Paul.LKW
2021-Jan-23 19:56 UTC
[Samba] Help - Samba 412 could not use Kerberos name to enter share
Dear All: I have a freebsd-12.2 new box with Samba-4.12 installed however after follow the "https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller" I find I could not open the share by \\o.o\User\someone but I could open the \\o.o\netlogon\without any problem, however if I use \\10.10.100.10\Users\someone could be opened but \\10.10.100.10\netlogon could not be opened (Asking for login/password), below is my config file. # Global parameters [global] ??????? dns forwarder = 8.8.8.8 ??????? netbios name = HOME ??????? realm = O.O ??????? server role = active directory domain controller ??????? workgroup = AD ??????? idmap_ldb:use rfc2307 = yes ??????? vfs objects = dfs_samba4 zfsacl acl_xattr ??????? socket options = TCP_NODELAY [sysvol] ??????? path = /var/db/samba4/sysvol ??????? read only = No [netlogon] ??????? path = /var/db/samba4/sysvol/o.o/scripts ??????? read only = No [Profiles] ??????? path = /HOME/Profiles ??????? read only = No ??????? oplocks = No [Users] ??????? path = /HOME/Users ??????? read only = No ??????? force create mode = 0600 ??????? force directory mode = 0700 ??????? map acl inherit = yes [FamilyShares] ??????? path = /HOME/FamilyShares ??????? read only = No any help would be appreciated. BR. Paul.LKW
Rowland penny
2021-Jan-23 20:58 UTC
[Samba] Help - Samba 412 could not use Kerberos name to enter share
On 23/01/2021 19:56, Paul.LKW via samba wrote:> Dear All: > I have a freebsd-12.2 new box with Samba-4.12 installed however after > follow the > "https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller" > I find I could not open the share by \\o.o\User\someone but I could > open the \\o.o\netlogon\without any problem, however if I use > \\10.10.100.10\Users\someone could be opened but > \\10.10.100.10\netlogon could not be opened (Asking for > login/password), below is my config file.Hmm, this works for myself, but with one difference, you seem to just using the dns domain name, whereas I used the FQDN of the DC, speaking of which, it isn't recommended to use a DC as a fileserver.> > # Global parameters > [global] > ??????? dns forwarder = 8.8.8.8 > ??????? netbios name = HOME > ??????? realm = O.O > ??????? server role = active directory domain controller > ??????? workgroup = AD > ??????? idmap_ldb:use rfc2307 = yes > ??????? vfs objects = dfs_samba4 zfsacl acl_xattr > ??????? socket options = TCP_NODELAYI would let the kernel deal with the socket options> > [sysvol] > ??????? path = /var/db/samba4/sysvol > ??????? read only = No > > [netlogon] > ??????? path = /var/db/samba4/sysvol/o.o/scripts > ??????? read only = No > > [Profiles] > ??????? path = /HOME/Profiles > ??????? read only = No > ??????? oplocks = NoER, no: see here https://wiki.samba.org/index.php/Roaming_Windows_User_Profiles But not the 'posix' part.> > [Users] > ??????? path = /HOME/Users > ??????? read only = No > ??????? force create mode = 0600 > ??????? force directory mode = 0700 > ??????? map acl inherit = yesAgain no, you cannot use the 'force' lines etc on a DC Rowland