Daniel Carrasco
2017-Oct-30 12:07 UTC
[Samba] Unable to authenticate with Samba 4.5 from XP box
Thanks Rowland. Yes, I use ACONFI as Workgroup but I always try to hide my domain name on lists (today i've failed :P) Thanks for your recomendations. I'll change it, and I'll disable the acl_xattr because I use the linux tools to manage the permissions (setfacl). Greetings!! 2017-10-30 12:44 GMT+01:00 Rowland Penny via samba <samba at lists.samba.org>:> On Mon, 30 Oct 2017 12:19:06 +0100 > Daniel Carrasco via samba <samba at lists.samba.org> wrote: > > > Thanks L.P.H and Rowland, > > > > I've just tested the L.P.H solution and after reboot I'm able to > > authenticate with the member server without problem. Is slow listing > > folders with much objects but works (maybe happened always). > > > > Here's my smb.conf: > > > > [global] > > workgroup = DOMAIN > > security = ADS > > realm = DOMAIN.COM > > server role = member server > > dedicated keytab file = /etc/krb5.keytab > > kerberos method = secrets and keytab > > > > idmap config *:backend = tdb > > idmap config *:range = 3000-7999 > > idmap config ACONFI:backend = rid > > idmap config ACONFI:schema_mode = rfc2307 > > idmap config ACONFI:range = 10000-999999 > > I hope that 'workgroup = DOMAIN' is really 'workgroup = ACONFI' > > As you are using 'rid', you do not need the 'schema_mode' line. > > > > > winbind nss info = rfc2307 > > You also do not need the line above. > > > # winbind trusted domains only = no > > winbind use default domain = yes > > # winbind enum users = yes > > # winbind enum groups = yes > > winbind offline logon = yes > > # winbind refresh tickets = Yes > > You really should uncomment the line above. > > > # winbind expand groups = 4 > > winbind normalize names = Yes > > # domain master = no > > # local master = no > > vfs objects = acl_xattr > > map acl inherit = Yes > > store dos attributes = Yes > > log level = 3 > > > > # Configuramos la papelera de reciclaje y el audit > > vfs objects = recycle full_audit > > I would combine the two 'vfs objects' lines, the second one turns off > the first one. > > > > > > [Folder] > > path = /server_ssd/share/folder > > read only = no > > browsable = yes > > valid users = @allowed_group > > As you seem to want to use 'acl_xattr' you should set the valid users > from windows and remove the 'valid users' line. > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >-- _________________________________________ Daniel Carrasco Marín Ingeniería para la Innovación i2TIC, S.L. Tlf: +34 911 12 32 84 Ext: 223 www.i2tic.com _________________________________________
Rowland Penny
2017-Oct-30 12:17 UTC
[Samba] Unable to authenticate with Samba 4.5 from XP box
On Mon, 30 Oct 2017 13:07:17 +0100 Daniel Carrasco <d.carrasco at i2tic.com> wrote:> Thanks for your recomendations. I'll change it, and I'll disable > the acl_xattr because I use the linux tools to manage the permissions > (setfacl). >You will still need 'acl_xattr' for setfacl. Either just use Unix permissions and 'valid users', or use 'acl_xattr' and don't use 'valid users'. Rowland
Daniel Carrasco
2017-Oct-30 16:16 UTC
[Samba] Unable to authenticate with Samba 4.5 from XP box
Thanks, I'll change it later, because for now I'm configuring the permissions. Greetings!! 2017-10-30 13:17 GMT+01:00 Rowland Penny via samba <samba at lists.samba.org>:> On Mon, 30 Oct 2017 13:07:17 +0100 > Daniel Carrasco <d.carrasco at i2tic.com> wrote: > > > Thanks for your recomendations. I'll change it, and I'll disable > > the acl_xattr because I use the linux tools to manage the permissions > > (setfacl). > > > > You will still need 'acl_xattr' for setfacl. Either just use Unix > permissions and 'valid users', or use 'acl_xattr' and don't use 'valid > users'. > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >-- _________________________________________ Daniel Carrasco Marín Ingeniería para la Innovación i2TIC, S.L. Tlf: +34 911 12 32 84 Ext: 223 www.i2tic.com _________________________________________