Rowland Penny
2023-Dec-12 17:15 UTC
[Samba] samba fails to connect to windows file share joined to domain
On Tue, 12 Dec 2023 09:46:51 -0700 jacek burghardt via samba <samba at lists.samba.org> wrote:> I am using arch linux > This is my fstab entry using cred for windows domain user > > //winnas/radio /radio cifs > credentials=/etc/samba/credentials/radiorec,vers=2.0,uid=1000,gid=1000,iocharset=utf8,sec=krb5i,nofail > 0 0 > > I run hardening kitty scripts .Can you provide a link to those scripts ?> > Windows and osx clients can mount the shares but linux has an issue. > > > [global] > > netbios name = radiorec > > socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384 > winbind sealed pipes = false > require strong key = false > winbind sealed pipes:HEBE = true > require strong key:HEBE = true > lanman auth = no > ntlm auth = yes > ntlm auth = mschapv2-and-ntlmv2-only > client signing = auto > server signing = auto > winbind enum users = yes > winbind gid = 10000-20000 > workgroup = hebe > os level = 20 > winbind enum groups = yes > password server = den-dc01.hebe.us > preferred master = no > winbind separator = + > max log size = 50 > log file = /var/log/samba/log.%m > dns proxy = no > realm = hebe.us > security = ADS > wins server = 192.168.1.8 > wins proxy = no > client signing = auto > server signing = auto > domain master = auto > server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, > drepl, winbindd, ntp_signd, kcc, dnsupdate > idmap_ldb:use rfc2307 = yes > ldap server require strong auth = No > idmap config * : backend = tdb > idmap config * : range = 10000-20000 > winbind use default domain = Yes > winbind enum users = Yes > winbind enum groups = Yes > winbind nested groups = Yes > winbind separator = + > winbind refresh tickets = yes > winbind offline logon = yes > winbind cache time = 300 > template shell = /bin/bash > template homedir = /home/%D/%U > inherit acls = Yes > map acl inherit = Yes > acl group control = yes > load printers = no > debug level = 3 > use sendfile = no > vfs objects = acl_xattr shadow_copy2 > > [sysvol] > path = /usr/share/samba/sysvol > read only = No > > [netlogon] >To be honest, I am surprised anything can mount the shares (which you haven't provided), but I am more worried about your smb.conf, it appears to be partially for a Unix domain member (but not complete), the other part appears to be for a DC, but again not complete, what do you think it is ? Rowland
jacek burghardt
2023-Dec-12 17:41 UTC
[Samba] samba fails to connect to windows file share joined to domain
Sorry if I am not clear. I am using windows server as my file server. I can moun the shares from windows server 2022 on osx and windows. I had file share from linux that was working but is powered down. I moved to windows os for multimedia server. I need to rewrite my config file . On Tue, Dec 12, 2023 at 10:16?AM Rowland Penny via samba < samba at lists.samba.org> wrote:> On Tue, 12 Dec 2023 09:46:51 -0700 > jacek burghardt via samba <samba at lists.samba.org> wrote: > > > I am using arch linux > > This is my fstab entry using cred for windows domain user > > > > //winnas/radio /radio cifs > > > credentials=/etc/samba/credentials/radiorec,vers=2.0,uid=1000,gid=1000,iocharset=utf8,sec=krb5i,nofail > > 0 0 > > > > I run hardening kitty scripts . > > Can you provide a link to those scripts ? > > > > > Windows and osx clients can mount the shares but linux has an issue. > > > > > > [global] > > > > netbios name = radiorec > > > > socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384 > > winbind sealed pipes = false > > require strong key = false > > winbind sealed pipes:HEBE = true > > require strong key:HEBE = true > > lanman auth = no > > ntlm auth = yes > > ntlm auth = mschapv2-and-ntlmv2-only > > client signing = auto > > server signing = auto > > winbind enum users = yes > > winbind gid = 10000-20000 > > workgroup = hebe > > os level = 20 > > winbind enum groups = yes > > password server = den-dc01.hebe.us > > preferred master = no > > winbind separator = + > > max log size = 50 > > log file = /var/log/samba/log.%m > > dns proxy = no > > realm = hebe.us > > security = ADS > > wins server = 192.168.1.8 > > wins proxy = no > > client signing = auto > > server signing = auto > > domain master = auto > > server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, > > drepl, winbindd, ntp_signd, kcc, dnsupdate > > idmap_ldb:use rfc2307 = yes > > ldap server require strong auth = No > > idmap config * : backend = tdb > > idmap config * : range = 10000-20000 > > winbind use default domain = Yes > > winbind enum users = Yes > > winbind enum groups = Yes > > winbind nested groups = Yes > > winbind separator = + > > winbind refresh tickets = yes > > winbind offline logon = yes > > winbind cache time = 300 > > template shell = /bin/bash > > template homedir = /home/%D/%U > > inherit acls = Yes > > map acl inherit = Yes > > acl group control = yes > > load printers = no > > debug level = 3 > > use sendfile = no > > vfs objects = acl_xattr shadow_copy2 > > > > [sysvol] > > path = /usr/share/samba/sysvol > > read only = No > > > > [netlogon] > > > > To be honest, I am surprised anything can mount the shares (which you > haven't provided), but I am more worried about your smb.conf, it > appears to be partially for a Unix domain member (but not complete), > the other part appears to be for a DC, but again not complete, what do > you think it is ? > > Rowland > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >