On Wed, 2022-06-08 at 16:23 +0200, Jeremy Guasco via samba
wrote:>
>
> Here is the testparm -s :
>
> Load smb config files from /etc/samba/smb.conf
> lpcfg_do_global_parameter: WARNING: The "server schannel" option
is
> deprecated
> Loaded services file OK.
> Weak crypto is allowed
>
> Server role: ROLE_ACTIVE_DIRECTORY_DC
>
> # Global parameters
> [global]
> check password script = /usr/local/bin/crackcheck -c -d
> /var/cache/cracklib/cracklib_dict
> disable netbios = Yes
> disable spoolss = Yes
> dns forwarder = 192.168.0.1
> ldap server require strong auth = No
> load printers = No
> log file = /var/log/samba/samba.log
> max log size = 50000
> ntlm auth = mschapv2-and-ntlmv2-only
> passdb backend = samba_dsdb
> printcap name = /dev/null
> realm = CORP.XXX.COM
> restrict anonymous = 2
> server role = active directory domain controller
> server schannel = Auto
> smb ports = 445
> wins support = Yes
> workgroup = SAMBA
> rpc_server:tcpip = no
> rpc_daemon:spoolssd = embedded
> rpc_server:spoolss = embedded
> rpc_server:winreg = embedded
> rpc_server:ntsvcs = embedded
> rpc_server:eventlog = embedded
> rpc_server:srvsvc = embedded
> rpc_server:svcctl = embedded
> rpc_server:default = external
> winbindd:use external pipes = true
> idmap_ldb:use rfc2307 = yes
> server role check:inhibit = yes
> idmap config * : backend = tdb
> map archive = No
> printing = bsd
> vfs objects = dfs_samba4 acl_xattr
You never said it was a DC :-)
Why have you added the extra lines if you are not using it as a
fileserver ?
Also you do not turn off netbios on a DC by adding 'disable netbios',
you need to remove 'nbt' from the server services line by adding
'server services = -nbt'. If do turn off netbios, there is no point in
having 'wins support = Yes', you need netbios for wins.
Rowland