Luca Bertoncello
2021-Aug-25 11:11 UTC
[Samba] Problem connecting Samba and Windows Active Directory
Hi Rowland, the AD Servers are Windows Server 2019. And I didn't realized that "disable netbios = yes" turns off wins... I tried commenting the line and restarting Samba and winbind, but it still does not work... Any other idea? Thanks Luca -----Urspr?ngliche Nachricht----- Von: samba <samba-bounces at lists.samba.org> Im Auftrag von Rowland Penny via samba Gesendet: Mittwoch, 25. August 2021 13:07 An: samba at lists.samba.org Betreff: Re: [Samba] Problem connecting Samba and Windows Active Directory I should also have asked what your AD server is ? Do you realise that with 'disable netbios = yes' in your smb.conf, you have turned off wins ? More to follow when I find out what your DC is. Rowland -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Rowland Penny
2021-Aug-25 11:25 UTC
[Samba] Problem connecting Samba and Windows Active Directory
On Wed, 2021-08-25 at 11:11 +0000, Luca Bertoncello via samba wrote:> Hi Rowland, > > the AD Servers are Windows Server 2019. > > And I didn't realized that "disable netbios = yes" turns off wins... > I tried commenting the line and restarting Samba and winbind, but it > still does not work... >Then you don't need wins at all and really shouldn't be using it, AD relies on dns not wins. Try this smb.conf: [global] workgroup = AD-QUEO-ORG realm = AD.QUEO.ORG security = ADS server string = NAS Mediaserver interfaces = lo, eno1 bind interfaces only = yes log file = /var/log/samba/log.%m log level = 1 deadtime = 15 disable netbios = yes kernel share modes = no posix locking = no strict locking = no use sendfile = yes async smb echo handler = yes host msdfs = no csc policy = disable case sensitive = yes mangled names = no hide unreadable = yes hide files = /lost+found/ hide dot files = no veto files /.DS_Store/._.DS_Store/._.TemporaryItems/.TemporaryItems/Thumbs.db/ delete veto files = yes kerberos method = system keytab map to guest = Bad User create krb5 conf = no acl map full control = no idmap config * : range = 2000-10000 idmap config AD-QUEO-ORG : backend = ad idmap config AD-QUEO-ORG : range = 200000-1000200000 idmap config AD-QUEO-ORG : unix_primary_group = yes idmap config AD-QUEO-ORG : schema_mode = rfc2307 idmap config AD-QUEO-ORG : unix_nss_info = yes winbind cache time = 600 winbind refresh tickets = yes winbind use default domain = true load printers = No disable spoolss = yes printing = bsd printcap name = /dev/null template homedir = /home/%U template shell = /bin/bash [queo.communication] comment = Media Share path = /srv/hdd-mirror1/media-share/queo.communication valid users = "@AD-QUEO-ORG\Funktion - Zugriff Netzwerkfreigaben" force user = mediashare force group = mediashare read only = No directory mask = 0755 force directory mode = 0755 create mask = 0644 force create mode = 0644 vfs objects = shadow_copy2 shadow:snapdir = .zfs/snapshot shadow:sort = desc shadow: format = -%Y-%m-%d-%H%M shadow: snapprefix = ^zfs-auto- snap_\(frequent\)\{0,1\}\(hourly\)\{0,1\}\(daily\)\{0,1\}\(monthly\)\{0 ,1\} shadow: delimiter = -20 That will ensure that you will be using SMBv2/SMBv3 that your DC expects. Rowland