>Your join looks successful to me. The dns update error isn't a major issue (which you've already resolved, you say). What do you mean by "can't access to my> member anymore"? Can you be more specific about what is happening?With smbclient [root at dm Cerruti]# smbclient -L dm Password for [Administrator at LXCERRUTI.COM]: gse_get_client_auth_token: gss_init_sec_context failed with [ Miscellaneous failure (see text): TGT has been revoked (cifs/dm at LXCERRUTI.COM)](2529638932) gensec_spnego_client_negTokenInit_step: gse_krb5: creating NEG_TOKEN_INIT for cifs/dm failed (next[(null)]): NT_STATUS_LOGON_FAILURE Anonymous login successful Sharename Type Comment --------- ---- ------- Vol1 Disk Home Directory per ogni User TexC Disk TexC per controlli finali MagFil Disk Share per Magazzino Filati LFC Disk Share per Outlet McLFC Disk Share per gestione Outlet Osra Disk Share per ufficio Paghe IPC$ IPC IPC Service (Samba Member - Versione 4.17.3) Reconnecting with SMB1 for workgroup listing. gse_get_client_auth_token: gss_init_sec_context failed with [ Miscellaneous failure (see text): TGT has been revoked (cifs/dm at LXCERRUTI.COM)](2529638932) gensec_spnego_client_negTokenInit_step: gse_krb5: creating NEG_TOKEN_INIT for cifs/dm failed (next[(null)]): NT_STATUS_LOGON_FAILURE Anonymous login successful Server Comment --------- ------- DM Samba Member - Versione 4.17.3 SRVPAGHE Workgroup Master --------- ------- LXCERRUTI SRVPAGHE This is my smb.conf [global] client min protocol = NT1 dns update command = /usr/local/samba/sbin/samba_dnsupdate --use-samba-tool log file = /var/log/samba/message.log log level = 1 max log size = 1000 ntlm auth = ntlmv1-permitted os level = 250 realm = LXCERRUTI.COM security = ADS server min protocol = NT1 server role = member server server string = Samba Member - Versione %v username map = /usr/local/samba/etc/user.map winbind offline logon = Yes winbind use default domain = Yes workgroup = LXCERRUTI idmap config * : range = 9000-17999 idmap config lxcerruti : backend = ad idmap config lxcerruti : range = 500-7999 idmap config lxcerruti : schema_mode = rfc2307 idmap config lxcerruti : unix_nss_info = yes idmap config lxcerruti : unix_primary_group = yes acl allow execute always = Yes [Vol1] admin users = @g_admin comment = Home Directory per ogni User create mask = 0777 directory mask = 0777 hide unreadable = Yes path = /Cerruti read only = No vfs objects = recycle recycle:repository = .recycle/%U recycle:touch = yes recycle:keeptree = yes recycle:versions = yes recycle:exclude = *.tmp *.ldb *.temp ~$* *.LCK *.dmp recycle:maxsize = 500000000 Corrado Ravinetto Sistemi informativi corrado.ravinetto at lanificiocerruti.com <mailto:corrado.ravinetto at lanificiocerruti.com> T: +39 015 3591283 [Lanificio F.lli CERRUTI] Lanificio F.lli Cerruti S.p.A. Via Cernaia 40, 13900 - Biella (BI) Italy www.lanificiocerruti.com <http://www.lanificiocerruti.com/> [Twitter] <https://twitter.com/Lan_Cerruti> [Facebook] <https://www.facebook.com/LanificioCerruti> [Instagram] <https://www.instagram.com/lanificiocerruti/> Rispetta l'ambiente, non stampare questa mail se non necessario Respect the environment, don't print unless necessary [Unesco]
On 12/13/22 8:22 AM, Corrado Ravinetto wrote:> With smbclient > > [root at dm Cerruti]# smbclient -L dm > Password for [Administrator at LXCERRUTI.COM]: > gse_get_client_auth_token: gss_init_sec_context failed with [ Miscellaneous failure (see text): TGT has been revoked (cifs/dm at LXCERRUTI.COM)](2529638932) > gensec_spnego_client_negTokenInit_step: gse_krb5: creating NEG_TOKEN_INIT for cifs/dm failed (next[(null)]): NT_STATUS_LOGON_FAILURE > Anonymous login successfulAre you joined to a Windows domain? I wonder if this is the PacRequestorEnforcement issue. -- David Mulder Labs Software Engineer, Samba SUSE 1221 S Valley Grove Way, Suite 500 Pleasant Grove, UT 84062 (P)+1 385.208.2989 dmulder at suse.com http://www.suse.com
On 13/12/2022 15:22, Corrado Ravinetto via samba wrote:> >> Your join looks successful to me. The dns update error isn't a major issue (which you've already resolved, you say). What do you mean by "can't access to my > >> member anymore"? Can you be more specific about what is happening? > > > With smbclient > > [root at dm Cerruti]# smbclient -L dm > Password for [Administrator at LXCERRUTI.COM]: > gse_get_client_auth_token: gss_init_sec_context failed with [ Miscellaneous failure (see text): TGT has been revoked (cifs/dm at LXCERRUTI.COM)](2529638932) > gensec_spnego_client_negTokenInit_step: gse_krb5: creating NEG_TOKEN_INIT for cifs/dm failed (next[(null)]): NT_STATUS_LOGON_FAILURE > Anonymous login successful > > Sharename Type Comment > --------- ---- ------- > Vol1 Disk Home Directory per ogni User > TexC Disk TexC per controlli finali > MagFil Disk Share per Magazzino Filati > LFC Disk Share per Outlet > McLFC Disk Share per gestione Outlet > Osra Disk Share per ufficio Paghe > IPC$ IPC IPC Service (Samba Member - Versione 4.17.3) > Reconnecting with SMB1 for workgroup listing. > gse_get_client_auth_token: gss_init_sec_context failed with [ Miscellaneous failure (see text): TGT has been revoked (cifs/dm at LXCERRUTI.COM)](2529638932) > gensec_spnego_client_negTokenInit_step: gse_krb5: creating NEG_TOKEN_INIT for cifs/dm failed (next[(null)]): NT_STATUS_LOGON_FAILURE > Anonymous login successful > > Server Comment > --------- ------- > DM Samba Member - Versione 4.17.3 > SRVPAGHE > > Workgroup Master > --------- ------- > LXCERRUTI SRVPAGHE > > > This is my smb.conf > > [global] > client min protocol = NT1 > dns update command = /usr/local/samba/sbin/samba_dnsupdate --use-samba-tool > log file = /var/log/samba/message.log > log level = 1 > max log size = 1000 > ntlm auth = ntlmv1-permitted > os level = 250 > realm = LXCERRUTI.COM > security = ADS > server min protocol = NT1 > server role = member server > server string = Samba Member - Versione %v > username map = /usr/local/samba/etc/user.mapWhy is your user.map in a place that suggest you compiled Samba yourself, but the logfile doesn't ?> winbind offline logon = Yes > winbind use default domain = Yes > workgroup = LXCERRUTI > idmap config * : range = 9000-17999 > idmap config lxcerruti : backend = ad > idmap config lxcerruti : range = 500-7999 > idmap config lxcerruti : schema_mode = rfc2307 > idmap config lxcerruti : unix_nss_info = yes > idmap config lxcerruti : unix_primary_group = yes > acl allow execute always = YesHave you some reason for using SMBv1 ? Also, why are you using such strange ranges for the idmap config lines ?> > [Vol1] > admin users = @g_admin > comment = Home Directory per ogni User > create mask = 0777 > directory mask = 0777 > hide unreadable = Yes > path = /Cerruti > read only = NoCan I ask you to read 'man vfs_acl_xattr' and then set up your smb.conf correctly, you are still using the old way of doing things Rowland