Hey, I have a Windows Server 2016 as a DC and a Debian (Stretch) Server joined the domain. I only want to use this server as a fileserver, but domain-users cannot access the share. Here is what I did: smb.conf: https://paste.ubuntu.com/p/2fKDYFrZ6h/ nsswitch.conf: https://paste.ubuntu.com/p/qjKnKMtZ42/ mkdir /home/EXAMPLE/profile chmod 1770 /home/example/profile chgrp domänen-benutzer /home/EXAMPLE/profile net conf addshare profile /home/EXAMPLE/profile writeable=y guest_ok=n "profile" net conf setparm profile "profile acls" "yes" What did I do wrong?
On Sat, 12 May 2018 21:08:22 +0200 Michael Funke via samba <samba at lists.samba.org> wrote:> Hey, > > I have a Windows Server 2016 as a DC and a Debian (Stretch) Server > joined the domain. I only want to use this server as a fileserver, but > domain-users cannot access the share. > > Here is what I did: > smb.conf: https://paste.ubuntu.com/p/2fKDYFrZ6h/Change: idmap config * : range = 1000000 - 1999999 To: idmap config * : range = 3000-7999 The ranges cannot overlap, yours are identical Remove the 'server role' line, it isn't a standalone server.> nsswitch.conf: https://paste.ubuntu.com/p/qjKnKMtZ42/Remove winbind from the shadow line.> > mkdir /home/EXAMPLE/profile > chmod 1770 /home/example/profile > chgrp domänen-benutzer /home/EXAMPLE/profile > net conf addshare profile /home/EXAMPLE/profile writeable=y > guest_ok=n "profile" net conf setparm profile "profile acls" "yes"The first three lines above are okay, but the next are only used if you put smb.conf into a registry based config, put them into the smb.conf itself.>> What did I do wrong?Probably didn't read the samba wiki: https://wiki.samba.org/index.php/Main_Page Rowland
On Sat, 12 May 2018 22:28:58 +0200 Michael Funke <michael at funke-hof.de> wrote:> Thanks, but it doesn't work. I changed what you said. This is > testparm: > > Load smb config files from /etc/samba/smb.conf > rlimit_max: increasing rlimit_max (1024) to minimum Windows limit > (16384) Processing section "[profile]" > Loaded services file OK. > Server role: ROLE_DOMAIN_MEMBER > > Press enter to see a dump of your service definitions > > # Global parameters > [global] > realm = EXAMPLE.LOCAL > workgroup = EXAMPLE > log file = /var/log/samba/log.%m > max log size = 1000 > security = ADS > template shell = /bin/bash > winbind enum groups = Yes > winbind enum users = Yes > winbind refresh tickets = Yes > winbind use default domain = Yes > idmap config EXAMPLE : range = 1000000 - 1999999 > idmap config EXAMPLE : backend = rid > idmap config * : range = 3000 - 7999 > idmap config * : backend = tdb > store dos attributes = Yes > inherit acls = Yes > vfs objects = acl_xattr > > > [profile] > comment = profile > path = /home/ EXAMPLE/profile^ There is a space here, cut & paste error ?> profile acls = Yes > read only = No > > Any more ideas?we have a wiki page for this: https://wiki.samba.org/index.php/Roaming_Windows_User_Profiles Rowland Rowland
Okay, you are right. I used a german book called "SAMBA 4". Now I used only the wiki and it works. Thanks a lot. 2018-05-12 22:38 GMT+02:00 Rowland Penny via samba <samba at lists.samba.org>:> On Sat, 12 May 2018 22:28:58 +0200 > Michael Funke <michael at funke-hof.de> wrote: > > > Thanks, but it doesn't work. I changed what you said. This is > > testparm: > > > > Load smb config files from /etc/samba/smb.conf > > rlimit_max: increasing rlimit_max (1024) to minimum Windows limit > > (16384) Processing section "[profile]" > > Loaded services file OK. > > Server role: ROLE_DOMAIN_MEMBER > > > > Press enter to see a dump of your service definitions > > > > # Global parameters > > [global] > > realm = EXAMPLE.LOCAL > > workgroup = EXAMPLE > > log file = /var/log/samba/log.%m > > max log size = 1000 > > security = ADS > > template shell = /bin/bash > > winbind enum groups = Yes > > winbind enum users = Yes > > winbind refresh tickets = Yes > > winbind use default domain = Yes > > idmap config EXAMPLE : range = 1000000 - 1999999 > > idmap config EXAMPLE : backend = rid > > idmap config * : range = 3000 - 7999 > > idmap config * : backend = tdb > > store dos attributes = Yes > > inherit acls = Yes > > vfs objects = acl_xattr > > > > > > [profile] > > comment = profile > > path = /home/ EXAMPLE/profile > ^ > There is a space here, cut & paste error ? > > > profile acls = Yes > > read only = No > > > > Any more ideas? > > we have a wiki page for this: > > https://wiki.samba.org/index.php/Roaming_Windows_User_Profiles > > Rowland > > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >