Rowland penny via samba ha scritto il 25/08/20 alle 18:20:> [...] > Even though your users may have the same username in AD as in the > NT4-style domain, they are different users, so a few thoughts. You have > 'map to guest = bad user', so I take it you must have 'guest ok = yes' > set in the shares (you haven't shown us the shares),in effect there is no guest ok = yes in shares...> so try changing > 'bad user' to 'bad password'. The only other thing I can think of at the > moment is to remove 'winbind use default domain = yes'done, changed "map to guest" to "bad password" but nothing changed... :( Piviul
On 26/08/2020 09:26, Piviul via samba wrote:> Rowland penny via samba ha scritto il 25/08/20 alle 18:20: >> [...] >> Even though your users may have the same username in AD as in the >> NT4-style domain, they are different users, so a few thoughts. You >> have 'map to guest = bad user', so I take it you must have 'guest ok >> = yes' set in the shares (you haven't shown us the shares), > in effect there is no guest ok = yes in shares...Then what is this from your 'tuning' share: guest ok = yes> >> so try changing 'bad user' to 'bad password'. The only other thing I >> can think of at the moment is to remove 'winbind use default domain = >> yes' > done, changed "map to guest" to "bad password" but nothing changed...Change it back, it isn't your problem> You have 'allow trusted domains = No' in 'global' and from 'man smb.conf': ?????? allow trusted domains (G) ?????????? This option only takes effect when the security option is set to ?????????? server, domain or ads. If it is set to no, then attempts to connect ?????????? to a resource from a domain or workgroup other than the one which ?????????? smbd is running in will fail, even if that domain is trusted by the ?????????? remote server doing the authentication. You also have shares that can only be written to by '@DOMINIOCSA\domain admins' Rowland> > :( > > Piviul >
Rowland penny via samba ha scritto il 26/08/20 alle 12:46:> On 26/08/2020 09:26, Piviul via samba wrote: >> Rowland penny via samba ha scritto il 25/08/20 alle 18:20: >>> [...] >>> Even though your users may have the same username in AD as in the >>> NT4-style domain, they are different users, so a few thoughts. You >>> have 'map to guest = bad user', so I take it you must have 'guest ok >>> = yes' set in the shares (you haven't shown us the shares), >> in effect there is no guest ok = yes in shares... > > Then what is this from your 'tuning' share: > > guest ok = yesyou are right I forgot the tuning share... I forgot it because when I say you that there is not 'guest ok = yes' in shares I was thinking about filesystem shares and the tuning share is a virtual printer... any way you are right I've used it in tuning share...>>> so try changing 'bad user' to 'bad password'. The only other thing I >>> can think of at the moment is to remove 'winbind use default domain = >>> yes' >> done, changed "map to guest" to "bad password" but nothing changed... > > Change it back, it isn't your problem>ok;> You have 'allow trusted domains = No' in 'global' and from 'man smb.conf': > > ?????? allow trusted domains (G) > > ?????????? This option only takes effect when the security option is > set to > ?????????? server, domain or ads. If it is set to no, then attempts to > connect > ?????????? to a resource from a domain or workgroup other than the one > which > ?????????? smbd is running in will fail, even if that domain is trusted > by the > ?????????? remote server doing the authentication.ok, I have removed it;> You also have shares that can only be written to by '@DOMINIOCSA\domain > admins'yes, that's true but I'm connecting to shares that the user can access or better to shares that domainNT\user can connect but domainAD\user can't like http share in zizi server. Piviul
Mandi! Rowland penny via samba In chel di` si favelave...> You have 'allow trusted domains = No' in 'global' and from 'man smb.conf':I've had not noted that. I can confirm that my working setup had NOT 'allow trusted domains No'. -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/ Polo FVG - Via della Bont?, 7 - 33078 - San Vito al Tagliamento (PN) marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797 Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA! http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000 (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)