = yes tls keyfile = /etc/samba/tls/PDC_key.pem tls certfile = /etc/samba/tls/PDC_cert.pem tls cafile log level = 3 server string = %h Server (Samba, Linux) os level = 65 domain logons = yes preferred master = yes domain master = yes local master = yes name resolve order = host wins lmhosts bcast remote announce = 192.168.40.255 remote browse sync = 192.168.40.255 passdb backend = ldapsam:"ldap://127.0.0.1 ldap://192.168.40.213" ldap suffix = dc=MYDOMAIN,dc=org,dc=ar ldap user suffix = ou=users ldap machine suffix = ou=machines ldap group suffix = ou=groups ldap admin dn = cn=admin,dc=MYDOMAIN,dc=org,dc=ar ldap delete dn = no acl:search = false kerberos method = secrets only vfs objects = fileid acl_xattr map acl inherit = yes store dos attributes = yes ldap passwd sync = yes ldap server require strong auth = no # printing printing = cups printcap name = cups printcap cache time = 750 cups options = raw # added for printing performance rpc_server:spoolss = external rpc_daemon:spoolssd = fork spoolssd:prefork_min_children = 5 # Minimum number of child processes spoolssd:prefork_max_children = 25 # Maximum number of child processes spoolssd:prefork_spawn_rate = 5 spoolssd:prefork_max_allowed_clients = 100 spoolssd:prefork_child_min_life = 60 [netlogon] path = /var/lib/samba/sysvol/MYDOMAIN.org.ar/scripts read only = No browsable = No [sysvol] path = /var/lib/samba/sysvol read only = No acl_xattr:ignore system acls = yes [profiles] path = /srv/samba/profiles writable = yes browsable = no guest ok = no create mask = 0600 directory mask = 0700 [grupos] path = /srv/samba/groups read only = No [printers] comment = All Printers browseable = yes path = /var/spool/samba printable = yes writable = no guest ok = no read only = yes create mode = 0700 write list = @adm root # printer drivers [print$] comment = Printer Drivers path = /var/lib/samba/printers browseable = yes read only = yes guest ok = no *Finally, some lines from log.samba:* root at serv5n:/var/log/samba# tail -f log.samba [2017/04/21 10:46:05.255993, 3] ../source4/rpc_server/drsuapi/ getncchanges.c:2008(dcesrv_drsuapi_DsGetNCChanges) UpdateRefs on getncchanges for 375d3482-b7f4-49ae-839b-2ca6a2be9698 [2017/04/21 10:46:05.256822, 2] ../source4/rpc_server/drsuapi/ getncchanges.c:2115(dcesrv_drsuapi_DsGetNCChanges) DsGetNCChanges with uSNChanged >= 3690 flags 0x00000074 on <GUID=aee82ef2-3986-40f4-b177-9107b71151d5>;CN=Schema,CNConfiguration,DC=mydomain,DC=org,DC=ar gave 0 objects (done 0/0) 0 links (done 0/0 (as S-1-5-21-1965676298-842383976-2353361141-1105)) [2017/04/21 10:46:05.554761, 2] ../source4/rpc_server/drsuapi/ getncchanges.c:1428(getncchanges_collect_objects) ../source4/rpc_server/drsuapi/getncchanges.c:1428: getncchanges on CN=Configuration,DC=mydomain,DC=org,DC=ar using filter (uSNChanged>=4145) [2017/04/21 10:46:05.614599, 3] ../source4/rpc_server/drsuapi/ getncchanges.c:2008(dcesrv_drsuapi_DsGetNCChanges) UpdateRefs on getncchanges for 375d3482-b7f4-49ae-839b-2ca6a2be9698 [2017/04/21 10:46:05.615409, 2] ../source4/rpc_server/drsuapi/ getncchanges.c:2115(dcesrv_drsuapi_DsGetNCChanges) DsGetNCChanges with uSNChanged >= 4145 flags 0x00000074 on <GUID=5b78c03c-b01f-4e3d-b60c-6043859d22ad>;CN=Configuration,DC=mydomain,DC=org,DC=ar gave 0 objects (done 0/0) 0 links (done 0/0 (as S-1-5-21-1965676298-842383976-2353361141-1105)) [2017/04/21 10:46:05.796273, 2] ../source4/rpc_server/drsuapi/ getncchanges.c:1428(getncchanges_collect_objects) ../source4/rpc_server/drsuapi/getncchanges.c:1428: getncchanges on DC=mydomain,DC=org,DC=ar using filter (uSNChanged>=7410) [2017/04/21 10:46:05.836114, 3] ../source4/rpc_server/drsuapi/ getncchanges.c:2008(dcesrv_drsuapi_DsGetNCChanges) UpdateRefs on getncchanges for 375d3482-b7f4-49ae-839b-2ca6a2be9698 [2017/04/21 10:46:05.836971, 2] ../source4/rpc_server/drsuapi/ getncchanges.c:2115(dcesrv_drsuapi_DsGetNCChanges) DsGetNCChanges with uSNChanged >= 7410 flags 0x00000074 on <GUID=17a35154-99b3-44c6-8829-a5db4acf402c>;<SID=S-1-5-21- 1965676298-842383976-2353361141>;DC=mydomain,DC=org,DC=ar gave 0 objects (done 0/0) 0 links (done 0/0 (as S-1-5-21-1965676298-842383976- 2353361141-1105)) [2017/04/21 10:46:08.819667, 2] ../source4/dns_server/dns_ query.c:626(dns_server_process_query_send) Not authoritative for 'HOSTXYZ.org.ar', forwarding [2017/04/21 10:46:08.857099, 2] ../source4/dns_server/dns_ query.c:626(dns_server_process_query_send) Not authoritative for 'HOSTXYZ', forwarding [2017/04/21 10:46:08.887511, 2] ../source4/dns_server/dns_ query.c:626(dns_server_process_query_send) Not authoritative for 'HOSTXYZ', forwarding [2017/04/21 10:46:08.915863, 2] ../source4/dns_server/dns_ query.c:626(dns_server_process_query_send) Not authoritative for 'HOSTXYZ', forwarding [2017/04/21 10:46:08.922533, 2] ../source4/dns_server/dns_ query.c:626(dns_server_process_query_send) Not authoritative for 'HOSTXYZ', forwarding [2017/04/21 10:46:08.952902, 2] ../source4/dns_server/dns_ query.c:626(dns_server_process_query_send) Not authoritative for 'HOSTXYZ', forwarding [2017/04/21 10:46:08.981669, 3] ../source4/libcli/resolve/dns_ ex.c:492(pipe_handler) dns child failed to find name 'HOSTXYZ' of type A [2017/04/21 10:46:08.989338, 2] ../source4/dns_server/dns_ query.c:626(dns_server_process_query_send) Not authoritative for 'HOSTXYZ', forwarding [2017/04/21 10:46:08.995976, 2] ../source4/dns_server/dns_ query.c:626(dns_server_process_query_send) Not authoritative for 'HOSTXYZ', forwarding [2017/04/21 10:46:09.026943, 2] ../source4/dns_server/dns_ query.c:626(dns_server_process_query_send) Not authoritative for 'HOSTXYZ', forwarding [2017/04/21 10:46:09.033926, 2] ../source4/dns_server/dns_ query.c:626(dns_server_process_query_send) Not authoritative for 'HOSTXYZ', forwarding [2017/04/21 10:46:09.040783, 2] ../source4/dns_server/dns_ query.c:626(dns_server_process_query_send) Not authoritative for 'HOSTXYZ', forwarding [2017/04/21 10:46:15.942031, 3] ../source4/auth/kerberos/krb5_ init_context.c:80(smb_krb5_debug_wrapper) Kerberos: AS-REQ user1 at mydomain from ipv4:192.168.44.56:1382 for krbtgt/mydomain at mydomain [2017/04/21 10:46:15.945779, 3] ../source4/auth/kerberos/krb5_ init_context.c:80(smb_krb5_debug_wrapper) Kerberos: Client sent patypes: encrypted-timestamp, 128 [2017/04/21 10:46:15.945817, 3] ../source4/auth/kerberos/krb5_ init_context.c:80(smb_krb5_debug_wrapper) Kerberos: Looking for PKINIT pa-data -- user1 at mydomain [2017/04/21 10:46:15.945836, 3] ../source4/auth/kerberos/krb5_ init_context.c:80(smb_krb5_debug_wrapper) Kerberos: Looking for ENC-TS pa-data -- user1 at mydomain [2017/04/21 10:46:15.945919, 3] ../source4/auth/kerberos/krb5_ init_context.c:80(smb_krb5_debug_wrapper) Kerberos: ENC-TS Pre-authentication succeeded -- user1 at mydomain using arcfour-hmac-md5 [2017/04/21 10:46:15.945953, 2] ../source4/auth/sam.c:218( authsam_account_ok) sam_account_ok: Account for user 'user1 at mydomain' password must change!. [2017/04/21 10:46:22.681717, 2] ../source4/dns_server/dns_ query.c:626(dns_server_process_query_send) Not authoritative for 'PROGRAM', forwarding [2017/04/21 10:46:22.688894, 2] ../source4/dns_server/dns_ query.c:626(dns_server_process_query_send) Not authoritative for 'PROGRAM', forwarding [2017/04/21 10:46:22.695961, 2] ../source4/dns_server/dns_ query.c:626(dns_server_process_query_send) Not authoritative for 'PROGRAM', forwarding [2017/04/21 10:46:22.702968, 2] ../source4/dns_server/dns_ query.c:626(dns_server_process_query_send) Not authoritative for 'PROGRAM', forwarding [2017/04/21 10:46:22.709922, 2] ../source4/dns_server/dns_ query.c:626(dns_server_process_query_send) Not authoritative for 'PROGRAM', forwarding [2017/04/21 10:46:22.718366, 3] ../source4/libcli/resolve/dns_ ex.c:492(pipe_handler) dns child failed to find name 'PROGRAM' of type A [2017/04/21 10:46:22.724544, 2] ../source4/dns_server/dns_ query.c:626(dns_server_process_query_send) Not authoritative for 'PROGRAM', forwarding [2017/04/21 10:46:22.752076, 2] ../source4/dns_server/dns_ query.c:626(dns_server_process_query_send) Not authoritative for 'PROGRAM', forwarding [2017/04/21 10:46:22.759247, 2] ../source4/dns_server/dns_ query.c:626(dns_server_process_query_send) Not authoritative for 'PROGRAM', forwarding [2017/04/21 10:46:22.766084, 2] ../source4/dns_server/dns_ query.c:626(dns_server_process_query_send) Not authoritative for 'PROGRAM', forwarding [2017/04/21 10:46:22.773333, 2] ../source4/dns_server/dns_ query.c:626(dns_server_process_query_send) Not authoritative for 'PROGRAM', forwarding [2017/04/21 10:46:27.510607, 3] ../lib/ldb-samba/ldb_wrap.c: 321(ldb_wrap_connect) ldb_wrap open of secrets.ldb [2017/04/21 10:46:27.510985, 3] ../auth/ntlmssp/ntlmssp_util. c:69(debug_ntlmssp_flags) Got NTLMSSP neg_flags=0xe208b2b7 [2017/04/21 10:46:27.515204, 3] ../auth/ntlmssp/ntlmssp_ server.c:452(ntlmssp_server_preauth) Got user=[] domain=[] workstation=[HOSTYYY] len1=1 len2=0 [2017/04/21 10:46:27.515253, 3] ../source4/auth/ntlm/auth.c: 270(auth_check_password_send) auth_check_password_send: Checking password for unmapped user []\[]@[HOSTYYY] auth_check_password_send: mapped user is: [mydomain]\[]@[HOSTYYY] [2017/04/21 10:46:27.515312, 0] ../auth/gensec/gensec.c:257( gensec_verify_dcerpc_auth_level) Did not manage to negotiate mandetory feature SIGN for dcerpc auth_level 6 [2017/04/21 10:46:27.518367, 3] ../source4/smbd/service_ stream.c:66(stream_terminate_connection) Terminating connection - 'dcesrv: dcesrv_fault_disconnect' [2017/04/21 10:46:27.518413, 3] ../source4/smbd/process_ single.c:114(single_terminate) single_terminate: reason[dcesrv: dcesrv_fault_disconnect] [2017/04/21 10:46:27.578922, 3] ../lib/ldb-samba/ldb_wrap.c: 321(ldb_wrap_connect) ldb_wrap open of secrets.ldb [2017/04/21 10:46:27.579290, 3] ../auth/ntlmssp/ntlmssp_util. c:69(debug_ntlmssp_flags) Got NTLMSSP neg_flags=0xe208b2b7 [2017/04/21 10:46:27.584524, 3] ../auth/ntlmssp/ntlmssp_ server.c:452(ntlmssp_server_preauth) Got user=[] domain=[] workstation=[HOSTYYY] len1=1 len2=0 [2017/04/21 10:46:27.584571, 3] ../source4/auth/ntlm/auth.c: 270(auth_check_password_send) auth_check_password_send: Checking password for unmapped user []\[]@[HOSTYYY] auth_check_password_send: mapped user is: [mydomain]\[]@[HOSTYYY] [2017/04/21 10:46:27.584621, 0] ../auth/gensec/gensec.c:257( gensec_verify_dcerpc_auth_level) Did not manage to negotiate mandetory feature SIGN for dcerpc auth_level 6 [2017/04/21 10:46:27.588475, 3] ../source4/smbd/service_ stream.c:66(stream_terminate_connection) Terminating connection - 'dcesrv: dcesrv_fault_disconnect' [2017/04/21 10:46:27.588518, 3] ../source4/smbd/process_ single.c:114(single_terminate) single_terminate: reason[dcesrv: dcesrv_fault_disconnect] [2017/04/21 10:46:27.658991, 3] ../lib/ldb-samba/ldb_wrap.c: 321(ldb_wrap_connect) ldb_wrap open of secrets.ldb [2017/04/21 10:46:27.659355, 3] ../auth/ntlmssp/ntlmssp_util. c:69(debug_ntlmssp_flags) Got NTLMSSP neg_flags=0xe208b2b7 [2017/04/21 10:46:27.664123, 3] ../auth/ntlmssp/ntlmssp_ server.c:452(ntlmssp_server_preauth) Got user=[] domain=[] workstation=[HOSTYYY] len1=1 len2=0 [2017/04/21 10:46:27.664174, 3] ../source4/auth/ntlm/auth.c: 270(auth_check_password_send) auth_check_password_send: Checking password for unmapped user []\[]@[HOSTYYY] auth_check_password_send: mapped user is: [mydomain]\[]@[HOSTYYY] [2017/04/21 10:46:27.664229, 0] ../auth/gensec/gensec.c:257( gensec_verify_dcerpc_auth_level) Did not manage to negotiate mandetory feature SIGN for dcerpc auth_level 6 [2017/04/21 10:46:27.667372, 3] ../source4/smbd/service_ stream.c:66(stream_terminate_connection) Terminating connection - 'dcesrv: dcesrv_fault_disconnect' [2017/04/21 10:46:27.667415, 3] ../source4/smbd/process_ single.c:114(single_terminate) single_terminate: reason[dcesrv: dcesrv_fault_disconnect] [2017/04/21 10:46:27.758583, 3] ../lib/ldb-samba/ldb_wrap.c: 321(ldb_wrap_connect) ldb_wrap open of secrets.ldb [2017/04/21 10:46:27.758980, 3] ../auth/ntlmssp/ntlmssp_util. c:69(debug_ntlmssp_flags) Got NTLMSSP neg_flags=0xe208b2b7 [2017/04/21 10:46:27.763160, 3] ../auth/ntlmssp/ntlmssp_ server.c:452(ntlmssp_server_preauth) Got user=[] domain=[] workstation=[HOSTYYY] len1=1 len2=0 [2017/04/21 10:46:27.763211, 3] ../source4/auth/ntlm/auth.c: 270(auth_check_password_send) auth_check_password_send: Checking password for unmapped user []\[]@[HOSTYYY] auth_check_password_send: mapped user is: [mydomain]\[]@[HOSTYYY] [2017/04/21 10:46:27.763265, 0] ../auth/gensec/gensec.c:257( gensec_verify_dcerpc_auth_level) Did not manage to negotiate mandetory feature SIGN for dcerpc auth_level 6 [2017/04/21 10:46:27.766642, 3] ../source4/smbd/service_ stream.c:66(stream_terminate_connection) Terminating connection - 'dcesrv: dcesrv_fault_disconnect' [2017/04/21 10:46:27.766693, 3] ../source4/smbd/process_ single.c:114(single_terminate) single_terminate: reason[dcesrv: dcesrv_fault_disconnect] Cannot figure out what is going on. Any hint would be most appreciated!! Thanks in advance, EC
Rowland Penny
2017-Apr-21 15:30 UTC
[Samba] Fwd: Unable to change passwords from Win XP Pro clients
On Fri, 21 Apr 2017 10:39:58 -0400 Eleuterio Contracampo via samba <samba at lists.samba.org> wrote:> Hello everyone, > > First time with Samba 4. > I've got it running mostly (with Windows 7 clients, everything works > like a charm.), but I-m struggling with an issue that is driving me > nuts (spent countless hours trying out stuff and googleing without > luck): > > When users log in from Win XP Pro terminals, and are forced to change > initially assigned passwords, they get an error (1728: error in RCP > protocol) and cannot continue. > > **Some background about my setup:* > PDC: SERV5N > BDC: SERV6NYou do not have a 'PDC' & 'BDC', you have two AD DCs> **My smb.conf (PDC):* > > # Global parameters > > [global]Remove this lot from smb.conf: wins support = yes security = user os level = 65 domain logons = yes preferred master = yes domain master = yes local master = yes name resolve order = host wins lmhosts bcast remote announce = 192.168.40.255 remote browse sync = 192.168.40.255 passdb backend = ldapsam:"ldap://127.0.0.1 ldap://192.168.40.213" ldap suffix = dc=MYDOMAIN,dc=org,dc=ar ldap user suffix = ou=users ldap machine suffix = ou=machines ldap group suffix = ou=groups ldap admin dn = cn=admin,dc=MYDOMAIN,dc=org,dc=ar ldap delete dn = no acl:search = false kerberos method = secrets only vfs objects = fileid acl_xattr map acl inherit = yes store dos attributes = yes ldap passwd sync = yes They are either default settings or have absolutely no place in an AD DC smb.conf. The 'ldap' lines should only be used on a ldap based Samba machine, not an AD DC, 'acl_xattr' is built into the samba binary. Finally 'ldap passwd sync' only makes sense when you want the local users passwords to sync with the users in ldap, only problem is, you cannot have a local user with the same name as an AD user. Rowland
Eleuterio Contracampo
2017-Apr-21 15:57 UTC
[Samba] Fwd: Unable to change passwords from Win XP Pro clients
Thank you Rowland!! Sorry about my ignorance. I guess I tried many different things and polluted the smb.conf file. I've removed every single line you mentioned off my smb.conf. Still the problem persists: MYDOMAIN\Administrator (S-1-5-21-1965676298-842383976-2353361141-500) is changing password of user2 at MYDOMAIN.org.ar [2017/04/21 12:05:42.233899, 3] ../source4/smbd/service_stream.c:66(stream_terminate_connection) Terminating connection - 'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED' [2017/04/21 12:05:42.233940, 3] ../source4/smbd/process_single.c:114(single_terminate) single_terminate: reason[kdc_tcp_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED] [2017/04/21 12:05:45.687345, 2] ../source4/dsdb/repl/drepl_notify.c:199(dreplsrv_notify_op_callback) dreplsrv_notify: DsReplicaSync successfuly sent to 375d3482-b7f4-49ae-839b-2ca6a2be9698._msdcs.MYDOMAIN.org.ar [2017/04/21 12:05:46.691655, 2] ../source4/rpc_server/drsuapi/getncchanges.c:1428(getncchanges_collect_objects) ../source4/rpc_server/drsuapi/getncchanges.c:1428: getncchanges on DC=MYDOMAIN,DC=org,DC=ar using filter (uSNChanged>=7425) [2017/04/21 12:05:46.733142, 3] ../source4/rpc_server/drsuapi/getncchanges.c:2008(dcesrv_drsuapi_DsGetNCChanges) UpdateRefs on getncchanges for 375d3482-b7f4-49ae-839b-2ca6a2be9698 [2017/04/21 12:05:46.734033, 2] ../source4/rpc_server/drsuapi/getncchanges.c:2115(dcesrv_drsuapi_DsGetNCChanges) DsGetNCChanges with uSNChanged >= 7425 flags 0x00000074 on <GUID=17a35154-99b3-44c6-8829-a5db4acf402c>;<SID=S-1-5-21-1965676298-842383976-2353361141>;DC=MYDOMAIN,DC=org,DC=ar gave 1 objects (done 1/1) 0 links (done 0/0 (as S-1-5-21-1965676298-842383976-2353361141-1105)) Same behavior: win7 clients work, win XP clients don't. Anything else I should try? thanks again, EC On Fri, Apr 21, 2017 at 11:30 AM, Rowland Penny via samba < samba at lists.samba.org> wrote:> On Fri, 21 Apr 2017 10:39:58 -0400 > Eleuterio Contracampo via samba <samba at lists.samba.org> wrote: > > > Hello everyone, > > > > First time with Samba 4. > > I've got it running mostly (with Windows 7 clients, everything works > > like a charm.), but I-m struggling with an issue that is driving me > > nuts (spent countless hours trying out stuff and googleing without > > luck): > > > > When users log in from Win XP Pro terminals, and are forced to change > > initially assigned passwords, they get an error (1728: error in RCP > > protocol) and cannot continue. > > > > **Some background about my setup:* > > PDC: SERV5N > > BDC: SERV6N > > You do not have a 'PDC' & 'BDC', you have two AD DCs > > > > **My smb.conf (PDC):* > > > > # Global parameters > > > > [global] > > Remove this lot from smb.conf: > > wins support = yes > security = user > os level = 65 > domain logons = yes > preferred master = yes > domain master = yes > local master = yes > name resolve order = host wins lmhosts bcast > remote announce = 192.168.40.255 > remote browse sync = 192.168.40.255 > passdb backend = ldapsam:"ldap://127.0.0.1 ldap://192.168.40.213" > ldap suffix = dc=MYDOMAIN,dc=org,dc=ar > ldap user suffix = ou=users > ldap machine suffix = ou=machines > ldap group suffix = ou=groups > ldap admin dn = cn=admin,dc=MYDOMAIN,dc=org,dc=ar > ldap delete dn = no > acl:search = false > kerberos method = secrets only > vfs objects = fileid acl_xattr > map acl inherit = yes > store dos attributes = yes > ldap passwd sync = yes > > They are either default settings or have absolutely no place in an AD > DC smb.conf. The 'ldap' lines should only be used on a ldap based Samba > machine, not an AD DC, 'acl_xattr' is built into the samba binary. > Finally 'ldap passwd sync' only makes sense when you want the local > users passwords to sync with the users in ldap, only problem is, you > cannot have a local user with the same name as an AD user. > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
Reasonably Related Threads
- Fwd: Unable to change passwords from Win XP Pro clients
- Fwd: Unable to change passwords from Win XP Pro clients
- Fwd: Unable to change passwords from Win XP Pro clients
- Fwd: Unable to change passwords from Win XP Pro clients
- samba getting stuck, highwatermark replication issue?