Web lists-archives.com

Re: [Samba] Share access problem.




On Fri, 11 Aug 2017 14:59:36 -0400
<Sebastien.Boulianne@xxxxxx> wrote:

> Hi,
> 
> I checked my config this week.
> I did some changes.
> 
> I can now list the share FTPFiles but I cant view the files.
> What can be wrong ?
> 
> # krb5.conf
> https://pastebin.com/gDhMnM4B 
> 
> # nsswitch.conf
> https://pastebin.com/HEk1LwJg 
> 
> # smb.conf
> https://pastebin.com/f5hqStFk 
> 
> # log.winbindd
> https://pastebin.com/nxv13gd9 
> 

OK, I would change /etc/krb5.conf to just this:

[libdefaults]
    default_realm = DOMAIN.QC.CA
    dns_lookup_realm = false
    dns_lookup_kdc = true

In /etc/nsswitch.conf change:

passwd:         files winbind systemd sss
group:          files winbind systemd sss
shadow:         files systemd sss

To:

passwd:         files winbind
group:          files winbind
shadow:         files 

Change:

hosts:          files docker [NOTFOUND=return] gw_name mdns4_minimal
[NOTFOUND=return] resolve [!UNAVAIL=return] dns myhostname mymachines

To:

hosts:          files dns

Change:

protocols:      db files winbind
services:       db files winbind sss

To:

protocols:      db files
services:       db files

Change:

netgroup:       nis files winbind sss

To:

netgroup:       nis

I would remove all these lines from smb.conf:

        logon drive = H:
        max xmit = 32768
        min receivefile size = 2048
        map to guest = Bad User
        obey pam restrictions = Yes
        pam password change = Yes
        passdb backend = smbpasswd
        passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully*.
        passwd program = /usr/bin/passwd %u
        password server = domainmaster2.domain.qc.ca domainmaster1.domain.qc.ca
        restrict anonymous = 1
        unix password sync = Yes
        deadtime = 15
        idmap gid = 10000-20000
        winbind cache time = 30
        winbind enum groups = Yes
        winbind enum users = Yes
        dns proxy = No
        wins server = 10.20.1.64
        aio read size = 2048
        aio write size = 2048
        use sendfile = Yes
        write cache size = 1024000

I would change this line:

        idmap config * : range = 10000-20000

To:

        idmap config * : range = 3000-7999

I would add:

    idmap config DOMAIN : backend = rid
    idmap config DOMAIN : range = 10000-999999
    template shell = /bin/bash
    template homedir = /home/%U

    vfs objects = acl_xattr
    map acl inherit = Yes
    store dos attributes = Yes

With these changes it should work, but it is your computer, so the
choice is yours, use winbind or sssd for authentication, you cannot use
both.

Rowland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba