samba - Aug 2017 - Share access problem

Hi Rowland and everyone,

Thanks a lot of for your answer!
I really appreciate it!

I modified all my config with your suggests BUT it still don't work.

I can ONLY list my local users with getent passwd, getent group... Why ?
https://pastebin.com/22DAQqc6

Thanks in advance.

Sébastien
[Samba] Share access problem.
Rowland Penny rpenny at samba.org
<mailto:samba%40lists.samba.org?Subject=Re%3A%20%5BSamba%5D%20Share%20access%20problem.&In-Reply-To=%3C20170811203103.23525de2%40devstation.samdom.example.com%3E>
Fri Aug 11 19:31:03 UTC 2017

 *   Previous message (by thread): [Samba] Share access
problem.<https://lists.samba.org/archive/samba/2017-August/210239.html>
 *   Next message (by thread): [Samba] (no
subject)<https://lists.samba.org/archive/samba/2017-August/210143.html>
 *   Messages sorted by: [ date
]<https://lists.samba.org/archive/samba/2017-August/date.html#210243> [
thread
]<https://lists.samba.org/archive/samba/2017-August/thread.html#210243> [
subject
]<https://lists.samba.org/archive/samba/2017-August/subject.html#210243> [
author
]<https://lists.samba.org/archive/samba/2017-August/author.html#210243>

________________________________

On Fri, 11 Aug 2017 14:59:36 -0400

<Sebastien.Boulianne at
cpu.ca<https://lists.samba.org/mailman/listinfo/samba>> wrote:


> Hi,
>
> I checked my config this week.
> I did some changes.
>
> I can now list the share FTPFiles but I cant view the files.
> What can be wrong ?
>
> # krb5.conf
> https://pastebin.com/gDhMnM4B
>
> # nsswitch.conf
> https://pastebin.com/HEk1LwJg
>
> # smb.conf
> https://pastebin.com/f5hqStFk
>
> # log.winbindd
> https://pastebin.com/nxv13gd9
>


OK, I would change /etc/krb5.conf to just this:



[libdefaults]

    default_realm = DOMAIN.QC.CA

    dns_lookup_realm = false

    dns_lookup_kdc = true



In /etc/nsswitch.conf change:



passwd:         files winbind systemd sss

group:          files winbind systemd sss

shadow:         files systemd sss



To:



passwd:         files winbind

group:          files winbind

shadow:         files



Change:



hosts:          files docker [NOTFOUND=return] gw_name mdns4_minimal

[NOTFOUND=return] resolve [!UNAVAIL=return] dns myhostname mymachines



To:



hosts:          files dns



Change:



protocols:      db files winbind

services:       db files winbind sss



To:



protocols:      db files

services:       db files



Change:



netgroup:       nis files winbind sss



To:



netgroup:       nis



I would remove all these lines from smb.conf:



        logon drive = H:

        max xmit = 32768

        min receivefile size = 2048

        map to guest = Bad User

        obey pam restrictions = Yes

        pam password change = Yes

        passdb backend = smbpasswd

        passwd chat = *Enter\snew\s*\spassword:* %n\n
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully*.

        passwd program = /usr/bin/passwd %u

        password server = domainmaster2.domain.qc.ca domainmaster1.domain.qc.ca

        restrict anonymous = 1

        unix password sync = Yes

        deadtime = 15

        idmap gid = 10000-20000

        winbind cache time = 30

        winbind enum groups = Yes

        winbind enum users = Yes

        dns proxy = No

        wins server = 10.20.1.64

        aio read size = 2048

        aio write size = 2048

        use sendfile = Yes

        write cache size = 1024000



I would change this line:



        idmap config * : range = 10000-20000



To:



        idmap config * : range = 3000-7999



I would add:



    idmap config DOMAIN : backend = rid

    idmap config DOMAIN : range = 10000-999999

    template shell = /bin/bash

    template homedir = /home/%U



    vfs objects = acl_xattr

    map acl inherit = Yes

    store dos attributes = Yes



With these changes it should work, but it is your computer, so the

choice is yours, use winbind or sssd for authentication, you cannot use

both.



Rowland



________________________________

 *   Previous message (by thread): [Samba] Share access
problem.<https://lists.samba.org/archive/samba/2017-August/210239.html>
 *   Next message (by thread): [Samba] (no
subject)<https://lists.samba.org/archive/samba/2017-August/210143.html>
 *   Messages sorted by: [ date
]<https://lists.samba.org/archive/samba/2017-August/date.html#210243> [
thread
]<https://lists.samba.org/archive/samba/2017-August/thread.html#210243> [
subject
]<https://lists.samba.org/archive/samba/2017-August/subject.html#210243> [
author
]<https://lists.samba.org/archive/samba/2017-August/author.html#210243>

________________________________
More information about the samba mailing
list<https://lists.samba.org/mailman/listinfo/samba>

On Wed, 16 Aug 2017 15:36:57 -0400
Sébastien Boulianne via samba <samba at lists.samba.org> wrote:
> Hi Rowland and everyone,
> 
> Thanks a lot of for your answer!
> I really appreciate it!
> 
> I modified all my config with your suggests BUT it still don't work.
> 
> I can ONLY list my local users with getent passwd, getent group...
> Why ? https://pastebin.com/22DAQqc6
> 
WRONG:
        idmap config * : range = 10000-20000
        idmap config domain : range = 3000-7999
        idmap config domain : backend = rid
        idmap config * : backend = tdb

RIGHT:
        idmap config * : backend = tdb
        idmap config * : range = 3000-7999
        idmap config domain : backend = rid
        idmap config domain : range = 10000-20000

REMOVE THIS:

        idmap gid = 10000-20000

Why do you insist on adding this line, it is deprecated by the 'idmap
config' lines

But that might not be your problem. Are you saying that 'getent passwd'
only shows your local users ? If so, then this is by design, have you
tried 'getent passwd ausername' ?

Rowland

Hi Rowland,

Thanks AGAIN for your answer.
I followed what you advise me to do...
If you tell me something and I didn't change it, I forget it.

I give you more infos this time:

Please look at my full smb.conf
https://pastebin.com/WR2CY9SW

Now, please check my testparm result
https://pastebin.com/2jMDtWs2

Can you explain that sir ?

Thanks in advance.

Peace! ;)

Sébastien ;)


-----Message d'origine-----
De : samba [mailto:samba-bounces at lists.samba.org] De la part de Rowland Penny
via samba
Envoyé : 16 août 2017 16:12
À : samba at lists.samba.org
Objet : Re: [Samba] Share access problem

On Wed, 16 Aug 2017 15:36:57 -0400
Sébastien Boulianne via samba <samba at lists.samba.org> wrote:
> Hi Rowland and everyone,
> 
> Thanks a lot of for your answer!
> I really appreciate it!
> 
> I modified all my config with your suggests BUT it still don't work.
> 
> I can ONLY list my local users with getent passwd, getent group...
> Why ? https://pastebin.com/22DAQqc6
> 
WRONG:
        idmap config * : range = 10000-20000
        idmap config domain : range = 3000-7999
        idmap config domain : backend = rid
        idmap config * : backend = tdb

RIGHT:
        idmap config * : backend = tdb
        idmap config * : range = 3000-7999
        idmap config domain : backend = rid
        idmap config domain : range = 10000-20000

REMOVE THIS:

        idmap gid = 10000-20000

Why do you insist on adding this line, it is deprecated by the 'idmap
config' lines

But that might not be your problem. Are you saying that 'getent passwd'
only shows your local users ? If so, then this is by design, have you tried
'getent passwd ausername' ?

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba