On 17/06/2019 13:42, Edouard Guign? via samba wrote:> Hello, > > Please find here the content of my smb.cnf : > > [global] > ??????? security = ads > ??????? realm = MYDOMAIN.LOCAL > ??????? workgroup = MYDOMAIN > ??????? kerberos method = secrets and keytab > ??????? server signing = mandatory > ??????? client signing = mandatory > > ??????? hosts allow = 127. 10.X.X. > ??????? hosts deny = 10.X.X. > > ??????? log level = 1 auth_audit:3 > ??????? local master = no > ??????? domain master = no > ??????? preferred master = no > > ??????? use sendfile = true > > ??????? load printers = no > ??????? cups options = raw > ??????? printcap name = /dev/null > > ? ? ?? disable spoolss = yes > > ??????? vfs objects = acl_xattr > ??????? map acl inherit = yes > ??????? store dos attributes = yes > > ??? idmap config * : backend = tdb > > ??? idmap config * : range = 15000-99999 > > ??? ??? winbind nss info = rfc2307 > ??? ??? idmap config MYDOMAIN : backend = ad > ??? ??? idmap config MYDOMAIN : schema_mode = rfc2307 > > ??? ??? idmap config MYDOMAIN : range = 10000-14999 > > ??? ??? idmap config MYDOMAIN : unix_nss_info = yes > > ??? ??? idmap config MYDOMAIN : unix_primary_group = yes > > ??? client min protocol = SMB2 > > ??? username map = /etc/samba/user.map > > [groups] > ? comment = mycomment > ? path = /var/datashared > ? public = no > ? writable = yes > > ? valid users = @"utilisateurs du domaine at MYDOMAIN.LOCAL" > > ? vfs objects = acl_xattr streams_xattr > > [homes] > ??????? comment = Home Directories > ??????? read only = No > ??????? create mask = 0700 > ??????? directory mask = 0700 > ??????? valid users = @"utilisateurs du domaine at MYDOMAIN.LOCAL" > ??????? path = /home > ??????? hide files = /~*.tmp/profile/desktop.ini/~$*/ > ??????? browseable = no > ??????? public = no > ??????? guest ok = no > > [printers] > ??????? comment = All Printers > ??????? path = /var/tmp > ??????? printable = Yes > ??????? create mask = 0600 > ??????? browseable = No > > [print$] > ??????? comment = Printer Drivers > ??????? path = /var/lib/samba/drivers > ??????? write list = root > ??????? create mask = 0664 > ??????? directory mask = 0775 >Provided you have added uidNumbers to your users and (at least) a gidNumber to Domain Users, that smb.conf has nothing major wrong.> And the content of my /etc/nsswitch.conf : > > bootparams: nisplus [NOTFOUND=return] files > > ethers:???? files > netmasks:?? files > networks:?? files > protocols:? files > rpc:??????? files > services:?? files sss > > netgroup:?? files sss > > publickey:? nisplus > > automount:? files > aliases:??? files nisplusYour nsswitch.conf is a different matter, you either do not have the passwd, group and shadow lines or you have chosen not to show them. Rowland
Edouard Guigné
2019-Jun-17 16:45 UTC
[Samba] Fwd: Re: Fwd: Re: Kerberos and NTLMv2 authentication
Hello, I do not know how should be nsswitch.conf configured. What should I change in it according to "/you either do not have the passwd, group and shadow lines or you have chosen not to show them/" ? Something like this? added to nsswitch.conf ? passwd : files group : files shadow : files What does it change if not to show them ? -------- Message transf?r? -------- Sujet?: Re: [Samba] Fwd: Re: Kerberos and NTLMv2 authentication Date?: Mon, 17 Jun 2019 14:12:56 +0100 De?: Rowland penny via samba <samba at lists.samba.org> R?pondre ??: Rowland penny <rpenny at samba.org> Pour?: samba at lists.samba.org On 17/06/2019 13:42, Edouard Guign? via samba wrote:> Hello, > > Please find here the content of my smb.cnf : > > [global] > ??????? security = ads > ??????? realm = MYDOMAIN.LOCAL > ??????? workgroup = MYDOMAIN > ??????? kerberos method = secrets and keytab > ??????? server signing = mandatory > ??????? client signing = mandatory > > ??????? hosts allow = 127. 10.X.X. > ??????? hosts deny = 10.X.X. > > ??????? log level = 1 auth_audit:3 > ??????? local master = no > ??????? domain master = no > ??????? preferred master = no > > ??????? use sendfile = true > > ??????? load printers = no > ??????? cups options = raw > ??????? printcap name = /dev/null > > ? ? ?? disable spoolss = yes > > ??????? vfs objects = acl_xattr > ??????? map acl inherit = yes > ??????? store dos attributes = yes > > ??? idmap config * : backend = tdb > > ??? idmap config * : range = 15000-99999 > > ??? ??? winbind nss info = rfc2307 > ??? ??? idmap config MYDOMAIN : backend = ad > ??? ??? idmap config MYDOMAIN : schema_mode = rfc2307 > > ??? ??? idmap config MYDOMAIN : range = 10000-14999 > > ??? ??? idmap config MYDOMAIN : unix_nss_info = yes > > ??? ??? idmap config MYDOMAIN : unix_primary_group = yes > > ??? client min protocol = SMB2 > > ??? username map = /etc/samba/user.map > > [groups] > ? comment = mycomment > ? path = /var/datashared > ? public = no > ? writable = yes > > ? valid users = @"utilisateurs du domaine at MYDOMAIN.LOCAL" > > ? vfs objects = acl_xattr streams_xattr > > [homes] > ??????? comment = Home Directories > ??????? read only = No > ??????? create mask = 0700 > ??????? directory mask = 0700 > ??????? valid users = @"utilisateurs du domaine at MYDOMAIN.LOCAL" > ??????? path = /home > ??????? hide files = /~*.tmp/profile/desktop.ini/~$*/ > ??????? browseable = no > ??????? public = no > ??????? guest ok = no > > [printers] > ??????? comment = All Printers > ??????? path = /var/tmp > ??????? printable = Yes > ??????? create mask = 0600 > ??????? browseable = No > > [print$] > ??????? comment = Printer Drivers > ??????? path = /var/lib/samba/drivers > ??????? write list = root > ??????? create mask = 0664 > ??????? directory mask = 0775 >Provided you have added uidNumbers to your users and (at least) a gidNumber to Domain Users, that smb.conf has nothing major wrong.> And the content of my /etc/nsswitch.conf : > > bootparams: nisplus [NOTFOUND=return] files > > ethers:???? files > netmasks:?? files > networks:?? files > protocols:? files > rpc:??????? files > services:?? files sss > > netgroup:?? files sss > > publickey:? nisplus > > automount:? files > aliases:??? files nisplusYour nsswitch.conf is a different matter, you either do not have the passwd, group and shadow lines or you have chosen not to show them. Rowland -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Rowland penny
2019-Jun-17 16:58 UTC
[Samba] Fwd: Re: Fwd: Re: Kerberos and NTLMv2 authentication
On 17/06/2019 17:45, Edouard Guign? via samba wrote:> Hello, > > I do not know how should be nsswitch.conf configured. > What should I change in it according to "/you either do not have the > passwd, group and shadow lines or you have chosen not to show them/" ? > Something like this? added to nsswitch.conf ? > passwd : files > group : files > shadow : files > > What does it change if not to show them ?If you do not have them set in /etc/nsswitch.conf, then NSS will not use them and if you set them as your example, only the local files will be used, nothing from AD. Try it like this: passwd:???????? files winbind group:????????? files winbind shadow:???????? files gshadow:??????? files hosts:????????? files dns bootparams: nisplus [NOTFOUND=return] files ethers:???? files netmasks:?? files networks:?? files protocols:? files rpc:??????? files services:?? files netgroup:?? files publickey:? nisplus automount:? files aliases:??? files nisplus Rowland