Displaying 20 results from an estimated 3000 matches similar to: "client min protocol = SMB2"
2019 Jul 22
5
client min protocol = SMB2
I did not set max protocol to SMB2 in smb.cnf, I don't want to force
SMB2 selection if SMB3 can be used by a client.
The machine is a Windows 7, so is SMB2 compliant.
Le 22/07/2019 ? 11:44, Gaiseric Vandal via samba a ?crit?:
> I would guess that changing the min protocol does not affect existing
> connections unless you were to restart samba.
>
> Is the max protocol set to at
2019 Jul 17
2
Name of the share in windows explorer
Hello,
My samba share is on a Linux Centos 7, samba version 4.8.3. Please find
here is my smb.cnf :
[global]
??? security = ads
??? realm = MYDOMAIN.MYDOMAIN.LOCAL
??? workgroup = MYDOMAIN
??? kerberos method = secrets and keytab
??? server signing = mandatory
??? client signing = mandatory
??? hosts allow = 127. 10.x.x. 10.x.x.
??? hosts deny = 10.x.x. 10.x.x.
??? log file =
2019 Jun 19
2
Fwd: Re: Fwd: Re: Fwd: Re: Kerberos and NTLMv2 authentication
The 2 commands works :
# getent passwd MYDOMAIN\\usertest
MYDOMAIN\\usertest:*:10430:14513:user TEST:/home/usertest:/bin/bash
# getent group MYDOMAIN\\"Utilisateurs du domaine"
MYDOMAIN\utilisateurs du domaine:x:14513:
I have to put "Utilisateurs du domaine" instead of Domain\ Users because
the Windows AD is a french AD.
Le 19/06/2019 ? 12:32, Rowland penny via samba a
2019 Jul 22
3
client min protocol = SMB2
Hello,
Thank you !
I add server min protocol = SMB2_02 to smb.cnf
All clients are now using SMB2_10 as minimum protocol version
May you indicate me the difference between "client min protocol" and
"server min protocol" ?
"server min protocol" is to use on a domain member
"client min protocol" is to use in which case ?
Should I also set client min
2019 Jul 17
2
Name of the share in windows explorer
Dear Samba Users,
I set 2 samba shares :
1. with the name [groups]
/pathtomyshare/groups
2. for each domain users [homes]
/home
In Windows, I can see with the windows explorer my shares :
groups (\\myserver) (V:)
mydomainuser (\\myserver\homes) (U:)
Why for [groups] is only indicated \\myserver and for [homes] is
indicated \\myserver\homes ?
Is there a way to change it ? I would only show
2019 Jun 17
2
Fwd: Re: Kerberos and NTLMv2 authentication
On 17/06/2019 12:56, Edouard Guign? via samba wrote:
> Hello,
>
> May you answer me about my issue with kerberos ?
>
> About libpam-krb5 installed, I have on my system :
> yum list krb5-workstation pam_krb5
> krb5-workstation.x86_64 1.15.1-37.el7_6 @updates
> pam_krb5.x86_64 2.4.8-6.el7 @base
>
> Is pam_krb5 equivalent to libpam-krb5 on centos 7 ?
Sorry for the late
2019 Jun 19
2
Fwd: Re: Fwd: Re: Fwd: Re: Kerberos and NTLMv2 authentication
So I re run the test with domain users gid 14513
Still not working (sssd stopped, nsswitch.cnf with? "files winbind" for
passwd group, # net cache flush + restart winbindd smb)
On the samba server :
# wbinfo -i MYDOMAIN\usertest
MYDOMAIN\usertest:*:10430:*14513*:user TEST:/home/usertest:/bin/bash
In log, I have :
myw7worstation.log
/[2019/06/19 12:04:29.496822,? 1]
2019 Jun 17
2
Fwd: Re: Kerberos and NTLMv2 authentication
On 17/06/2019 13:42, Edouard Guign? via samba wrote:
> Hello,
>
> Please find here the content of my smb.cnf :
>
> [global]
> ??????? security = ads
> ??????? realm = MYDOMAIN.LOCAL
> ??????? workgroup = MYDOMAIN
> ??????? kerberos method = secrets and keytab
> ??????? server signing = mandatory
> ??????? client signing = mandatory
>
> ??????? hosts allow =
2019 Jun 19
2
Fwd: Re: Fwd: Re: Fwd: Re: Kerberos and NTLMv2 authentication
Hello,
I performed a test in order to get access to my samba share with
winbindd (and not sssd).
For that,
1. I change the gid of domain users from 513 to 15513 (to match with the
domain range 10000 - 14999)
And verify my test user is part of 15513
2. Stop sssd and change nsswitch.conf like this :
/passwd:???? files winbind//
//shadow:???? files//
//group:????? files //winbind//
/
3.
2020 Apr 28
3
Service Winbind stopped, what could be the reason ?
Dear Rowland,
Please find a dump of smb.conf and resolv.conf of my centos 7 server :
# testparm
Load smb config files from /etc/samba/smb.conf
Loaded services file OK.
Server role: ROLE_DOMAIN_MEMBER
Press enter to see a dump of your service definitions
# Global parameters
[global]
client min protocol = SMB2
client signing = required
disable spoolss = Yes
domain
2019 Jun 18
2
Fwd: Re: Fwd: Re: Fwd: Re: Kerberos and NTLMv2 authentication
Is it possible to make start DOMAIN range from 500 instead of 10000 ?
I realized that all my gid are in range 500 to 600 and not in range
10000 - 14999
I thought? DOMAIN range 10000 - 14999 was reserved for DOMAIN users
-------- Message transf?r? --------
Sujet?: Re: [Samba] Fwd: Re: Fwd: Re: Kerberos and NTLMv2 authentication
Date?: Tue, 18 Jun 2019 16:25:39 -0300
De?: Edouard Guign? via
2018 Dec 10
2
Fwd: Extended acls with AD - problem with default/herited permissions
Edouard,
These are the 4 available parameters containing the word "inherit".
inherit acls (S)
inherit owner (S)
inherit permissions (S)
map acl inherit (S)
Would "inherit acls" work for you?
Dale
On 12/10/18 10:56 AM, Edouard Guigné via samba wrote:
> Hello,
>
> I add to my previous mail, the only way i found to disable acl
2019 Jun 18
4
Fwd: Re: Fwd: Re: Kerberos and NTLMv2 authentication
Hello,
On my system, nssswitch is like this :
passwd:???? files sss
shadow:???? files sss
group:????? files sss
So I assumed that it works with SSSD, I do not notice any issue with Samba.
My share is accessible, permissions acls are working.
The only thing I noticed is maybe NTLMv2 is always used by default with
Samba.
/[2019/06/18 09:51:44.542476,? 3]
2018 Dec 10
2
Fwd: Re: Fwd: Extended acls with AD - problem with default/herited permissions
Hello Dale,
Set inherit acls = yes locally to my share groups, and remove map acl
inherit = yes from global parameters of smb.conf does not solve my issue.
I still have acl "Domain Users" added to new folders/files.
As i write in my previous email, the only way i found to disable acl
"Domain Users" to be added was with :
inherit owner = yes
With some disavantages for users
2018 Dec 10
2
Extended acls with AD - problem with default/herited permissions
Hello,
I set a share on a samba 4.7.1 as domain member with an Active Directory
controler, this share is used by all domain users.
All users from the AD domain have a primary group "Domain Users", and
secondary groups to filter access on the folders of the share.
I noticed that when a user create a sub-folder/file inside a "Top
folder", the default permissions from the
2020 Apr 28
2
Service Winbind stopped, what could be the reason ?
Hello dear Samba users,
I recently faced an issue with samba (4.10.4) and winbind.
The winbind service was stopped, so no user can acces to my samba share.
I restart the winbind service, and all users can access to the share as usually...
But I would like to understand why this issue occured.
My samba server is a centos 7 linux, configured as domain member to a microsoft AD (windows server
2019 Apr 10
2
Ressources needed (cpus, ram, etc.) for a Samba server
Dear Samba Users,
I am preparing a Samba box as standalone server (only files server,
centos 7).
This Samba box is a domain member server, and is dedicaded to serve
files to about 80 domain users.
I am wondering if there are some special requirements for this purpose
in terms of CPUs, Memory ?
The Samba box is a Vmware virtual machine, so I can easely configure this.
I noticed also in some
2019 Jul 24
2
audit logging
Hello,
I have set up audit logging and I find many entries of this type :
./auth/auth_log.c:760(log_authentication_event_human_readable) Auth: [SMB2,(null)] user [MYDOMAIN]\[MYWORKSTATION$] at [mar., 23 juil. 2019 07:49:43.486619 -03] with [NTLMv2] status [NT_STATUS_NO_SUCH_USER] workstation [MYWORKSTATION] remote host [ipv4:10.x.x.x:49472] mapped to [MYDOMAIN]\[MYWORKSTATION$]. local host
2019 Jun 18
3
Fwd: Re: Fwd: Re: Kerberos and NTLMv2 authentication
On 18/06/2019 19:49, Edouard Guign? via samba wrote:
> ?gidNumber for 'Domain Users' is 513
>
> not in range? '10000-14999' of uidNumber
>
> Is it a problem ?
Oh yes, ALL user uidNumber's and Domain Users gidNumber MUST be inside
the DOMAIN range you set in smb.conf, if they aren't, all your users
WILL be ignored by Samba.
Find the next available
2020 Apr 28
1
Service Winbind stopped, what could be the reason ?
Hello,
Thank you Rowland,
Yes, I wanted to anonymize smb.conf and missed to change IPGAD in MYAD on some lines, sorry
Does "winbind nss info = rfc2307" is not used anymore, because of "idmap config ipgad : schema_mode = rfc2307" ?
Best Regards,
Ed
----- Mail original -----
De: "sambalist" <samba at lists.samba.org>
?: "sambalist" <samba at