I got it. Thanks. The share is working. Only problem, I need some files to be only readable for the end user (templates) the problem is windows doesn't for some reason allow me to change the rights. I am using dutch windows so the error is dutch but translated it say. Can't connect/find active directory to verify or open claimtypes. Philip "Rowland penny via samba" <samba at lists.samba.org> schreef op 31 augustus 2020 19:12:> On 31/08/2020 17:53, Philip Offermans via samba wrote: > >> I fixt everything. It work. But I have got a new error. I think it is because rasbian doesn?t have >> this group >> >> root at dna:/home/pi# net rpc rights grant ?DOMAIN\Unix Admins" SeDiskOperatorPrivilege -U >> ?DOMAIN\administrator" >> Enter DOMAIN\administrator's password: >> Failed to grant privileges for DOMAIN\Unix Admins (NT_STATUS_NO_SUCH_USER) > > If you look on the wikipage where you found that command, there is a blue box above the command, in > that box it tells you that you will need to create the group 'Unix Admins and why. >> What is the problem with .local?? DOMAIN is placeholder to hide the company name > > the '.local' TLD is reserved for Avahi/Bonjour, so if your dns domain TLD is '.local', then I > suggest you turn off Avahi. > > Rowland > > -- To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
On 31/08/2020 18:27, mail at philipoffermans.nl wrote:> I got it. Thanks. The share is working. Only problem, I need some files to be only readable for the end user (templates) the problem is windows doesn't for some reason allow me to change the rights. I am using dutch windows so the error is dutch but translated it say. Can't connect/find active directory to verify or open claimtypes. >That is not a problem, post the error message in Dutch and I feel Louis (who is from Rotterdam) will understand it, but in the mean time, can you download this file: https://github.com/thctlo/samba4/blob/master/samba-collect-debug-info.sh Run it on your Samba machines and post it into a post to this list, do not attach it, this list removes attachments. Rowland
Hi sorry for the late reaction. I had no access to my test setup here is the
debug:
Gaia:
Collected config --- 2020-09-04-17:56 -----------
Hostname: gaia
DNS Domain: rompen.local
FQDN: gaia.rompen.local
ipaddress: 192.168.88.2
-----------
Kerberos SRV _kerberos._tcp.rompen.local record verified ok, sample output:
Server: 192.168.88.2
Address: 192.168.88.2#53
_kerberos._tcp.rompen.local service = 0 100 88 gaia.rompen.local.
Samba is running as an AD DC
-----------
Checking file: /etc/os-release
PRETTY_NAME="Raspbian GNU/Linux 10 (buster)"
NAME="Raspbian GNU/Linux"
VERSION_ID="10"
VERSION="10 (buster)"
VERSION_CODENAME=buster
ID=raspbian
ID_LIKE=debian
HOME_URL="http://www.raspbian.org/"
SUPPORT_URL="http://www.raspbian.org/RaspbianForums"
BUG_REPORT_URL="http://www.raspbian.org/RaspbianBugs"
-----------
This computer is running Debian 10.4 armv7l
-----------
running command : ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group
default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state
UP group default qlen 1000
link/ether b8:27:eb:7f:ad:98 brd ff:ff:ff:ff:ff:ff
inet 192.168.88.2/24 brd 192.168.88.255 scope global dynamic noprefixroute
eth0
valid_lft 544sec preferred_lft 469sec
inet6 fe80::bbbd:eb9b:bce9:b088/64 scope link
3: wlan0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group
default qlen 1000
link/ether b8:27:eb:2a:f8:cd brd ff:ff:ff:ff:ff:ff
-----------
Checking file: /etc/hosts
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
127.0.1.1 gaia.rompen.local gaia
-----------
Checking file: /etc/resolv.conf
# Generated by resolvconf
search rompen.local
nameserver 192.168.88.2
-----------
Checking file: /etc/krb5.conf
[libdefaults]
default_realm = ROMPEN.LOCAL
dns_lookup_realm = false
dns_lookup_kdc = true
-----------
Checking file: /etc/nsswitch.conf
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed,
try:
# `info libc "Name Service Switch"' for information about this
file.
passwd: files
group: files
shadow: files
gshadow: files
hosts: files mdns4_minimal [NOTFOUND=return] dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
-----------
Checking file: /etc/samba/smb.conf
# Global parameters
[global]
dns forwarder = 8.8.8.8
netbios name = GAIA
realm = ROMPEN.LOCAL
server role = active directory domain controller
workgroup = ROMPEN
idmap_ldb:use rfc2307 = yes
wins support = yes
[netlogon]
path = /var/lib/samba/sysvol/rompen.local/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
-----------
BIND_DLZ not detected in smb.conf
-----------
Installed packages:
ii attr 1:2.4.48-4 armhf
utilities for manipulating filesystem extended attributes
ii krb5-config 2.6 all
Configuration files for Kerberos Version 5
ii krb5-locales 1.17-3 all
internationalization support for MIT Kerberos
ii krb5-user 1.17-3 armhf
basic programs to authenticate using MIT Kerberos
ii libacl1:armhf 2.2.53-4 armhf
access control list - shared library
ii libattr1:armhf 1:2.4.48-4 armhf
extended attribute handling - shared library
ii libgssapi-krb5-2:armhf 1.17-3 armhf
MIT Kerberos runtime libraries - krb5 GSS-API Mechanism
ii libkrb5-3:armhf 1.17-3 armhf
MIT Kerberos runtime libraries
ii libkrb5support0:armhf 1.17-3 armhf
MIT Kerberos runtime libraries - Support library
ii libnss-winbind:armhf 2:4.9.5+dfsg-5+deb10u1+rpi1 armhf
Samba nameservice integration plugins
ii libpam-winbind:armhf 2:4.9.5+dfsg-5+deb10u1+rpi1 armhf
Windows domain authentication integration plugin
ii libsmbclient:armhf 2:4.9.5+dfsg-5+deb10u1+rpi1 armhf
shared library for communication with SMB/CIFS servers
ii libwbclient0:armhf 2:4.9.5+dfsg-5+deb10u1+rpi1 armhf
Samba winbind client library
ii python-samba 2:4.9.5+dfsg-5+deb10u1+rpi1 armhf
Python bindings for Samba
ii samba 2:4.9.5+dfsg-5+deb10u1+rpi1 armhf
SMB/CIFS file, print, and login server for Unix
ii samba-common 2:4.9.5+dfsg-5+deb10u1+rpi1 all
common files used by both the Samba server and client
ii samba-common-bin 2:4.9.5+dfsg-5+deb10u1+rpi1 armhf
Samba common files used by both the server and the client
ii samba-dsdb-modules:armhf 2:4.9.5+dfsg-5+deb10u1+rpi1 armhf
Samba Directory Services Database
ii samba-libs:armhf 2:4.9.5+dfsg-5+deb10u1+rpi1 armhf
Samba core libraries
ii samba-testsuite 2:4.9.5+dfsg-5+deb10u1+rpi1 armhf
test suite from Samba
ii samba-vfs-modules:armhf 2:4.9.5+dfsg-5+deb10u1+rpi1 armhf
Samba Virtual FileSystem plugins
ii smbclient 2:4.9.5+dfsg-5+deb10u1+rpi1 armhf
command-line SMB/CIFS clients for Unix
ii winbind 2:4.9.5+dfsg-5+deb10u1+rpi1 armhf
service to resolve user and group information from Windows NT servers
-----------
DNA:
.font-unix/
.ICE-unix/
samba-debug-info.txt
systemd-private-4feeaecc8e5e4411bb61b94f53b7484a-systemd-timesyncd.service-VWNVpy/
.Test-unix/
.X11-unix/
.XIM-unix/
root at dna:~/tmp# cat /tmp/samba-debug-info.txt
Collected config --- 2020-09-04-17:58 -----------
Hostname: dna
DNS Domain: rompen.local
FQDN: dna.rompen.local
ipaddress: 192.168.88.3
-----------
Kerberos SRV _kerberos._tcp.rompen.local record verified ok, sample output:
Server: 192.168.88.2
Address: 192.168.88.2#53
_kerberos._tcp.rompen.local service = 0 100 88 gaia.rompen.local.
Samba is running as a Unix domain member
-----------
Checking file: /etc/os-release
PRETTY_NAME="Raspbian GNU/Linux 10 (buster)"
NAME="Raspbian GNU/Linux"
VERSION_ID="10"
VERSION="10 (buster)"
VERSION_CODENAME=buster
ID=raspbian
ID_LIKE=debian
HOME_URL="http://www.raspbian.org/"
SUPPORT_URL="http://www.raspbian.org/RaspbianForums"
BUG_REPORT_URL="http://www.raspbian.org/RaspbianBugs"
-----------
This computer is running Debian 10.4 armv7l
-----------
running command : ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group
default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state
UP group default qlen 1000
link/ether b8:27:eb:97:db:d8 brd ff:ff:ff:ff:ff:ff
inet 192.168.88.3/24 brd 192.168.88.255 scope global dynamic noprefixroute
eth0
valid_lft 472sec preferred_lft 397sec
inet6 fe80::e85c:b84c:8f64:eb20/64 scope link
3: wlan0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group
default qlen 1000
link/ether b8:27:eb:c2:8e:8d brd ff:ff:ff:ff:ff:ff
-----------
Checking file: /etc/hosts
192.168.88.3 dna.rompen.local dna
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
-----------
Checking file: /etc/resolv.conf
# Generated by resolvconf
search rompen.local
nameserver 192.168.88.2
-----------
Checking file: /etc/krb5.conf
[libdefaults]
default_realm = ROMPEN.LOCAL
dns_lookup_realm = false
dns_lookup_kdc = true
-----------
Checking file: /etc/nsswitch.conf
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed,
try:
# `info libc "Name Service Switch"' for information about this
file.
passwd: files winbind
group: files winbind
shadow: files
gshadow: files
hosts: files mdns4_minimal [NOTFOUND=return] dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
-----------
Checking file: /etc/samba/smb.conf
[global]
netbios name = DNA
workgroup = ROMPEN
security = ADS
realm = ROMPEN.LOCAL
encrypt passwords = yes
acl allow execute always = yes
idmap config *:backend = tdb
idmap config *:range = 70001-80000
idmap config <win domain>:backend = ad
idmap config <win domain>:schema_mode = rfc2307
idmap config <win domain>:range = 3000000-4000000
winbind refresh tickets = Yes
vfs objects = acl_xattr
map acl inherit = Yes
store dos attributes = Yes
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
username map = /etc/samba/user.map
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
vfs objects = acl_xattr
map acl inherit = Yes
store dos attributes = Yes
username map = /etc/samba/user.map
[share]
path = /nas
read only = no
inherit acls = yes
[users]
path = /usr/home
read only = no
force create mode = 0600
force directory mode = 0700
-----------
Running as Unix domain member and no user.map detected.
This is possible with an auth-only setup, checking also for NFS parts
-----------
Checking file: /etc/idmapd.conf
[General]
Verbosity = 0
Pipefs-Directory = /run/rpc_pipefs
# set your own domain here, if it differs from FQDN minus hostname
# Domain = localdomain
[Mapping]
Nobody-User = nobody
Nobody-Group = nogroup
-----------
Installed packages:
ii acl 2.2.53-4 armhf
access control list - utilities
ii attr 1:2.4.48-4 armhf
utilities for manipulating filesystem extended attributes
ii krb5-config 2.6 all
Configuration files for Kerberos Version 5
ii krb5-user 1.17-3 armhf
basic programs to authenticate using MIT Kerberos
ii libacl1:armhf 2.2.53-4 armhf
access control list - shared library
ii libattr1:armhf 1:2.4.48-4 armhf
extended attribute handling - shared library
ii libgssapi-krb5-2:armhf 1.17-3 armhf
MIT Kerberos runtime libraries - krb5 GSS-API Mechanism
ii libkrb5-3:armhf 1.17-3 armhf
MIT Kerberos runtime libraries
ii libkrb5support0:armhf 1.17-3 armhf
MIT Kerberos runtime libraries - Support library
ii libnfsidmap2:armhf 0.25-5.1 armhf
NFS idmapping library
ii libnss-winbind:armhf 2:4.9.5+dfsg-5+deb10u1+rpi1 armhf
Samba nameservice integration plugins
ii libpam-winbind:armhf 2:4.9.5+dfsg-5+deb10u1+rpi1 armhf
Windows domain authentication integration plugin
ii libwbclient0:armhf 2:4.9.5+dfsg-5+deb10u1+rpi1 armhf
Samba winbind client library
ii nfs-common 1:1.3.4-2.5+deb10u1 armhf
NFS support files common to client and server
ii python-samba 2:4.9.5+dfsg-5+deb10u1+rpi1 armhf
Python bindings for Samba
ii samba 2:4.9.5+dfsg-5+deb10u1+rpi1 armhf
SMB/CIFS file, print, and login server for Unix
ii samba-common 2:4.9.5+dfsg-5+deb10u1+rpi1 all
common files used by both the Samba server and client
ii samba-common-bin 2:4.9.5+dfsg-5+deb10u1+rpi1 armhf
Samba common files used by both the server and the client
ii samba-dsdb-modules:armhf 2:4.9.5+dfsg-5+deb10u1+rpi1 armhf
Samba Directory Services Database
ii samba-libs:armhf 2:4.9.5+dfsg-5+deb10u1+rpi1 armhf
Samba core libraries
ii samba-vfs-modules:armhf 2:4.9.5+dfsg-5+deb10u1+rpi1 armhf
Samba Virtual FileSystem plugins
ii winbind 2:4.9.5+dfsg-5+deb10u1+rpi1 armhf
service to resolve user and group information from Windows NT servers
-----------
root at dna:~/tmp#
Philip
> On 31 Aug 2020, at 20:09, Rowland penny via samba <samba at
lists.samba.org> wrote:
>
> On 31/08/2020 18:27, mail at philipoffermans.nl wrote:
>> I got it. Thanks. The share is working. Only problem, I need some files
to be only readable for the end user (templates) the problem is windows
doesn't for some reason allow me to change the rights. I am using dutch
windows so the error is dutch but translated it say. Can't connect/find
active directory to verify or open claimtypes.
>>
> That is not a problem, post the error message in Dutch and I feel Louis
(who is from Rotterdam) will understand it, but in the mean time, can you
download this file:
>
> https://github.com/thctlo/samba4/blob/master/samba-collect-debug-info.sh
>
> Run it on your Samba machines and post it into a post to this list, do not
attach it, this list removes attachments.
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
See below, basicly what now happend is. This one line :> 127.0.1.1 gaia.rompen.local gaia <<<< CHANGE THISIs what is your problem. Read throught the settings, you need a few changes. Its mostly good. After the changes, reboot the AD-DC. Then after its rebooted and after the changes for the member, reboot that also. Then is should be ok. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Philip Offermans via samba > Verzonden: vrijdag 4 september 2020 17:59 > Aan: Rowland penny > CC: sambalist > Onderwerp: Re: [Samba] No DNS domain configured > > Hi sorry for the late reaction. I had no access to my test > setup here is the debug: > > Gaia: > Collected config --- 2020-09-04-17:56 ----------- > > Hostname: gaia > DNS Domain: rompen.local > FQDN: gaia.rompen.local > ipaddress: 192.168.88.2 > > ----------- > > Kerberos SRV _kerberos._tcp.rompen.local record verified ok, > sample output: > Server: 192.168.88.2 > Address: 192.168.88.2#53 > > _kerberos._tcp.rompen.local service = 0 100 88 gaia.rompen.local. > Samba is running as an AD DC > > ----------- > Checking file: /etc/os-release > > PRETTY_NAME="Raspbian GNU/Linux 10 (buster)" > NAME="Raspbian GNU/Linux" > VERSION_ID="10" > VERSION="10 (buster)" > VERSION_CODENAME=buster > ID=raspbian > ID_LIKE=debian > HOME_URL="http://www.raspbian.org/" > SUPPORT_URL="http://www.raspbian.org/RaspbianForums" > BUG_REPORT_URL="http://www.raspbian.org/RaspbianBugs" > > ----------- > > > This computer is running Debian 10.4 armv7l > > ----------- > running command : ip a > 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state > UNKNOWN group default qlen 1000 > link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 > inet 127.0.0.1/8 scope host lo > inet6 ::1/128 scope host > 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc > pfifo_fast state UP group default qlen 1000 > link/ether b8:27:eb:7f:ad:98 brd ff:ff:ff:ff:ff:ff > inet 192.168.88.2/24 brd 192.168.88.255 scope global > dynamic noprefixroute eth0 > valid_lft 544sec preferred_lft 469sec > inet6 fe80::bbbd:eb9b:bce9:b088/64 scope link > 3: wlan0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state > DOWN group default qlen 1000 > link/ether b8:27:eb:2a:f8:cd brd ff:ff:ff:ff:ff:ff > > ----------- > Checking file: /etc/hosts > > 127.0.0.1 localhost > ::1 localhost ip6-localhost ip6-loopback > ff02::1 ip6-allnodes > ff02::2 ip6-allrouters > > 127.0.1.1 gaia.rompen.local gaia <<<< CHANGE THIS192.168.88.2 gaia.rompen.local gaia <<<< TO THIS> > ----------- > > Checking file: /etc/resolv.conf > > # Generated by resolvconf > search rompen.local > nameserver 192.168.88.2 > > ----------- > > Checking file: /etc/krb5.conf > > [libdefaults] > default_realm = ROMPEN.LOCAL > dns_lookup_realm = false > dns_lookup_kdc = true > > ----------- > > Checking file: /etc/nsswitch.conf > > # /etc/nsswitch.conf > # > # Example configuration of GNU Name Service Switch functionality. > # If you have the `glibc-doc-reference' and `info' packages > installed, try: > # `info libc "Name Service Switch"' for information about this file. > > passwd: files > group: files > shadow: files > gshadow: files > > hosts: files mdns4_minimal [NOTFOUND=return] dns <<< CHANGE THIS > hosts: files dns mdns4_minimal [NOTFOUND=return] <<< TO THIS > networks: files > > protocols: db files > services: db files > ethers: db files > rpc: db files > > netgroup: nis > > ----------- > > Checking file: /etc/samba/smb.conf > > # Global parameters > [global] > dns forwarder = 8.8.8.8 > netbios name = GAIA > realm = ROMPEN.LOCAL > server role = active directory domain controller > workgroup = ROMPEN > idmap_ldb:use rfc2307 = yes > wins support = yes > > [netlogon] > path = /var/lib/samba/sysvol/rompen.local/scripts > read only = No > > [sysvol] > path = /var/lib/samba/sysvol > read only = No > > ----------- > > BIND_DLZ not detected in smb.conf > > ----------- >In addition to below packages, apt install acl Reported that enough, dont ask why debian isnt adding it to the Recommended packages. Since its obligated for the AD-DC's .> Installed packages: > ii attr 1:2.4.48-4 > armhf utilities for manipulating filesystem > extended attributes > ii krb5-config 2.6 > all Configuration files for Kerberos Version 5 > ii krb5-locales 1.17-3 > all internationalization support for MIT Kerberos > ii krb5-user 1.17-3 > armhf basic programs to authenticate using > MIT Kerberos > ii libacl1:armhf 2.2.53-4 > armhf access control list - shared library > ii libattr1:armhf 1:2.4.48-4 > armhf extended attribute handling - shared library > ii libgssapi-krb5-2:armhf 1.17-3 > armhf MIT Kerberos runtime libraries - krb5 > GSS-API Mechanism > ii libkrb5-3:armhf 1.17-3 > armhf MIT Kerberos runtime libraries > ii libkrb5support0:armhf 1.17-3 > armhf MIT Kerberos runtime libraries - Support library > ii libnss-winbind:armhf > 2:4.9.5+dfsg-5+deb10u1+rpi1 armhf Samba > nameservice integration plugins > ii libpam-winbind:armhf > 2:4.9.5+dfsg-5+deb10u1+rpi1 armhf Windows > domain authentication integration plugin > ii libsmbclient:armhf > 2:4.9.5+dfsg-5+deb10u1+rpi1 armhf shared > library for communication with SMB/CIFS servers > ii libwbclient0:armhf > 2:4.9.5+dfsg-5+deb10u1+rpi1 armhf Samba > winbind client library > ii python-samba > 2:4.9.5+dfsg-5+deb10u1+rpi1 armhf Python > bindings for Samba > ii samba > 2:4.9.5+dfsg-5+deb10u1+rpi1 armhf SMB/CIFS > file, print, and login server for Unix > ii samba-common > 2:4.9.5+dfsg-5+deb10u1+rpi1 all common files > used by both the Samba server and client > ii samba-common-bin > 2:4.9.5+dfsg-5+deb10u1+rpi1 armhf Samba common > files used by both the server and the client > ii samba-dsdb-modules:armhf > 2:4.9.5+dfsg-5+deb10u1+rpi1 armhf Samba > Directory Services Database > ii samba-libs:armhf > 2:4.9.5+dfsg-5+deb10u1+rpi1 armhf Samba core libraries > ii samba-testsuite > 2:4.9.5+dfsg-5+deb10u1+rpi1 armhf test suite from Samba > ii samba-vfs-modules:armhf > 2:4.9.5+dfsg-5+deb10u1+rpi1 armhf Samba > Virtual FileSystem plugins > ii smbclient > 2:4.9.5+dfsg-5+deb10u1+rpi1 armhf command-line > SMB/CIFS clients for Unix > ii winbind > 2:4.9.5+dfsg-5+deb10u1+rpi1 armhf service to > resolve user and group information from Windows NT servers > > ----------- > > > DNA: > > .font-unix/ > .ICE-unix/ > samba-debug-info.txt > systemd-private-4feeaecc8e5e4411bb61b94f53b7484a-systemd-timesyncd.service-VWNVpy/> .Test-unix/ > .X11-unix/ > .XIM-unix/ > root at dna:~/tmp# cat /tmp/samba-debug-info.txt > Collected config --- 2020-09-04-17:58 ----------- > > Hostname: dna > DNS Domain: rompen.local > FQDN: dna.rompen.local > ipaddress: 192.168.88.3 > > ----------- > > Kerberos SRV _kerberos._tcp.rompen.local record verified ok, > sample output: > Server: 192.168.88.2 > Address: 192.168.88.2#53 > > _kerberos._tcp.rompen.local service = 0 100 88 gaia.rompen.local. > Samba is running as a Unix domain member > > ----------- > Checking file: /etc/os-release > > PRETTY_NAME="Raspbian GNU/Linux 10 (buster)" > NAME="Raspbian GNU/Linux" > VERSION_ID="10" > VERSION="10 (buster)" > VERSION_CODENAME=buster > ID=raspbian > ID_LIKE=debian > HOME_URL="http://www.raspbian.org/" > SUPPORT_URL="http://www.raspbian.org/RaspbianForums" > BUG_REPORT_URL="http://www.raspbian.org/RaspbianBugs" > > ----------- > > > This computer is running Debian 10.4 armv7l > > ----------- > running command : ip a > 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state > UNKNOWN group default qlen 1000 > link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 > inet 127.0.0.1/8 scope host lo > inet6 ::1/128 scope host > 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc > pfifo_fast state UP group default qlen 1000 > link/ether b8:27:eb:97:db:d8 brd ff:ff:ff:ff:ff:ff > inet 192.168.88.3/24 brd 192.168.88.255 scope global > dynamic noprefixroute eth0 > valid_lft 472sec preferred_lft 397sec > inet6 fe80::e85c:b84c:8f64:eb20/64 scope link > 3: wlan0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state > DOWN group default qlen 1000 > link/ether b8:27:eb:c2:8e:8d brd ff:ff:ff:ff:ff:ff > > ----------- > Checking file: /etc/hosts > > 192.168.88.3 dna.rompen.local dna > 127.0.0.1 localhost > ::1 localhost ip6-localhost ip6-loopback > ff02::1 ip6-allnodes > ff02::2 ip6-allrouters > > ----------- > > Checking file: /etc/resolv.conf > > # Generated by resolvconf > search rompen.local > nameserver 192.168.88.2 > > ----------- > > Checking file: /etc/krb5.conf > > [libdefaults] > default_realm = ROMPEN.LOCAL > dns_lookup_realm = false > dns_lookup_kdc = true > > ----------- > > Checking file: /etc/nsswitch.conf > > # /etc/nsswitch.conf > # > # Example configuration of GNU Name Service Switch functionality. > # If you have the `glibc-doc-reference' and `info' packages > installed, try: > # `info libc "Name Service Switch"' for information about this file. > > passwd: files winbind > group: files winbind > shadow: files > gshadow: files > > hosts: files mdns4_minimal [NOTFOUND=return] dns ## SAME HERE move dns move mdns4_.. > networks: files > > protocols: db files > services: db files > ethers: db files > rpc: db files > > netgroup: nis > > ----------- > > Checking file: /etc/samba/smb.conf > > [global] > netbios name = DNA > workgroup = ROMPEN > security = ADS > realm = ROMPEN.LOCAL > encrypt passwords = yes > > acl allow execute always = yes > > idmap config *:backend = tdb > idmap config *:range = 70001-80000 > idmap config <win domain>:backend = ad > idmap config <win domain>:schema_mode = rfc2307 > idmap config <win domain>:range = 3000000-4000000 > > winbind refresh tickets = Yes > vfs objects = acl_xattr > map acl inherit = Yes > store dos attributes = Yes > > dedicated keytab file = /etc/krb5.keytab > kerberos method = secrets and keytab > > winbind use default domain = yes > > winbind enum users = yes << change to No > winbind enum groups = yes << change to No. > > username map = /etc/samba/user.map > dedicated keytab file = /etc/krb5.keytab > kerberos method = secrets and keytab > > vfs objects = acl_xattr > map acl inherit = Yes > store dos attributes = Yes > > username map = /etc/samba/user.map > > [share] > path = /nas > read only = no > inherit acls = yes > > [users] > path = /usr/home > read only = no > force create mode = 0600 > force directory mode = 0700 > > ----------- > > Running as Unix domain member and no user.map detected. > This is possible with an auth-only setup, checking also for NFS parts > ----------- > Checking file: /etc/idmapd.conf > > [General] > > Verbosity = 0 > Pipefs-Directory = /run/rpc_pipefs > # set your own domain here, if it differs from FQDN minus hostname > # Domain = localdomain > > [Mapping] > > Nobody-User = nobody > Nobody-Group = nogroup > > ----------- > > > Installed packages: > ii acl 2.2.53-4 > armhf access control list - utilities > ii attr 1:2.4.48-4 > armhf utilities for manipulating filesystem > extended attributes > ii krb5-config 2.6 > all Configuration files for Kerberos Version 5 > ii krb5-user 1.17-3 > armhf basic programs to authenticate using > MIT Kerberos > ii libacl1:armhf 2.2.53-4 > armhf access control list - shared library > ii libattr1:armhf 1:2.4.48-4 > armhf extended attribute handling - shared library > ii libgssapi-krb5-2:armhf 1.17-3 > armhf MIT Kerberos runtime libraries - krb5 > GSS-API Mechanism > ii libkrb5-3:armhf 1.17-3 > armhf MIT Kerberos runtime libraries > ii libkrb5support0:armhf 1.17-3 > armhf MIT Kerberos runtime libraries - Support library > ii libnfsidmap2:armhf 0.25-5.1 > armhf NFS idmapping library > ii libnss-winbind:armhf > 2:4.9.5+dfsg-5+deb10u1+rpi1 armhf Samba > nameservice integration plugins > ii libpam-winbind:armhf > 2:4.9.5+dfsg-5+deb10u1+rpi1 armhf Windows > domain authentication integration plugin > ii libwbclient0:armhf > 2:4.9.5+dfsg-5+deb10u1+rpi1 armhf Samba > winbind client library > ii nfs-common 1:1.3.4-2.5+deb10u1 > armhf NFS support files common to client and server > ii python-samba > 2:4.9.5+dfsg-5+deb10u1+rpi1 armhf Python > bindings for Samba > ii samba > 2:4.9.5+dfsg-5+deb10u1+rpi1 armhf SMB/CIFS > file, print, and login server for Unix > ii samba-common > 2:4.9.5+dfsg-5+deb10u1+rpi1 all common files > used by both the Samba server and client > ii samba-common-bin > 2:4.9.5+dfsg-5+deb10u1+rpi1 armhf Samba common > files used by both the server and the client > ii samba-dsdb-modules:armhf > 2:4.9.5+dfsg-5+deb10u1+rpi1 armhf Samba > Directory Services Database > ii samba-libs:armhf > 2:4.9.5+dfsg-5+deb10u1+rpi1 armhf Samba core libraries > ii samba-vfs-modules:armhf > 2:4.9.5+dfsg-5+deb10u1+rpi1 armhf Samba > Virtual FileSystem plugins > ii winbind > 2:4.9.5+dfsg-5+deb10u1+rpi1 armhf service to > resolve user and group information from Windows NT servers > > ----------- > root at dna:~/tmp# > > > Philip > > > On 31 Aug 2020, at 20:09, Rowland penny via samba > <samba at lists.samba.org> wrote: > > > > On 31/08/2020 18:27, mail at philipoffermans.nl wrote: > >> I got it. Thanks. The share is working. Only problem, I > need some files to be only readable for the end user > (templates) the problem is windows doesn't for some reason > allow me to change the rights. I am using dutch windows so > the error is dutch but translated it say. Can't connect/find > active directory to verify or open claimtypes. > >> > > That is not a problem, post the error message in Dutch and > I feel Louis (who is from Rotterdam) will understand it, but > in the mean time, can you download this file: > > > > > https://github.com/thctlo/samba4/blob/master/samba-collect-debug-info.sh> > > > Run it on your Samba machines and post it into a post to > this list, do not attach it, this list removes attachments. > > > > Rowland > > > > > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >