Web lists-archives.com

Re: [Samba] problem with sessions

On Thu, 2 Mar 2017 12:40:46 +0100
Tony Peña <emperor.cu@xxxxxxxxx> wrote:

> so, i can't set browseable = No because the users need to be see the
> shares on the server, else them turn crazy

I never said to set it to 'no', I pointed out that what you had is the
default and as such, it doesn't need to be set.

> Ok i restart samba-ad-dc with this settings
> shares.conf
> 47 shares like
> [FooBar]
>     comment = FooBar
>     path = /home/samba/shares/foobar
>     browseable = Yes    # users need to browse the network because
> them working in this way for many years.

'YES' is the default so you don't need it

>     read only = No
>     force create mode = 0660
>     force directory mode = 0660

This doesn't work on a DC, read the wiki pages I pointed you to!

>     vfs objects = acl_xattr full_audit

'acl_xattr' is built into Samba when running as a DC, so it shouldn't be
set here.

> all bind files

OK, these are my bind conf files and I have been using them for the
last 5 years without problems ;-)


include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";


options {
        directory "/var/cache/bind";
        version "0.0.7";
        notify no;
        empty-zones-enable no;
        allow-query {;; };
        allow-recursion {;; };
        forwarders {; };
        allow-transfer { none; };
        dnssec-validation no;
        dnssec-enable no;

        listen-on-v6 { none; };
        listen-on port 53 {;; };
        tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab";


include "/usr/local/samba/private/named.conf";


// prime the server with knowledge of the root servers
zone "." {
        type hint;
        file "/etc/bind/db.root";

// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912

zone "localhost" {
        type master;
        file "/etc/bind/db.local";

zone "127.in-addr.arpa" {
        type master;
        file "/etc/bind/db.127";

zone "0.in-addr.arpa" {
        type master;
        file "/etc/bind/db.0";

zone "255.in-addr.arpa" {
        type master;
        file "/etc/bind/db.255";

> ------------
> after change on smb.conf and krb5.conf with suggestions.
> I can on the pc client logout and login into the domain,
> can browse the \\server-dc and user Library Ok, but FooBar no (is
> fine in this way for this users logged) because the ACL working with
> filesystem and is ok....

You are trying to use the OS permissions on a Samba AD DC, this NOT

> but my problem from the beginning.... how can i know if i don't lose
> the access into (e.g Library share) after 2/3 days ?

I think your problem is down to your DNS setup, it seems to be using
flatfiles and this is NOT supported by Samba.


To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba