similar to: client min protocol = SMB2

I did not set max protocol to SMB2 in smb.cnf, I don't want to force SMB2 selection if SMB3 can be used by a client. The machine is a Windows 7, so is SMB2 compliant. Le 22/07/2019 ? 11:44, Gaiseric Vandal via samba a ?crit?: > I would guess that changing the min protocol does not affect existing > connections unless you were to restart samba. > > Is the max protocol set to at

Hello, My samba share is on a Linux Centos 7, samba version 4.8.3. Please find here is my smb.cnf : [global] ??? security = ads ??? realm = MYDOMAIN.MYDOMAIN.LOCAL ??? workgroup = MYDOMAIN ??? kerberos method = secrets and keytab ??? server signing = mandatory ??? client signing = mandatory ??? hosts allow = 127. 10.x.x. 10.x.x. ??? hosts deny = 10.x.x. 10.x.x. ??? log file =

The 2 commands works : # getent passwd MYDOMAIN\\usertest MYDOMAIN\\usertest:*:10430:14513:user TEST:/home/usertest:/bin/bash # getent group MYDOMAIN\\"Utilisateurs du domaine" MYDOMAIN\utilisateurs du domaine:x:14513: I have to put "Utilisateurs du domaine" instead of Domain\ Users because the Windows AD is a french AD. Le 19/06/2019 ? 12:32, Rowland penny via samba a

Hello, Thank you ! I add server min protocol = SMB2_02 to smb.cnf All clients are now using SMB2_10 as minimum protocol version May you indicate me the difference between "client min protocol" and "server min protocol" ? "server min protocol" is to use on a domain member "client min protocol" is to use in which case ? Should I also set client min

Dear Samba Users, I set 2 samba shares : 1. with the name [groups] /pathtomyshare/groups 2. for each domain users [homes] /home In Windows, I can see with the windows explorer my shares : groups (\\myserver) (V:) mydomainuser (\\myserver\homes) (U:) Why for [groups] is only indicated \\myserver and for [homes] is indicated \\myserver\homes ? Is there a way to change it ? I would only show

On 17/06/2019 12:56, Edouard Guign? via samba wrote: > Hello, > > May you answer me about my issue with kerberos ? > > About libpam-krb5 installed, I have on my system : > yum list krb5-workstation pam_krb5 > krb5-workstation.x86_64 1.15.1-37.el7_6 @updates > pam_krb5.x86_64 2.4.8-6.el7 @base > > Is pam_krb5 equivalent to libpam-krb5 on centos 7 ? Sorry for the late

So I re run the test with domain users gid 14513 Still not working (sssd stopped, nsswitch.cnf with? "files winbind" for passwd group, # net cache flush + restart winbindd smb) On the samba server : # wbinfo -i MYDOMAIN\usertest MYDOMAIN\usertest:*:10430:*14513*:user TEST:/home/usertest:/bin/bash In log, I have : myw7worstation.log /[2019/06/19 12:04:29.496822,? 1]

On 17/06/2019 13:42, Edouard Guign? via samba wrote: > Hello, > > Please find here the content of my smb.cnf : > > [global] > ??????? security = ads > ??????? realm = MYDOMAIN.LOCAL > ??????? workgroup = MYDOMAIN > ??????? kerberos method = secrets and keytab > ??????? server signing = mandatory > ??????? client signing = mandatory > > ??????? hosts allow =

Hello, I performed a test in order to get access to my samba share with winbindd (and not sssd). For that, 1. I change the gid of domain users from 513 to 15513 (to match with the domain range 10000 - 14999) And verify my test user is part of 15513 2. Stop sssd and change nsswitch.conf like this : /passwd:???? files winbind// //shadow:???? files// //group:????? files //winbind// / 3.

Dear Rowland, Please find a dump of smb.conf and resolv.conf of my centos 7 server : # testparm Load smb config files from /etc/samba/smb.conf Loaded services file OK. Server role: ROLE_DOMAIN_MEMBER Press enter to see a dump of your service definitions # Global parameters [global] client min protocol = SMB2 client signing = required disable spoolss = Yes domain

Is it possible to make start DOMAIN range from 500 instead of 10000 ? I realized that all my gid are in range 500 to 600 and not in range 10000 - 14999 I thought? DOMAIN range 10000 - 14999 was reserved for DOMAIN users -------- Message transf?r? -------- Sujet?: Re: [Samba] Fwd: Re: Fwd: Re: Kerberos and NTLMv2 authentication Date?: Tue, 18 Jun 2019 16:25:39 -0300 De?: Edouard Guign? via

Edouard, These are the 4 available parameters containing the word "inherit". inherit acls (S) inherit owner (S) inherit permissions (S) map acl inherit (S) Would "inherit acls" work for you? Dale On 12/10/18 10:56 AM, Edouard Guigné via samba wrote: > Hello, > > I add to my previous mail, the only way i found to disable acl

Hello, On my system, nssswitch is like this : passwd:???? files sss shadow:???? files sss group:????? files sss So I assumed that it works with SSSD, I do not notice any issue with Samba. My share is accessible, permissions acls are working. The only thing I noticed is maybe NTLMv2 is always used by default with Samba. /[2019/06/18 09:51:44.542476,? 3]

Hello Dale, Set inherit acls = yes locally to my share groups, and remove map acl inherit = yes from global parameters of smb.conf does not solve my issue. I still have acl "Domain Users" added to new folders/files. As i write in my previous email, the only way i found to disable acl "Domain Users" to be added was with : inherit owner = yes With some disavantages for users

Hello, I set a share on a samba 4.7.1 as domain member with an Active Directory controler, this share is used by all domain users. All users from the AD domain have a primary group "Domain Users", and secondary groups to filter access on the folders of the share. I noticed that when a user create a sub-folder/file inside a "Top folder", the default permissions from the

Hello dear Samba users, I recently faced an issue with samba (4.10.4) and winbind. The winbind service was stopped, so no user can acces to my samba share. I restart the winbind service, and all users can access to the share as usually... But I would like to understand why this issue occured. My samba server is a centos 7 linux, configured as domain member to a microsoft AD (windows server

Dear Samba Users, I am preparing a Samba box as standalone server (only files server, centos 7). This Samba box is a domain member server, and is dedicaded to serve files to about 80 domain users. I am wondering if there are some special requirements for this purpose in terms of CPUs, Memory ? The Samba box is a Vmware virtual machine, so I can easely configure this. I noticed also in some

Hello, I have set up audit logging and I find many entries of this type : ./auth/auth_log.c:760(log_authentication_event_human_readable) Auth: [SMB2,(null)] user [MYDOMAIN]\[MYWORKSTATION$] at [mar., 23 juil. 2019 07:49:43.486619 -03] with [NTLMv2] status [NT_STATUS_NO_SUCH_USER] workstation [MYWORKSTATION] remote host [ipv4:10.x.x.x:49472] mapped to [MYDOMAIN]\[MYWORKSTATION$]. local host

On 18/06/2019 19:49, Edouard Guign? via samba wrote: > ?gidNumber for 'Domain Users' is 513 > > not in range? '10000-14999' of uidNumber > > Is it a problem ? Oh yes, ALL user uidNumber's and Domain Users gidNumber MUST be inside the DOMAIN range you set in smb.conf, if they aren't, all your users WILL be ignored by Samba. Find the next available

Hello, Thank you Rowland, Yes, I wanted to anonymize smb.conf and missed to change IPGAD in MYAD on some lines, sorry Does "winbind nss info = rfc2307" is not used anymore, because of "idmap config ipgad : schema_mode = rfc2307" ? Best Regards, Ed ----- Mail original ----- De: "sambalist" <samba at lists.samba.org> ?: "sambalist" <samba at