/etc/resolv.conf (Both DC's (windows) listed)
domain ho-pla.se
search ho-pla.se
nameserver 10.0.2.10
nameserver 10.0.2.64
/etc/krb5.conf
[libdefaults]
dns_lookup_realm = false
dns_lookup_kdc = true
default_realm = HO-PLA.SE
On Tue, Aug 6, 2024 at 9:01?PM Luis Peromarta via samba
<samba at lists.samba.org> wrote:>
> What?s the content of krb conf file and resolv.conf?
>
> Your smb.conf file looks good and tidy to me.
> On 6 Aug 2024 at 20:42 +0200, Anders ?stling via samba <samba at
lists.samba.org>, wrote:
> > Hello
> > I have an older Debian 11 with Samba 4.13 as domain member serving som
> > industrial systems with files.
> > Today I decided to upgrade both Debian (to 12) and Samba (to 4.17 and
> > then 4.20). The upgrade using the backport repo worked after some
> > extra steps. Som dependencies had to be installed separately (winbind
> > and samba-common-bin) before the main samba package was installed. So
> > far so good. The services started up correctly after a reboot.
> >
> > When I tested the first client, I was unable to connect to any of the
> > shares on the server. The error message on the client side was Access
> > Denied and in the server's client machine and winbind logs I found
> > repeated "Failed to find a local account DOMAIN\username. The
domain
> > was of course correct as was the username, same as before the upgrade
> > process.
> >
> > The server is a virtual machine so I made a copy of the Deb 12/Samba
> > 4.20 and restored the saved VM files. After a restart of Deb 11/Samba
> > 4.13, the clients was able to connect to the shares again. I did not
> > change anything in the smb.conf file, so this may or may not be the
> > reason for the failure.
> >
> > Here is my samba config (masked domain)
> >
> > [global]
> > security = ADS
> > workgroup = HPXX
> > realm = HO-PLAT.SE
> > server role = member server
> > log file = /var/log/samba/%m.log
> > log level = 2 winbind:5
> > bind interfaces only = yes
> > interfaces = lo enp1s0
> >
> > # Needed due to the ancient industrial system with Linux/Samba 3.x
> >
> > client min protocol = NT1
> > server min protocol = NT1
> >
> > winbind use default domain = yes
> >
> > winbind enum users = yes
> > winbind enum groups = yes
> >
> > username map = /etc/samba/user.map
> > min domain uid = 0
> >
> > winbind refresh tickets = Yes
> > dedicated keytab file = /etc/krb5.keytab
> > kerberos method = secrets and keytab
> >
> > vfs objects = acl_xattr
> > map acl inherit = yes
> > acl_xattr:ignore system acls = yes
> >
> > idmap config * : backend = tdb
> > idmap config * : range = 3000-7999
> >
> > idmap config HPXX: backend = rid
> > idmap config HPXX : range = 10000-999999
> >
> > [bock]
> > path = /data/BOCK2
> > read only = no
> > hide unreadable = yes
> >
> > [laser]
> > path = /data/LASER
> > read only = no
> > hide unreadable = yes
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
--
------ -------------------- 8 ------------------ ------
"A wise man once told me - Any idiot can do backups, but it takes a
genius to successfully restore"
Anders ?stling
+46 768 716 165 (Mobil)