Hai, Rowland did mean, post it without the -v.. Since its an AD server. Run : samba-tool testparm Can you post that that gives a better insight. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > bar???? tombul via samba > Verzonden: dinsdag 19 februari 2019 11:37 > Aan: Rowland Penny > CC: samba > Onderwerp: Re: [Samba] samba 4.8x problem > > Dear Rowland, > > You can see the output of "testparm -v" in the below. > > kind regards. > # Global parameters > [global] > abort shutdown script > add group script > add machine script > addport command > addprinter command > add share command > add user script > add user to group script > afs token lifetime = 604800 > afs username map > aio max threads = 100 > algorithmic rid base = 1000 > allow dcerpc auth level connect = No > allow dns updates = nonsecure and secure > allow insecure wide links = No > allow nt4 crypto = No > allow trusted domains = Yes > allow unsafe cluster upgrade = No > apply group policies = No > async smb echo handler = No > auth event notification = No > auto services > binddns dir = /usr/local/samba/bind-dns > bind interfaces only = Yes > browse list = Yes > cache directory = /usr/local/samba/var/cache > change notify = Yes > change share command > check password script > cldap port = 389 > client ipc max protocol = default > client ipc min protocol = default > client ipc signing = default > client lanman auth = No > client ldap sasl wrapping = sign > client max protocol = default > client min protocol = CORE > client NTLMv2 auth = No > client plaintext auth = No > client schannel = Yes > client signing = required > client use spnego principal = No > client use spnego = Yes > cluster addresses > clustering = No > config backend = file > config file > create krb5 conf = Yes > ctdbd socket > ctdb locktime warn threshold = 0 > ctdb timeout = 0 > cups connection timeout = 60 > cups encrypt = No > cups server > dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr, netlogon, > lsarpc, drsuapi, dssetup, unixinfo, browser, eventlog6, > backupkey, remote, > dnsserver > deadtime = 0 > debug class = No > debug hires timestamp = Yes > debug pid = No > debug prefix timestamp = No > debug uid = No > dedicated keytab file = /etc/krb5.keytab > default service > defer sharing violations = Yes > delete group script > deleteprinter command > delete share command > delete user from group script > delete user script > dgram port = 138 > disable netbios = No > disable spoolss = No > dns forwarder > dns proxy = No > dns update command = /usr/local/samba/sbin/samba_dnsupdate > domain logons = Yes > domain master = Yes > dos charset = CP850 > enable asu support = No > enable core files = Yes > enable privileges = Yes > encrypt passwords = Yes > enhanced browsing = Yes > enumports command = /usr/local/bin/show-ports.sh > eventlog list > get quota command > getwd cache = Yes > gpo update command = /usr/local/samba/sbin/samba_gpoupdate > guest account = nobody > homedir map = auto.home > host msdfs = Yes > hostname lookups = No > idmap backend = tdb > idmap cache time = 604800 > idmap gid > idmap negative cache time = 120 > idmap uid > include system krb5 conf = Yes > init logon delay = 100 > init logon delayed hosts > interfaces = lo ens192 > iprint server > keepalive = 300 > kerberos encryption types = all > kerberos method = secrets and keytab > kernel change notify = Yes > kpasswd port = 464 > krb5 port = 88 > lanman auth = No > large readwrite = Yes > ldap admin dn > ldap connection timeout = 2 > ldap debug level = 0 > ldap debug threshold = 10 > ldap delete dn = No > ldap deref = auto > ldap follow referral = Auto > ldap group suffix > ldap idmap suffix > ldap machine suffix > ldap page size = 1000 > ldap passwd sync = no > ldap replication sleep = 1000 > ldap server require strong auth = No > ldap ssl = start tls > ldap ssl ads = No > ldap suffix > ldap timeout = 15 > ldap user suffix > lm announce = Auto > lm interval = 60 > load printers = No > local master = Yes > lock directory = /usr/local/samba/var/lock > lock spin time = 200 > log file = /var/log/samba/log.%m > logging = file > log level = 2 > log nt token command > logon drive > logon home = \\%N\%U > logon path = \\%N\%U\profile > logon script > log writeable files on exit = No > lpq cache time = 30 > lsa over netlogon = No > machine password timeout = 604800 > mangle prefix = 1 > mangling method = hash2 > map to guest = Bad User > max disk size = 0 > max log size = 0 > max mux = 50 > max open files = 65535 > max smbd processes = 0 > max stat cache size = 256 > max ttl = 259200 > max wins ttl = 518400 > max xmit = 65535 > mdns name = netbios > message command > min receivefile size = 16384 > min wins ttl = 21600 > mit kdc command > multicast dns register = Yes > name cache timeout = 3600 > name resolve order = lmhosts wins host bcast > nbt client socket address = 0.0.0.0 > nbt port = 137 > ncalrpc dir = /usr/local/samba/var/run/ncalrpc > netbios aliases > netbios name = TEST > netbios scope > neutralize nt4 emulation = No > NIS homedir = No > nmbd bind explicit broadcast = Yes > nsupdate command = /usr/bin/nsupdate -g > ntlm auth = ntlmv1-permitted > nt pipe support = Yes > ntp signd socket directory = /usr/local/samba/var/lib/ntp_signd > nt status support = Yes > null passwords = No > obey pam restrictions = No > old password allowed period = 120 > oplock break wait time = 0 > os2 driver map > os level = 255 > pam password change = Yes > panic action > passdb backend = samba_dsdb > passdb expand explicit = No > passwd chat = *New*password* %n\n *ReType*new*password* > %n\n*passwd:*all*authentication*tokens*updated*successfully* > passwd chat debug = No > passwd chat timeout = 2 > passwd program = /usr/local/samba/bin/smbpasswd %u > password hash gpg key ids > password hash userPassword schemes > password server = TEST.facility.local > perfcount module > pid directory = /usr/local/samba/var/run > preferred master = Yes > prefork children = 1 > preload modules > printcap cache time = 0 > printcap name = cups > private dir = /usr/local/samba/private > raw NTLMv2 auth = No > read raw = Yes > realm = FACILITY.LOCAL > registry shares = No > reject md5 clients = No > reject md5 servers = No > remote announce > remote browse sync > rename user script > require strong key = Yes > reset on zero vc = No > restrict anonymous = 0 > rndc command = /usr/sbin/rndc > root directory > rpc big endian = No > rpc server dynamic port range = 49152-65535 > rpc server port = 0 > samba kcc command = /usr/local/samba/sbin/samba_kcc > security = USER > server max protocol = SMB3 > server min protocol = LANMAN1 > server multi channel support = No > server role = active directory domain controller > server schannel = Yes > server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, > drepl, winbindd, > ntp_signd, kcc, dnsupdate > server signing = required > server string = TEST Samba Server > set primary group script > set quota command > share backend = classic > show add printer wizard = Yes > shutdown script > smb2 leases = Yes > smb2 max credits = 8192 > smb2 max read = 8388608 > smb2 max trans = 8388608 > smb2 max write = 8388608 > smbd profiling level = off > smb passwd file = /usr/local/samba/private/smbpasswd > smb ports = 445 139 > socket options = IPTOS_LOWDELAY TCP_NODELAY SO_RCVBUF=65536 > SO_SNDBUF=65536 > spn update command = /usr/local/samba/sbin/samba_spnupdate > stat cache = Yes > state directory = /usr/local/samba/var/locks > svcctl list > syslog = 1 > syslog only = No > template homedir = /home/%D/%U > template shell = /bin/bash > time server = No > timestamp logs = Yes > tls cafile = tls/ca.pem > tls certfile = tls/cert.pem > tls crlfile > tls dh params file > tls enabled = Yes > tls keyfile = tls/key.pem > tls priority = NORMAL:-VERS-SSL3.0 > tls verify peer = as_strict_as_possible > unicode = Yes > unix charset = UTF-8 > unix extensions = Yes > unix password sync = Yes > use mmap = Yes > username level = 0 > username map > username map cache time = 0 > username map script > usershare allow guests = No > usershare max shares = 0 > usershare owner only = Yes > usershare path = /usr/local/samba/var/locks/usershares > usershare prefix allow list > usershare prefix deny list > usershare template share > utmp = No > utmp directory > web port = 901 > winbind cache time = 300 > winbindd socket directory = /usr/local/samba/var/run/winbindd > winbind enum groups = Yes > winbind enum users = Yes > winbind expand groups = 10 > winbind max clients = 2000 > winbind max domain connections = 1 > winbind nested groups = Yes > winbind normalize names = Yes > winbind nss info = rfc2307 > winbind offline logon = Yes > winbind reconnect delay = 30 > winbind refresh tickets = Yes > winbind request timeout = 60 > winbind rpc only = Yes > winbind scan trusted domains = Yes > winbind sealed pipes = Yes > winbind separator = \ > winbind use default domain = Yes > wins hook > wins proxy = Yes > wins server > wins support = Yes > workgroup = FACILITY > write raw = Yes > wtmp directory > rpc_server:tcpip = no > rpc_server:winreg = embedded > rpc_server:ntsvcs = embedded > rpc_server:eventlog = embedded > rpc_server:srvsvc = embedded > rpc_server:svcctl = embedded > rpc_server:default = external > idmap config * : range = 1000000-1999999 > full_audit:priority = notice > full_audit:facility = local5 > full_audit:success = connect disconnect opendir mkdir rmdir > closedir open > close read pread write pwrite sendfile rename unlink chmod > fchmod chown > fchown chdir ftruncate lock symlink readlink link mknod > full_audit:failure = connect disconnect > full_audit:prefix = IP=%I|USER=%u|MACHINE=%m|VOLUME=%S > spoolssd:prefork_min_children = 5 > spoolssd:prefork_max_children = 75 > spoolssd:prefork_spawn_rate = 5 > spoolssd:prefork_max_allowed_clients = 200 > spoolssd:prefork_child_min_life = 60 > rpc_daemon:spoolssd = embedded > rpc_server:spoolss = embedded > spoolss: architecture = Windows x64 > server role check:inhibit = yes > winbindd:use external pipes = true > idmap_ldb:use rfc2307 = Yes > idmap config * : backend = tdb > access based share enum = No > acl allow execute always = No > acl check permissions = Yes > acl group control = No > acl map full control = Yes > administrative share = No > admin users > afs share = No > aio read size = 16384 > aio write behind > aio write size = 16384 > allocation roundup size = 1048576 > available = Yes > blocking locks = Yes > block size = 1024 > browseable = Yes > case sensitive = No > comment > copy > create mask = 0744 > csc policy = manual > cups options = raw > default case = lower > default devmode = Yes > delete readonly = No > delete veto files = No > dfree cache time = 0 > dfree command > directory mask = 0755 > directory name cache size = 100 > dmapi support = No > dont descend > dos filemode = No > dos filetime resolution = No > dos filetimes = Yes > durable handles = Yes > ea support = No > fake directory create times = No > fake oplocks = No > follow symlinks = Yes > force create mode = 0000 > force directory mode = 0000 > force group > force printername = Yes > force unknown acl user = No > force user > fstype = NTFS > guest ok = No > guest only = No > hide dot files = Yes > hide files > hide special files = No > hide unreadable = No > hide unwriteable files = No > hosts allow = ALL 127.0.0.1 > hosts deny > include > inherit acls = Yes > inherit owner = no > inherit permissions = Yes > invalid users > kernel oplocks = No > kernel share modes = Yes > level2 oplocks = Yes > locking = Yes > lppause command > lpq command = %p > lpresume command > lprm command > magic output > magic script > mangled names = yes > mangling char = ~ > map acl inherit = Yes > map archive = No > map hidden = No > map readonly = no > map system = No > max connections = 0 > max print jobs = 1000 > max reported print jobs = 0 > min print space = 0 > msdfs proxy > msdfs root = No > msdfs shuffle referrals = No > nt acl support = Yes > ntvfs handler = unixuid, default > oplocks = Yes > path > posix locking = Yes > postexec > preexec > preexec close = No > preserve case = Yes > printable = No > print command > printer name > printing = cups > printjob username = %U > print notify backchannel = No > queuepause command > queueresume command > read list > read only = Yes > root postexec > root preexec > root preexec close = No > short preserve case = Yes > smb encrypt = No > spotlight = No > store dos attributes = Yes > strict allocate = Yes > strict locking = No > strict rename = No > strict sync = No > sync always = No > use client driver = No > use sendfile = Yes > valid users > veto files > veto oplock files > vfs objects = dfs_samba4 acl_xattr > volume > wide links = No > write cache size = 0 > write list > > > [homes] > admin users = "@Domain Admins" > browseable = No > comment = Home Directories > create mask = 0644 > force create mode = 0660 > force directory mode = 0770 > hide files = /Recycle Bin/ > path = /home/homes/%U > read only = No > valid users = "@Domain Users" > veto files = /*.encrypted/*.ecc/*.ccc/ > vfs objects = dfs_samba4 full_audit recycle > recycle:mode = KEEP_DIRECTORIES|VERSION|TOUCH > recycle:noversions = *.tmp|*.temp|*.dat|*.ini > recycle:exclude > *.tmp|*.temp|*.o|*.obj|~$*|*.??|*.log|*.trace|*.TMP|*.ASV|*.$$$|*.asv > recycle:touch_mtime = yes > recycle:touch = Yes > recycle:keeptree = Yes > recycle:versions = Yes > recycle:subdir_mode = 0700 > recycle:directory_mode = 0770 > recycle:maxsize = 0 > recycle:minsize = 0 > recycle:repository = .recycle > > > [profiles] > browseable = No > comment = Network Profiles Share > create mask = 0644 > force create mode = 0660 > force directory mode = 0770 > path = /home/profiles > read only = No > > > [netlogon] > browseable = No > comment = Network Netlogon Share > path = /usr/local/samba/var/locks/sysvol/facility.local/scripts > > > [sysvol] > browseable = No > path = /usr/local/samba/var/locks/sysvol > read only = No > > > [printers] > browseable = No > comment = All Printers > create mask = 0700 > path = /var/spool/samba > printable = Yes > write list = administrator "@Domain Admins" > acl_xattr:ignore system acl = yes > > > [print$] > admin users = "@Domain Admins" > comment = Printer Drivers > create mask = 0644 > force create mode = 0660 > force directory mode = 0770 > invalid users = qwerty > path = /home/printer_drivers > read only = No > valid users = "@Domain Users" > write list = root "@Domain Admins" > acl_xattr:ignore system acl = yes > > > [Share1] > admin users = "@Domain Admins" > comment = Share1 Paylasimi > create mask = 0644 > force create mode = 0660 > force directory mode = 0770 > hide files = /Recycle Bin/ > invalid users = qwerty @Share1_no > path = /home/TEST/Share1 > read list = abuzer > read only = No > valid users = "@Domain Users" abuzer > veto files = /*.encrypted/*.ecc/*.ccc/ > vfs objects = dfs_samba4 full_audit recycle > recycle:mode = KEEP_DIRECTORIES|VERSION|TOUCH > recycle:noversions = *.tmp|*.temp|*.dat|*.ini > recycle:exclude > *.tmp|*.temp|*.o|*.obj|~$*|*.??|*.log|*.trace|*.TMP|*.ASV|*.$$$|*.asv > recycle:touch_mtime = yes > recycle:touch = Yes > recycle:keeptree = Yes > recycle:versions = Yes > recycle:subdir_mode = 0700 > recycle:directory_mode = 0770 > recycle:maxsize = 0 > recycle:minsize = 0 > recycle:repository = .recycle > > > [brother_mfc9840] > admin users = "@Domain Admins" > path = /var/spool/samba > printable = Yes > printer name = brother1 > valid users = administrator "@Domain Users" > write list = "@Domain Admins" > > Bar???? > > Rowland Penny via samba <samba at lists.samba.org>, 19 ??ub 2019 > Sal, 11:54 > tarihinde ??unu yazd??: > > > On Tue, 19 Feb 2019 11:37:43 +0300 > > bar???? tombul via samba <samba at lists.samba.org> wrote: > > > > > Dear all, > > > > > > We are using samba domain and i upgraded the samba from 4.7.9 to > > > 4.8.9. With the old version, people in our domain can view and can > > > share the folders without asking password and the people > that out of > > > the domain can view and shared the folders with > > > writing \\IP_ADDRESS PROMPT USERNAME: PASSWORD. with the new > > > version, there is no problem about viewing and sharing > folders with > > > the people that in the domain but the people that are no > in the domain > > > can not view the \\IP_ADRESS screen. > > > > > > Also, with the 4.8.9 version, when ,people in the domain , right > > > clicked to the shared folders and choose properties > > security, the > > > system throw out. If i write security = user > security = > domain in > > > the smb.conf folder, there is no problem about the people in the > > > domain but without active directory people the problem > still goes on. > > > You can see my smb.conf text in the below. > > > > > > Could you please help me about this problem? > > > > > > It is very URGENT!! > > > > > > > Two things, saying it is urgent doesn't cut any ice here, especially > > when you SHOUT urgent, Secondly, posting the output of > 'testparm -v' is > > making things worse from the point of view of trying to > understand what > > is going on, just post the output of 'cat' > > > > Rowland > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >
testparm command output: # Global parameters [global] allow dns updates = nonsecure and secure bind interfaces only = Yes client NTLMv2 auth = No client signing = required cups connection timeout = 60 dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr, netlogon, lsarpc, drsuapi, dssetup, unixinfo, browser, eventlog6, backupkey, remote, dnsserver dedicated keytab file = /etc/krb5.keytab dns proxy = No domain logons = Yes domain master = Yes enumports command = /usr/local/bin/show-ports.sh interfaces = lo ens192 kerberos method = secrets and keytab ldap server require strong auth = No load printers = No log file = /var/log/samba/log.%m logging = file map to guest = Bad User max log size = 0 max open files = 65535 max xmit = 65535 min receivefile size = 16384 name cache timeout = 3600 ntlm auth = ntlmv1-permitted old password allowed period = 120 os level = 255 pam password change = Yes passdb backend = samba_dsdb passwd chat = *New*password* %n\n *ReType*new*password* %n\n*passwd:*all*authentication*tokens*updated*successfully* passwd program = /usr/local/samba/bin/smbpasswd %u password server = test.facility.local preferred master = Yes printcap cache time = 0 printcap name = cups realm = FACILITY.LOCAL security = USER server role = active directory domain controller server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate server signing = required server string = test Samba Server socket options = IPTOS_LOWDELAY TCP_NODELAY SO_RCVBUF=65536 SO_SNDBUF=65536 template shell = /bin/bash unix password sync = Yes winbind enum groups = Yes winbind enum users = Yes winbind expand groups = 10 winbind max clients = 2000 winbind normalize names = Yes winbind nss info = rfc2307 winbind offline logon = Yes winbind refresh tickets = Yes winbind rpc only = Yes winbind use default domain = Yes wins proxy = Yes wins support = Yes workgroup = FACILITY rpc_server:tcpip = no rpc_server:winreg = embedded rpc_server:ntsvcs = embedded rpc_server:eventlog = embedded rpc_server:srvsvc = embedded rpc_server:svcctl = embedded rpc_server:default = external idmap config * : range = 1000000-1999999 full_audit:priority = notice full_audit:facility = local5 full_audit:success = connect disconnect opendir mkdir rmdir closedir open close read pread write pwrite sendfile rename unlink chmod fchmod chown fchown chdir ftruncate lock symlink readlink link mknod full_audit:failure = connect disconnect full_audit:prefix = IP=%I|USER=%u|MACHINE=%m|VOLUME=%S spoolssd:prefork_min_children = 5 spoolssd:prefork_max_children = 75 spoolssd:prefork_spawn_rate = 5 spoolssd:prefork_max_allowed_clients = 200 spoolssd:prefork_child_min_life = 60 rpc_daemon:spoolssd = embedded rpc_server:spoolss = embedded spoolss: architecture = Windows x64 server role check:inhibit = yes winbindd:use external pipes = true idmap_ldb:use rfc2307 = Yes idmap config * : backend = tdb aio read size = 16384 aio write size = 16384 case sensitive = No cups options = raw force printername = Yes hosts allow = ALL 127.0.0.1 inherit acls = Yes inherit permissions = Yes mangling char = ~ map acl inherit = Yes map archive = No map readonly = no smb encrypt = No store dos attributes = Yes strict allocate = Yes strict locking = No strict sync = No use sendfile = Yes vfs objects = dfs_samba4 acl_xattr [homes] admin users = "@Domain Admins" browseable = No comment = Home Directories create mask = 0644 force create mode = 0660 force directory mode = 0770 hide files = /Recycle Bin/ path = /home/homes/%U read only = No valid users = "@Domain Users" veto files = /*.encrypted/*.ecc/*.ccc/ vfs objects = dfs_samba4 full_audit recycle recycle:mode = KEEP_DIRECTORIES|VERSION|TOUCH recycle:noversions = *.tmp|*.temp|*.dat|*.ini recycle:exclude *.tmp|*.temp|*.o|*.obj|~$*|*.??|*.log|*.trace|*.TMP|*.ASV|*.$$$|*.asv recycle:touch_mtime = yes recycle:touch = Yes recycle:keeptree = Yes recycle:versions = Yes recycle:subdir_mode = 0700 recycle:directory_mode = 0770 recycle:maxsize = 0 recycle:minsize = 0 recycle:repository = .recycle [profiles] browseable = No comment = Network Profiles Share create mask = 0644 force create mode = 0660 force directory mode = 0770 path = /home/profiles read only = No [netlogon] browseable = No comment = Network Netlogon Share path = /usr/local/samba/var/locks/sysvol/facility.local/scripts [sysvol] browseable = No path = /usr/local/samba/var/locks/sysvol read only = No [printers] browseable = No comment = All Printers create mask = 0700 path = /var/spool/samba printable = Yes write list = administrator "@Domain Admins" acl_xattr:ignore system acl = yes [print$] admin users = "@Domain Admins" comment = Printer Drivers create mask = 0644 force create mode = 0660 force directory mode = 0770 invalid users = qwerty path = /home/printer_drivers read only = No valid users = "@Domain Users" write list = root "@Domain Admins" acl_xattr:ignore system acl = yes [Share1] admin users = "@Domain Admins" comment = Share1 Paylasimi create mask = 0644 force create mode = 0660 force directory mode = 0770 hide files = /Recycle Bin/ invalid users = qwerty @Share1_no path = /home/test/Share1 read list = abuzer read only = No valid users = "@Domain Users" abuzer veto files = /*.encrypted/*.ecc/*.ccc/ vfs objects = dfs_samba4 full_audit recycle recycle:mode = KEEP_DIRECTORIES|VERSION|TOUCH recycle:noversions = *.tmp|*.temp|*.dat|*.ini recycle:exclude *.tmp|*.temp|*.o|*.obj|~$*|*.??|*.log|*.trace|*.TMP|*.ASV|*.$$$|*.asv recycle:touch_mtime = yes recycle:touch = Yes recycle:keeptree = Yes recycle:versions = Yes recycle:subdir_mode = 0700 recycle:directory_mode = 0770 recycle:maxsize = 0 recycle:minsize = 0 recycle:repository = .recycle L.P.H. van Belle via samba <samba at lists.samba.org>, 19 Şub 2019 Sal, 14:00 tarihinde şunu yazdı:> Hai, > > Rowland did mean, post it without the -v.. > > Since its an AD server. Run : samba-tool testparm > Can you post that that gives a better insight. > > Greetz, > > Louis > > > > -----Oorspronkelijk bericht----- > > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > > bar???? tombul via samba > > Verzonden: dinsdag 19 februari 2019 11:37 > > Aan: Rowland Penny > > CC: samba > > Onderwerp: Re: [Samba] samba 4.8x problem > > > > Dear Rowland, > > > > You can see the output of "testparm -v" in the below. > > > > kind regards. > > # Global parameters > > [global] > > abort shutdown script > > add group script > > add machine script > > addport command > > addprinter command > > add share command > > add user script > > add user to group script > > afs token lifetime = 604800 > > afs username map > > aio max threads = 100 > > algorithmic rid base = 1000 > > allow dcerpc auth level connect = No > > allow dns updates = nonsecure and secure > > allow insecure wide links = No > > allow nt4 crypto = No > > allow trusted domains = Yes > > allow unsafe cluster upgrade = No > > apply group policies = No > > async smb echo handler = No > > auth event notification = No > > auto services > > binddns dir = /usr/local/samba/bind-dns > > bind interfaces only = Yes > > browse list = Yes > > cache directory = /usr/local/samba/var/cache > > change notify = Yes > > change share command > > check password script > > cldap port = 389 > > client ipc max protocol = default > > client ipc min protocol = default > > client ipc signing = default > > client lanman auth = No > > client ldap sasl wrapping = sign > > client max protocol = default > > client min protocol = CORE > > client NTLMv2 auth = No > > client plaintext auth = No > > client schannel = Yes > > client signing = required > > client use spnego principal = No > > client use spnego = Yes > > cluster addresses > > clustering = No > > config backend = file > > config file > > create krb5 conf = Yes > > ctdbd socket > > ctdb locktime warn threshold = 0 > > ctdb timeout = 0 > > cups connection timeout = 60 > > cups encrypt = No > > cups server > > dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr, netlogon, > > lsarpc, drsuapi, dssetup, unixinfo, browser, eventlog6, > > backupkey, remote, > > dnsserver > > deadtime = 0 > > debug class = No > > debug hires timestamp = Yes > > debug pid = No > > debug prefix timestamp = No > > debug uid = No > > dedicated keytab file = /etc/krb5.keytab > > default service > > defer sharing violations = Yes > > delete group script > > deleteprinter command > > delete share command > > delete user from group script > > delete user script > > dgram port = 138 > > disable netbios = No > > disable spoolss = No > > dns forwarder > > dns proxy = No > > dns update command = /usr/local/samba/sbin/samba_dnsupdate > > domain logons = Yes > > domain master = Yes > > dos charset = CP850 > > enable asu support = No > > enable core files = Yes > > enable privileges = Yes > > encrypt passwords = Yes > > enhanced browsing = Yes > > enumports command = /usr/local/bin/show-ports.sh > > eventlog list > > get quota command > > getwd cache = Yes > > gpo update command = /usr/local/samba/sbin/samba_gpoupdate > > guest account = nobody > > homedir map = auto.home > > host msdfs = Yes > > hostname lookups = No > > idmap backend = tdb > > idmap cache time = 604800 > > idmap gid > > idmap negative cache time = 120 > > idmap uid > > include system krb5 conf = Yes > > init logon delay = 100 > > init logon delayed hosts > > interfaces = lo ens192 > > iprint server > > keepalive = 300 > > kerberos encryption types = all > > kerberos method = secrets and keytab > > kernel change notify = Yes > > kpasswd port = 464 > > krb5 port = 88 > > lanman auth = No > > large readwrite = Yes > > ldap admin dn > > ldap connection timeout = 2 > > ldap debug level = 0 > > ldap debug threshold = 10 > > ldap delete dn = No > > ldap deref = auto > > ldap follow referral = Auto > > ldap group suffix > > ldap idmap suffix > > ldap machine suffix > > ldap page size = 1000 > > ldap passwd sync = no > > ldap replication sleep = 1000 > > ldap server require strong auth = No > > ldap ssl = start tls > > ldap ssl ads = No > > ldap suffix > > ldap timeout = 15 > > ldap user suffix > > lm announce = Auto > > lm interval = 60 > > load printers = No > > local master = Yes > > lock directory = /usr/local/samba/var/lock > > lock spin time = 200 > > log file = /var/log/samba/log.%m > > logging = file > > log level = 2 > > log nt token command > > logon drive > > logon home = \\%N\%U > > logon path = \\%N\%U\profile > > logon script > > log writeable files on exit = No > > lpq cache time = 30 > > lsa over netlogon = No > > machine password timeout = 604800 > > mangle prefix = 1 > > mangling method = hash2 > > map to guest = Bad User > > max disk size = 0 > > max log size = 0 > > max mux = 50 > > max open files = 65535 > > max smbd processes = 0 > > max stat cache size = 256 > > max ttl = 259200 > > max wins ttl = 518400 > > max xmit = 65535 > > mdns name = netbios > > message command > > min receivefile size = 16384 > > min wins ttl = 21600 > > mit kdc command > > multicast dns register = Yes > > name cache timeout = 3600 > > name resolve order = lmhosts wins host bcast > > nbt client socket address = 0.0.0.0 > > nbt port = 137 > > ncalrpc dir = /usr/local/samba/var/run/ncalrpc > > netbios aliases > > netbios name = TEST > > netbios scope > > neutralize nt4 emulation = No > > NIS homedir = No > > nmbd bind explicit broadcast = Yes > > nsupdate command = /usr/bin/nsupdate -g > > ntlm auth = ntlmv1-permitted > > nt pipe support = Yes > > ntp signd socket directory = /usr/local/samba/var/lib/ntp_signd > > nt status support = Yes > > null passwords = No > > obey pam restrictions = No > > old password allowed period = 120 > > oplock break wait time = 0 > > os2 driver map > > os level = 255 > > pam password change = Yes > > panic action > > passdb backend = samba_dsdb > > passdb expand explicit = No > > passwd chat = *New*password* %n\n *ReType*new*password* > > %n\n*passwd:*all*authentication*tokens*updated*successfully* > > passwd chat debug = No > > passwd chat timeout = 2 > > passwd program = /usr/local/samba/bin/smbpasswd %u > > password hash gpg key ids > > password hash userPassword schemes > > password server = TEST.facility.local > > perfcount module > > pid directory = /usr/local/samba/var/run > > preferred master = Yes > > prefork children = 1 > > preload modules > > printcap cache time = 0 > > printcap name = cups > > private dir = /usr/local/samba/private > > raw NTLMv2 auth = No > > read raw = Yes > > realm = FACILITY.LOCAL > > registry shares = No > > reject md5 clients = No > > reject md5 servers = No > > remote announce > > remote browse sync > > rename user script > > require strong key = Yes > > reset on zero vc = No > > restrict anonymous = 0 > > rndc command = /usr/sbin/rndc > > root directory > > rpc big endian = No > > rpc server dynamic port range = 49152-65535 > > rpc server port = 0 > > samba kcc command = /usr/local/samba/sbin/samba_kcc > > security = USER > > server max protocol = SMB3 > > server min protocol = LANMAN1 > > server multi channel support = No > > server role = active directory domain controller > > server schannel = Yes > > server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, > > drepl, winbindd, > > ntp_signd, kcc, dnsupdate > > server signing = required > > server string = TEST Samba Server > > set primary group script > > set quota command > > share backend = classic > > show add printer wizard = Yes > > shutdown script > > smb2 leases = Yes > > smb2 max credits = 8192 > > smb2 max read = 8388608 > > smb2 max trans = 8388608 > > smb2 max write = 8388608 > > smbd profiling level = off > > smb passwd file = /usr/local/samba/private/smbpasswd > > smb ports = 445 139 > > socket options = IPTOS_LOWDELAY TCP_NODELAY SO_RCVBUF=65536 > > SO_SNDBUF=65536 > > spn update command = /usr/local/samba/sbin/samba_spnupdate > > stat cache = Yes > > state directory = /usr/local/samba/var/locks > > svcctl list > > syslog = 1 > > syslog only = No > > template homedir = /home/%D/%U > > template shell = /bin/bash > > time server = No > > timestamp logs = Yes > > tls cafile = tls/ca.pem > > tls certfile = tls/cert.pem > > tls crlfile > > tls dh params file > > tls enabled = Yes > > tls keyfile = tls/key.pem > > tls priority = NORMAL:-VERS-SSL3.0 > > tls verify peer = as_strict_as_possible > > unicode = Yes > > unix charset = UTF-8 > > unix extensions = Yes > > unix password sync = Yes > > use mmap = Yes > > username level = 0 > > username map > > username map cache time = 0 > > username map script > > usershare allow guests = No > > usershare max shares = 0 > > usershare owner only = Yes > > usershare path = /usr/local/samba/var/locks/usershares > > usershare prefix allow list > > usershare prefix deny list > > usershare template share > > utmp = No > > utmp directory > > web port = 901 > > winbind cache time = 300 > > winbindd socket directory = /usr/local/samba/var/run/winbindd > > winbind enum groups = Yes > > winbind enum users = Yes > > winbind expand groups = 10 > > winbind max clients = 2000 > > winbind max domain connections = 1 > > winbind nested groups = Yes > > winbind normalize names = Yes > > winbind nss info = rfc2307 > > winbind offline logon = Yes > > winbind reconnect delay = 30 > > winbind refresh tickets = Yes > > winbind request timeout = 60 > > winbind rpc only = Yes > > winbind scan trusted domains = Yes > > winbind sealed pipes = Yes > > winbind separator = \ > > winbind use default domain = Yes > > wins hook > > wins proxy = Yes > > wins server > > wins support = Yes > > workgroup = FACILITY > > write raw = Yes > > wtmp directory > > rpc_server:tcpip = no > > rpc_server:winreg = embedded > > rpc_server:ntsvcs = embedded > > rpc_server:eventlog = embedded > > rpc_server:srvsvc = embedded > > rpc_server:svcctl = embedded > > rpc_server:default = external > > idmap config * : range = 1000000-1999999 > > full_audit:priority = notice > > full_audit:facility = local5 > > full_audit:success = connect disconnect opendir mkdir rmdir > > closedir open > > close read pread write pwrite sendfile rename unlink chmod > > fchmod chown > > fchown chdir ftruncate lock symlink readlink link mknod > > full_audit:failure = connect disconnect > > full_audit:prefix = IP=%I|USER=%u|MACHINE=%m|VOLUME=%S > > spoolssd:prefork_min_children = 5 > > spoolssd:prefork_max_children = 75 > > spoolssd:prefork_spawn_rate = 5 > > spoolssd:prefork_max_allowed_clients = 200 > > spoolssd:prefork_child_min_life = 60 > > rpc_daemon:spoolssd = embedded > > rpc_server:spoolss = embedded > > spoolss: architecture = Windows x64 > > server role check:inhibit = yes > > winbindd:use external pipes = true > > idmap_ldb:use rfc2307 = Yes > > idmap config * : backend = tdb > > access based share enum = No > > acl allow execute always = No > > acl check permissions = Yes > > acl group control = No > > acl map full control = Yes > > administrative share = No > > admin users > > afs share = No > > aio read size = 16384 > > aio write behind > > aio write size = 16384 > > allocation roundup size = 1048576 > > available = Yes > > blocking locks = Yes > > block size = 1024 > > browseable = Yes > > case sensitive = No > > comment > > copy > > create mask = 0744 > > csc policy = manual > > cups options = raw > > default case = lower > > default devmode = Yes > > delete readonly = No > > delete veto files = No > > dfree cache time = 0 > > dfree command > > directory mask = 0755 > > directory name cache size = 100 > > dmapi support = No > > dont descend > > dos filemode = No > > dos filetime resolution = No > > dos filetimes = Yes > > durable handles = Yes > > ea support = No > > fake directory create times = No > > fake oplocks = No > > follow symlinks = Yes > > force create mode = 0000 > > force directory mode = 0000 > > force group > > force printername = Yes > > force unknown acl user = No > > force user > > fstype = NTFS > > guest ok = No > > guest only = No > > hide dot files = Yes > > hide files > > hide special files = No > > hide unreadable = No > > hide unwriteable files = No > > hosts allow = ALL 127.0.0.1 > > hosts deny > > include > > inherit acls = Yes > > inherit owner = no > > inherit permissions = Yes > > invalid users > > kernel oplocks = No > > kernel share modes = Yes > > level2 oplocks = Yes > > locking = Yes > > lppause command > > lpq command = %p > > lpresume command > > lprm command > > magic output > > magic script > > mangled names = yes > > mangling char = ~ > > map acl inherit = Yes > > map archive = No > > map hidden = No > > map readonly = no > > map system = No > > max connections = 0 > > max print jobs = 1000 > > max reported print jobs = 0 > > min print space = 0 > > msdfs proxy > > msdfs root = No > > msdfs shuffle referrals = No > > nt acl support = Yes > > ntvfs handler = unixuid, default > > oplocks = Yes > > path > > posix locking = Yes > > postexec > > preexec > > preexec close = No > > preserve case = Yes > > printable = No > > print command > > printer name > > printing = cups > > printjob username = %U > > print notify backchannel = No > > queuepause command > > queueresume command > > read list > > read only = Yes > > root postexec > > root preexec > > root preexec close = No > > short preserve case = Yes > > smb encrypt = No > > spotlight = No > > store dos attributes = Yes > > strict allocate = Yes > > strict locking = No > > strict rename = No > > strict sync = No > > sync always = No > > use client driver = No > > use sendfile = Yes > > valid users > > veto files > > veto oplock files > > vfs objects = dfs_samba4 acl_xattr > > volume > > wide links = No > > write cache size = 0 > > write list > > > > > > [homes] > > admin users = "@Domain Admins" > > browseable = No > > comment = Home Directories > > create mask = 0644 > > force create mode = 0660 > > force directory mode = 0770 > > hide files = /Recycle Bin/ > > path = /home/homes/%U > > read only = No > > valid users = "@Domain Users" > > veto files = /*.encrypted/*.ecc/*.ccc/ > > vfs objects = dfs_samba4 full_audit recycle > > recycle:mode = KEEP_DIRECTORIES|VERSION|TOUCH > > recycle:noversions = *.tmp|*.temp|*.dat|*.ini > > recycle:exclude > > *.tmp|*.temp|*.o|*.obj|~$*|*.??|*.log|*.trace|*.TMP|*.ASV|*.$$$|*.asv > > recycle:touch_mtime = yes > > recycle:touch = Yes > > recycle:keeptree = Yes > > recycle:versions = Yes > > recycle:subdir_mode = 0700 > > recycle:directory_mode = 0770 > > recycle:maxsize = 0 > > recycle:minsize = 0 > > recycle:repository = .recycle > > > > > > [profiles] > > browseable = No > > comment = Network Profiles Share > > create mask = 0644 > > force create mode = 0660 > > force directory mode = 0770 > > path = /home/profiles > > read only = No > > > > > > [netlogon] > > browseable = No > > comment = Network Netlogon Share > > path = /usr/local/samba/var/locks/sysvol/facility.local/scripts > > > > > > [sysvol] > > browseable = No > > path = /usr/local/samba/var/locks/sysvol > > read only = No > > > > > > [printers] > > browseable = No > > comment = All Printers > > create mask = 0700 > > path = /var/spool/samba > > printable = Yes > > write list = administrator "@Domain Admins" > > acl_xattr:ignore system acl = yes > > > > > > [print$] > > admin users = "@Domain Admins" > > comment = Printer Drivers > > create mask = 0644 > > force create mode = 0660 > > force directory mode = 0770 > > invalid users = qwerty > > path = /home/printer_drivers > > read only = No > > valid users = "@Domain Users" > > write list = root "@Domain Admins" > > acl_xattr:ignore system acl = yes > > > > > > [Share1] > > admin users = "@Domain Admins" > > comment = Share1 Paylasimi > > create mask = 0644 > > force create mode = 0660 > > force directory mode = 0770 > > hide files = /Recycle Bin/ > > invalid users = qwerty @Share1_no > > path = /home/TEST/Share1 > > read list = abuzer > > read only = No > > valid users = "@Domain Users" abuzer > > veto files = /*.encrypted/*.ecc/*.ccc/ > > vfs objects = dfs_samba4 full_audit recycle > > recycle:mode = KEEP_DIRECTORIES|VERSION|TOUCH > > recycle:noversions = *.tmp|*.temp|*.dat|*.ini > > recycle:exclude > > *.tmp|*.temp|*.o|*.obj|~$*|*.??|*.log|*.trace|*.TMP|*.ASV|*.$$$|*.asv > > recycle:touch_mtime = yes > > recycle:touch = Yes > > recycle:keeptree = Yes > > recycle:versions = Yes > > recycle:subdir_mode = 0700 > > recycle:directory_mode = 0770 > > recycle:maxsize = 0 > > recycle:minsize = 0 > > recycle:repository = .recycle > > > > > > [brother_mfc9840] > > admin users = "@Domain Admins" > > path = /var/spool/samba > > printable = Yes > > printer name = brother1 > > valid users = administrator "@Domain Users" > > write list = "@Domain Admins" > > > > Bar???? > > > > Rowland Penny via samba <samba at lists.samba.org>, 19 ??ub 2019 > > Sal, 11:54 > > tarihinde ??unu yazd??: > > > > > On Tue, 19 Feb 2019 11:37:43 +0300 > > > bar???? tombul via samba <samba at lists.samba.org> wrote: > > > > > > > Dear all, > > > > > > > > We are using samba domain and i upgraded the samba from 4.7.9 to > > > > 4.8.9. With the old version, people in our domain can view and can > > > > share the folders without asking password and the people > > that out of > > > > the domain can view and shared the folders with > > > > writing \\IP_ADDRESS PROMPT USERNAME: PASSWORD. with the new > > > > version, there is no problem about viewing and sharing > > folders with > > > > the people that in the domain but the people that are no > > in the domain > > > > can not view the \\IP_ADRESS screen. > > > > > > > > Also, with the 4.8.9 version, when ,people in the domain , right > > > > clicked to the shared folders and choose properties > > > security, the > > > > system throw out. If i write security = user > security > > domain in > > > > the smb.conf folder, there is no problem about the people in the > > > > domain but without active directory people the problem > > still goes on. > > > > You can see my smb.conf text in the below. > > > > > > > > Could you please help me about this problem? > > > > > > > > It is very URGENT!! > > > > > > > > > > Two things, saying it is urgent doesn't cut any ice here, especially > > > when you SHOUT urgent, Secondly, posting the output of > > 'testparm -v' is > > > making things worse from the point of view of trying to > > understand what > > > is going on, just post the output of 'cat' > > > > > > Rowland > > > > > > -- > > > To unsubscribe from this list go to the following URL and read the > > > instructions: https://lists.samba.org/mailman/options/samba > > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > > > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
Dear Rowland, If i write security=domain in smb.conf file, all the ACL problems disappear. Do you have any config file about file sharing without AD people?(These people have domain user name and password but their PCs are out of the domain.) Could you please send me this file if you have? Kind regards. Barış barış tombul <bbtombul at gmail.com>, 19 Şub 2019 Sal, 14:07 tarihinde şunu yazdı:> testparm command output: > > # Global parameters > [global] > allow dns updates = nonsecure and secure > bind interfaces only = Yes > client NTLMv2 auth = No > client signing = required > cups connection timeout = 60 > dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr, netlogon, > lsarpc, drsuapi, dssetup, unixinfo, browser, eventlog6, backupkey, remote, > dnsserver > dedicated keytab file = /etc/krb5.keytab > dns proxy = No > domain logons = Yes > domain master = Yes > enumports command = /usr/local/bin/show-ports.sh > interfaces = lo ens192 > kerberos method = secrets and keytab > ldap server require strong auth = No > load printers = No > log file = /var/log/samba/log.%m > logging = file > map to guest = Bad User > max log size = 0 > max open files = 65535 > max xmit = 65535 > min receivefile size = 16384 > name cache timeout = 3600 > ntlm auth = ntlmv1-permitted > old password allowed period = 120 > os level = 255 > pam password change = Yes > passdb backend = samba_dsdb > passwd chat = *New*password* %n\n *ReType*new*password* > %n\n*passwd:*all*authentication*tokens*updated*successfully* > passwd program = /usr/local/samba/bin/smbpasswd %u > password server = test.facility.local > preferred master = Yes > printcap cache time = 0 > printcap name = cups > realm = FACILITY.LOCAL > security = USER > server role = active directory domain controller > server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, > winbindd, ntp_signd, kcc, dnsupdate > server signing = required > server string = test Samba Server > socket options = IPTOS_LOWDELAY TCP_NODELAY SO_RCVBUF=65536 SO_SNDBUF=65536 > template shell = /bin/bash > unix password sync = Yes > winbind enum groups = Yes > winbind enum users = Yes > winbind expand groups = 10 > winbind max clients = 2000 > winbind normalize names = Yes > winbind nss info = rfc2307 > winbind offline logon = Yes > winbind refresh tickets = Yes > winbind rpc only = Yes > winbind use default domain = Yes > wins proxy = Yes > wins support = Yes > workgroup = FACILITY > rpc_server:tcpip = no > rpc_server:winreg = embedded > rpc_server:ntsvcs = embedded > rpc_server:eventlog = embedded > rpc_server:srvsvc = embedded > rpc_server:svcctl = embedded > rpc_server:default = external > idmap config * : range = 1000000-1999999 > full_audit:priority = notice > full_audit:facility = local5 > full_audit:success = connect disconnect opendir mkdir rmdir closedir open > close read pread write pwrite sendfile rename unlink chmod fchmod chown > fchown chdir ftruncate lock symlink readlink link mknod > full_audit:failure = connect disconnect > full_audit:prefix = IP=%I|USER=%u|MACHINE=%m|VOLUME=%S > spoolssd:prefork_min_children = 5 > spoolssd:prefork_max_children = 75 > spoolssd:prefork_spawn_rate = 5 > spoolssd:prefork_max_allowed_clients = 200 > spoolssd:prefork_child_min_life = 60 > rpc_daemon:spoolssd = embedded > rpc_server:spoolss = embedded > spoolss: architecture = Windows x64 > server role check:inhibit = yes > winbindd:use external pipes = true > idmap_ldb:use rfc2307 = Yes > idmap config * : backend = tdb > aio read size = 16384 > aio write size = 16384 > case sensitive = No > cups options = raw > force printername = Yes > hosts allow = ALL 127.0.0.1 > inherit acls = Yes > inherit permissions = Yes > mangling char = ~ > map acl inherit = Yes > map archive = No > map readonly = no > smb encrypt = No > store dos attributes = Yes > strict allocate = Yes > strict locking = No > strict sync = No > use sendfile = Yes > vfs objects = dfs_samba4 acl_xattr > > > [homes] > admin users = "@Domain Admins" > browseable = No > comment = Home Directories > create mask = 0644 > force create mode = 0660 > force directory mode = 0770 > hide files = /Recycle Bin/ > path = /home/homes/%U > read only = No > valid users = "@Domain Users" > veto files = /*.encrypted/*.ecc/*.ccc/ > vfs objects = dfs_samba4 full_audit recycle > recycle:mode = KEEP_DIRECTORIES|VERSION|TOUCH > recycle:noversions = *.tmp|*.temp|*.dat|*.ini > recycle:exclude > *.tmp|*.temp|*.o|*.obj|~$*|*.??|*.log|*.trace|*.TMP|*.ASV|*.$$$|*.asv > recycle:touch_mtime = yes > recycle:touch = Yes > recycle:keeptree = Yes > recycle:versions = Yes > recycle:subdir_mode = 0700 > recycle:directory_mode = 0770 > recycle:maxsize = 0 > recycle:minsize = 0 > recycle:repository = .recycle > > > [profiles] > browseable = No > comment = Network Profiles Share > create mask = 0644 > force create mode = 0660 > force directory mode = 0770 > path = /home/profiles > read only = No > > > [netlogon] > browseable = No > comment = Network Netlogon Share > path = /usr/local/samba/var/locks/sysvol/facility.local/scripts > > > [sysvol] > browseable = No > path = /usr/local/samba/var/locks/sysvol > read only = No > > > [printers] > browseable = No > comment = All Printers > create mask = 0700 > path = /var/spool/samba > printable = Yes > write list = administrator "@Domain Admins" > acl_xattr:ignore system acl = yes > > > [print$] > admin users = "@Domain Admins" > comment = Printer Drivers > create mask = 0644 > force create mode = 0660 > force directory mode = 0770 > invalid users = qwerty > path = /home/printer_drivers > read only = No > valid users = "@Domain Users" > write list = root "@Domain Admins" > acl_xattr:ignore system acl = yes > > > [Share1] > admin users = "@Domain Admins" > comment = Share1 Paylasimi > create mask = 0644 > force create mode = 0660 > force directory mode = 0770 > hide files = /Recycle Bin/ > invalid users = qwerty @Share1_no > path = /home/test/Share1 > read list = abuzer > read only = No > valid users = "@Domain Users" abuzer > veto files = /*.encrypted/*.ecc/*.ccc/ > vfs objects = dfs_samba4 full_audit recycle > recycle:mode = KEEP_DIRECTORIES|VERSION|TOUCH > recycle:noversions = *.tmp|*.temp|*.dat|*.ini > recycle:exclude > *.tmp|*.temp|*.o|*.obj|~$*|*.??|*.log|*.trace|*.TMP|*.ASV|*.$$$|*.asv > recycle:touch_mtime = yes > recycle:touch = Yes > recycle:keeptree = Yes > recycle:versions = Yes > recycle:subdir_mode = 0700 > recycle:directory_mode = 0770 > recycle:maxsize = 0 > recycle:minsize = 0 > recycle:repository = .recycle > > > L.P.H. van Belle via samba <samba at lists.samba.org>, 19 Şub 2019 Sal, > 14:00 tarihinde şunu yazdı: > >> Hai, >> >> Rowland did mean, post it without the -v.. >> >> Since its an AD server. Run : samba-tool testparm >> Can you post that that gives a better insight. >> >> Greetz, >> >> Louis >> >> >> > -----Oorspronkelijk bericht----- >> > Van: samba [mailto:samba-bounces at lists.samba.org] Namens >> > bar???? tombul via samba >> > Verzonden: dinsdag 19 februari 2019 11:37 >> > Aan: Rowland Penny >> > CC: samba >> > Onderwerp: Re: [Samba] samba 4.8x problem >> > >> > Dear Rowland, >> > >> > You can see the output of "testparm -v" in the below. >> > >> > kind regards. >> > # Global parameters >> > [global] >> > abort shutdown script >> > add group script >> > add machine script >> > addport command >> > addprinter command >> > add share command >> > add user script >> > add user to group script >> > afs token lifetime = 604800 >> > afs username map >> > aio max threads = 100 >> > algorithmic rid base = 1000 >> > allow dcerpc auth level connect = No >> > allow dns updates = nonsecure and secure >> > allow insecure wide links = No >> > allow nt4 crypto = No >> > allow trusted domains = Yes >> > allow unsafe cluster upgrade = No >> > apply group policies = No >> > async smb echo handler = No >> > auth event notification = No >> > auto services >> > binddns dir = /usr/local/samba/bind-dns >> > bind interfaces only = Yes >> > browse list = Yes >> > cache directory = /usr/local/samba/var/cache >> > change notify = Yes >> > change share command >> > check password script >> > cldap port = 389 >> > client ipc max protocol = default >> > client ipc min protocol = default >> > client ipc signing = default >> > client lanman auth = No >> > client ldap sasl wrapping = sign >> > client max protocol = default >> > client min protocol = CORE >> > client NTLMv2 auth = No >> > client plaintext auth = No >> > client schannel = Yes >> > client signing = required >> > client use spnego principal = No >> > client use spnego = Yes >> > cluster addresses >> > clustering = No >> > config backend = file >> > config file >> > create krb5 conf = Yes >> > ctdbd socket >> > ctdb locktime warn threshold = 0 >> > ctdb timeout = 0 >> > cups connection timeout = 60 >> > cups encrypt = No >> > cups server >> > dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr, netlogon, >> > lsarpc, drsuapi, dssetup, unixinfo, browser, eventlog6, >> > backupkey, remote, >> > dnsserver >> > deadtime = 0 >> > debug class = No >> > debug hires timestamp = Yes >> > debug pid = No >> > debug prefix timestamp = No >> > debug uid = No >> > dedicated keytab file = /etc/krb5.keytab >> > default service >> > defer sharing violations = Yes >> > delete group script >> > deleteprinter command >> > delete share command >> > delete user from group script >> > delete user script >> > dgram port = 138 >> > disable netbios = No >> > disable spoolss = No >> > dns forwarder >> > dns proxy = No >> > dns update command = /usr/local/samba/sbin/samba_dnsupdate >> > domain logons = Yes >> > domain master = Yes >> > dos charset = CP850 >> > enable asu support = No >> > enable core files = Yes >> > enable privileges = Yes >> > encrypt passwords = Yes >> > enhanced browsing = Yes >> > enumports command = /usr/local/bin/show-ports.sh >> > eventlog list >> > get quota command >> > getwd cache = Yes >> > gpo update command = /usr/local/samba/sbin/samba_gpoupdate >> > guest account = nobody >> > homedir map = auto.home >> > host msdfs = Yes >> > hostname lookups = No >> > idmap backend = tdb >> > idmap cache time = 604800 >> > idmap gid >> > idmap negative cache time = 120 >> > idmap uid >> > include system krb5 conf = Yes >> > init logon delay = 100 >> > init logon delayed hosts >> > interfaces = lo ens192 >> > iprint server >> > keepalive = 300 >> > kerberos encryption types = all >> > kerberos method = secrets and keytab >> > kernel change notify = Yes >> > kpasswd port = 464 >> > krb5 port = 88 >> > lanman auth = No >> > large readwrite = Yes >> > ldap admin dn >> > ldap connection timeout = 2 >> > ldap debug level = 0 >> > ldap debug threshold = 10 >> > ldap delete dn = No >> > ldap deref = auto >> > ldap follow referral = Auto >> > ldap group suffix >> > ldap idmap suffix >> > ldap machine suffix >> > ldap page size = 1000 >> > ldap passwd sync = no >> > ldap replication sleep = 1000 >> > ldap server require strong auth = No >> > ldap ssl = start tls >> > ldap ssl ads = No >> > ldap suffix >> > ldap timeout = 15 >> > ldap user suffix >> > lm announce = Auto >> > lm interval = 60 >> > load printers = No >> > local master = Yes >> > lock directory = /usr/local/samba/var/lock >> > lock spin time = 200 >> > log file = /var/log/samba/log.%m >> > logging = file >> > log level = 2 >> > log nt token command >> > logon drive >> > logon home = \\%N\%U >> > logon path = \\%N\%U\profile >> > logon script >> > log writeable files on exit = No >> > lpq cache time = 30 >> > lsa over netlogon = No >> > machine password timeout = 604800 >> > mangle prefix = 1 >> > mangling method = hash2 >> > map to guest = Bad User >> > max disk size = 0 >> > max log size = 0 >> > max mux = 50 >> > max open files = 65535 >> > max smbd processes = 0 >> > max stat cache size = 256 >> > max ttl = 259200 >> > max wins ttl = 518400 >> > max xmit = 65535 >> > mdns name = netbios >> > message command >> > min receivefile size = 16384 >> > min wins ttl = 21600 >> > mit kdc command >> > multicast dns register = Yes >> > name cache timeout = 3600 >> > name resolve order = lmhosts wins host bcast >> > nbt client socket address = 0.0.0.0 >> > nbt port = 137 >> > ncalrpc dir = /usr/local/samba/var/run/ncalrpc >> > netbios aliases >> > netbios name = TEST >> > netbios scope >> > neutralize nt4 emulation = No >> > NIS homedir = No >> > nmbd bind explicit broadcast = Yes >> > nsupdate command = /usr/bin/nsupdate -g >> > ntlm auth = ntlmv1-permitted >> > nt pipe support = Yes >> > ntp signd socket directory = /usr/local/samba/var/lib/ntp_signd >> > nt status support = Yes >> > null passwords = No >> > obey pam restrictions = No >> > old password allowed period = 120 >> > oplock break wait time = 0 >> > os2 driver map >> > os level = 255 >> > pam password change = Yes >> > panic action >> > passdb backend = samba_dsdb >> > passdb expand explicit = No >> > passwd chat = *New*password* %n\n *ReType*new*password* >> > %n\n*passwd:*all*authentication*tokens*updated*successfully* >> > passwd chat debug = No >> > passwd chat timeout = 2 >> > passwd program = /usr/local/samba/bin/smbpasswd %u >> > password hash gpg key ids >> > password hash userPassword schemes >> > password server = TEST.facility.local >> > perfcount module >> > pid directory = /usr/local/samba/var/run >> > preferred master = Yes >> > prefork children = 1 >> > preload modules >> > printcap cache time = 0 >> > printcap name = cups >> > private dir = /usr/local/samba/private >> > raw NTLMv2 auth = No >> > read raw = Yes >> > realm = FACILITY.LOCAL >> > registry shares = No >> > reject md5 clients = No >> > reject md5 servers = No >> > remote announce >> > remote browse sync >> > rename user script >> > require strong key = Yes >> > reset on zero vc = No >> > restrict anonymous = 0 >> > rndc command = /usr/sbin/rndc >> > root directory >> > rpc big endian = No >> > rpc server dynamic port range = 49152-65535 >> > rpc server port = 0 >> > samba kcc command = /usr/local/samba/sbin/samba_kcc >> > security = USER >> > server max protocol = SMB3 >> > server min protocol = LANMAN1 >> > server multi channel support = No >> > server role = active directory domain controller >> > server schannel = Yes >> > server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, >> > drepl, winbindd, >> > ntp_signd, kcc, dnsupdate >> > server signing = required >> > server string = TEST Samba Server >> > set primary group script >> > set quota command >> > share backend = classic >> > show add printer wizard = Yes >> > shutdown script >> > smb2 leases = Yes >> > smb2 max credits = 8192 >> > smb2 max read = 8388608 >> > smb2 max trans = 8388608 >> > smb2 max write = 8388608 >> > smbd profiling level = off >> > smb passwd file = /usr/local/samba/private/smbpasswd >> > smb ports = 445 139 >> > socket options = IPTOS_LOWDELAY TCP_NODELAY SO_RCVBUF=65536 >> > SO_SNDBUF=65536 >> > spn update command = /usr/local/samba/sbin/samba_spnupdate >> > stat cache = Yes >> > state directory = /usr/local/samba/var/locks >> > svcctl list >> > syslog = 1 >> > syslog only = No >> > template homedir = /home/%D/%U >> > template shell = /bin/bash >> > time server = No >> > timestamp logs = Yes >> > tls cafile = tls/ca.pem >> > tls certfile = tls/cert.pem >> > tls crlfile >> > tls dh params file >> > tls enabled = Yes >> > tls keyfile = tls/key.pem >> > tls priority = NORMAL:-VERS-SSL3.0 >> > tls verify peer = as_strict_as_possible >> > unicode = Yes >> > unix charset = UTF-8 >> > unix extensions = Yes >> > unix password sync = Yes >> > use mmap = Yes >> > username level = 0 >> > username map >> > username map cache time = 0 >> > username map script >> > usershare allow guests = No >> > usershare max shares = 0 >> > usershare owner only = Yes >> > usershare path = /usr/local/samba/var/locks/usershares >> > usershare prefix allow list >> > usershare prefix deny list >> > usershare template share >> > utmp = No >> > utmp directory >> > web port = 901 >> > winbind cache time = 300 >> > winbindd socket directory = /usr/local/samba/var/run/winbindd >> > winbind enum groups = Yes >> > winbind enum users = Yes >> > winbind expand groups = 10 >> > winbind max clients = 2000 >> > winbind max domain connections = 1 >> > winbind nested groups = Yes >> > winbind normalize names = Yes >> > winbind nss info = rfc2307 >> > winbind offline logon = Yes >> > winbind reconnect delay = 30 >> > winbind refresh tickets = Yes >> > winbind request timeout = 60 >> > winbind rpc only = Yes >> > winbind scan trusted domains = Yes >> > winbind sealed pipes = Yes >> > winbind separator = \ >> > winbind use default domain = Yes >> > wins hook >> > wins proxy = Yes >> > wins server >> > wins support = Yes >> > workgroup = FACILITY >> > write raw = Yes >> > wtmp directory >> > rpc_server:tcpip = no >> > rpc_server:winreg = embedded >> > rpc_server:ntsvcs = embedded >> > rpc_server:eventlog = embedded >> > rpc_server:srvsvc = embedded >> > rpc_server:svcctl = embedded >> > rpc_server:default = external >> > idmap config * : range = 1000000-1999999 >> > full_audit:priority = notice >> > full_audit:facility = local5 >> > full_audit:success = connect disconnect opendir mkdir rmdir >> > closedir open >> > close read pread write pwrite sendfile rename unlink chmod >> > fchmod chown >> > fchown chdir ftruncate lock symlink readlink link mknod >> > full_audit:failure = connect disconnect >> > full_audit:prefix = IP=%I|USER=%u|MACHINE=%m|VOLUME=%S >> > spoolssd:prefork_min_children = 5 >> > spoolssd:prefork_max_children = 75 >> > spoolssd:prefork_spawn_rate = 5 >> > spoolssd:prefork_max_allowed_clients = 200 >> > spoolssd:prefork_child_min_life = 60 >> > rpc_daemon:spoolssd = embedded >> > rpc_server:spoolss = embedded >> > spoolss: architecture = Windows x64 >> > server role check:inhibit = yes >> > winbindd:use external pipes = true >> > idmap_ldb:use rfc2307 = Yes >> > idmap config * : backend = tdb >> > access based share enum = No >> > acl allow execute always = No >> > acl check permissions = Yes >> > acl group control = No >> > acl map full control = Yes >> > administrative share = No >> > admin users >> > afs share = No >> > aio read size = 16384 >> > aio write behind >> > aio write size = 16384 >> > allocation roundup size = 1048576 >> > available = Yes >> > blocking locks = Yes >> > block size = 1024 >> > browseable = Yes >> > case sensitive = No >> > comment >> > copy >> > create mask = 0744 >> > csc policy = manual >> > cups options = raw >> > default case = lower >> > default devmode = Yes >> > delete readonly = No >> > delete veto files = No >> > dfree cache time = 0 >> > dfree command >> > directory mask = 0755 >> > directory name cache size = 100 >> > dmapi support = No >> > dont descend >> > dos filemode = No >> > dos filetime resolution = No >> > dos filetimes = Yes >> > durable handles = Yes >> > ea support = No >> > fake directory create times = No >> > fake oplocks = No >> > follow symlinks = Yes >> > force create mode = 0000 >> > force directory mode = 0000 >> > force group >> > force printername = Yes >> > force unknown acl user = No >> > force user >> > fstype = NTFS >> > guest ok = No >> > guest only = No >> > hide dot files = Yes >> > hide files >> > hide special files = No >> > hide unreadable = No >> > hide unwriteable files = No >> > hosts allow = ALL 127.0.0.1 >> > hosts deny >> > include >> > inherit acls = Yes >> > inherit owner = no >> > inherit permissions = Yes >> > invalid users >> > kernel oplocks = No >> > kernel share modes = Yes >> > level2 oplocks = Yes >> > locking = Yes >> > lppause command >> > lpq command = %p >> > lpresume command >> > lprm command >> > magic output >> > magic script >> > mangled names = yes >> > mangling char = ~ >> > map acl inherit = Yes >> > map archive = No >> > map hidden = No >> > map readonly = no >> > map system = No >> > max connections = 0 >> > max print jobs = 1000 >> > max reported print jobs = 0 >> > min print space = 0 >> > msdfs proxy >> > msdfs root = No >> > msdfs shuffle referrals = No >> > nt acl support = Yes >> > ntvfs handler = unixuid, default >> > oplocks = Yes >> > path >> > posix locking = Yes >> > postexec >> > preexec >> > preexec close = No >> > preserve case = Yes >> > printable = No >> > print command >> > printer name >> > printing = cups >> > printjob username = %U >> > print notify backchannel = No >> > queuepause command >> > queueresume command >> > read list >> > read only = Yes >> > root postexec >> > root preexec >> > root preexec close = No >> > short preserve case = Yes >> > smb encrypt = No >> > spotlight = No >> > store dos attributes = Yes >> > strict allocate = Yes >> > strict locking = No >> > strict rename = No >> > strict sync = No >> > sync always = No >> > use client driver = No >> > use sendfile = Yes >> > valid users >> > veto files >> > veto oplock files >> > vfs objects = dfs_samba4 acl_xattr >> > volume >> > wide links = No >> > write cache size = 0 >> > write list >> > >> > >> > [homes] >> > admin users = "@Domain Admins" >> > browseable = No >> > comment = Home Directories >> > create mask = 0644 >> > force create mode = 0660 >> > force directory mode = 0770 >> > hide files = /Recycle Bin/ >> > path = /home/homes/%U >> > read only = No >> > valid users = "@Domain Users" >> > veto files = /*.encrypted/*.ecc/*.ccc/ >> > vfs objects = dfs_samba4 full_audit recycle >> > recycle:mode = KEEP_DIRECTORIES|VERSION|TOUCH >> > recycle:noversions = *.tmp|*.temp|*.dat|*.ini >> > recycle:exclude >> > *.tmp|*.temp|*.o|*.obj|~$*|*.??|*.log|*.trace|*.TMP|*.ASV|*.$$$|*.asv >> > recycle:touch_mtime = yes >> > recycle:touch = Yes >> > recycle:keeptree = Yes >> > recycle:versions = Yes >> > recycle:subdir_mode = 0700 >> > recycle:directory_mode = 0770 >> > recycle:maxsize = 0 >> > recycle:minsize = 0 >> > recycle:repository = .recycle >> > >> > >> > [profiles] >> > browseable = No >> > comment = Network Profiles Share >> > create mask = 0644 >> > force create mode = 0660 >> > force directory mode = 0770 >> > path = /home/profiles >> > read only = No >> > >> > >> > [netlogon] >> > browseable = No >> > comment = Network Netlogon Share >> > path = /usr/local/samba/var/locks/sysvol/facility.local/scripts >> > >> > >> > [sysvol] >> > browseable = No >> > path = /usr/local/samba/var/locks/sysvol >> > read only = No >> > >> > >> > [printers] >> > browseable = No >> > comment = All Printers >> > create mask = 0700 >> > path = /var/spool/samba >> > printable = Yes >> > write list = administrator "@Domain Admins" >> > acl_xattr:ignore system acl = yes >> > >> > >> > [print$] >> > admin users = "@Domain Admins" >> > comment = Printer Drivers >> > create mask = 0644 >> > force create mode = 0660 >> > force directory mode = 0770 >> > invalid users = qwerty >> > path = /home/printer_drivers >> > read only = No >> > valid users = "@Domain Users" >> > write list = root "@Domain Admins" >> > acl_xattr:ignore system acl = yes >> > >> > >> > [Share1] >> > admin users = "@Domain Admins" >> > comment = Share1 Paylasimi >> > create mask = 0644 >> > force create mode = 0660 >> > force directory mode = 0770 >> > hide files = /Recycle Bin/ >> > invalid users = qwerty @Share1_no >> > path = /home/TEST/Share1 >> > read list = abuzer >> > read only = No >> > valid users = "@Domain Users" abuzer >> > veto files = /*.encrypted/*.ecc/*.ccc/ >> > vfs objects = dfs_samba4 full_audit recycle >> > recycle:mode = KEEP_DIRECTORIES|VERSION|TOUCH >> > recycle:noversions = *.tmp|*.temp|*.dat|*.ini >> > recycle:exclude >> > *.tmp|*.temp|*.o|*.obj|~$*|*.??|*.log|*.trace|*.TMP|*.ASV|*.$$$|*.asv >> > recycle:touch_mtime = yes >> > recycle:touch = Yes >> > recycle:keeptree = Yes >> > recycle:versions = Yes >> > recycle:subdir_mode = 0700 >> > recycle:directory_mode = 0770 >> > recycle:maxsize = 0 >> > recycle:minsize = 0 >> > recycle:repository = .recycle >> > >> > >> > [brother_mfc9840] >> > admin users = "@Domain Admins" >> > path = /var/spool/samba >> > printable = Yes >> > printer name = brother1 >> > valid users = administrator "@Domain Users" >> > write list = "@Domain Admins" >> > >> > Bar???? >> > >> > Rowland Penny via samba <samba at lists.samba.org>, 19 ??ub 2019 >> > Sal, 11:54 >> > tarihinde ??unu yazd??: >> > >> > > On Tue, 19 Feb 2019 11:37:43 +0300 >> > > bar???? tombul via samba <samba at lists.samba.org> wrote: >> > > >> > > > Dear all, >> > > > >> > > > We are using samba domain and i upgraded the samba from 4.7.9 to >> > > > 4.8.9. With the old version, people in our domain can view and can >> > > > share the folders without asking password and the people >> > that out of >> > > > the domain can view and shared the folders with >> > > > writing \\IP_ADDRESS PROMPT USERNAME: PASSWORD. with the new >> > > > version, there is no problem about viewing and sharing >> > folders with >> > > > the people that in the domain but the people that are no >> > in the domain >> > > > can not view the \\IP_ADRESS screen. >> > > > >> > > > Also, with the 4.8.9 version, when ,people in the domain , right >> > > > clicked to the shared folders and choose properties > >> > security, the >> > > > system throw out. If i write security = user > security >> > domain in >> > > > the smb.conf folder, there is no problem about the people in the >> > > > domain but without active directory people the problem >> > still goes on. >> > > > You can see my smb.conf text in the below. >> > > > >> > > > Could you please help me about this problem? >> > > > >> > > > It is very URGENT!! >> > > > >> > > >> > > Two things, saying it is urgent doesn't cut any ice here, especially >> > > when you SHOUT urgent, Secondly, posting the output of >> > 'testparm -v' is >> > > making things worse from the point of view of trying to >> > understand what >> > > is going on, just post the output of 'cat' >> > > >> > > Rowland >> > > >> > > -- >> > > To unsubscribe from this list go to the following URL and read the >> > > instructions: https://lists.samba.org/mailman/options/samba >> > > >> > -- >> > To unsubscribe from this list go to the following URL and read the >> > instructions: https://lists.samba.org/mailman/options/samba >> > >> > >> >> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >> >