Web lists-archives.com

[Samba] get access denied on samba AD share




Hello Sambaers, i can not access my samba shares after upgrade my centos to 7.4,samba version was upgraded to 4.6.2

i joined centos to windows domain by realm command,domain user(format as username@doaminname) could login to centos

could get kerberos ticket by kinit with domain user


execute net view command at domain windows server get access denied


C:\>net view \\ark-centos-smb4.qa.arkivio.com
System error 5 has occurred.

Access is denied.


C:\>net view \\192.168.32.26
System error 5 has occurred.

Access is denied.


collected following log while get access denied error with samba server ip, i complains can not find the user,and run getent passwd domainuser@domainname could finish successfully


[2017/09/21 00:36:03.319546,  3] ../source3/smbd/oplock.c:1322(init_oplocks)
  init_oplocks: initializing messages.
[2017/09/21 00:36:03.319707,  3] ../source3/smbd/process.c:1957(process_smb)
  Transaction 0 of length 159 (0 toread)
[2017/09/21 00:36:03.319744,  3] ../source3/smbd/process.c:1538(switch_message)
  switch message SMBnegprot (pid 23703) conn 0x0
[2017/09/21 00:36:03.319767,  4] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2017/09/21 00:36:03.320414,  3] ../source3/smbd/negprot.c:603(reply_negprot)
  Requested protocol [PC NETWORK PROGRAM 1.0]
[2017/09/21 00:36:03.320441,  3] ../source3/smbd/negprot.c:603(reply_negprot)
  Requested protocol [LANMAN1.0]
[2017/09/21 00:36:03.320454,  3] ../source3/smbd/negprot.c:603(reply_negprot)
  Requested protocol [Windows for Workgroups 3.1a]
[2017/09/21 00:36:03.320466,  3] ../source3/smbd/negprot.c:603(reply_negprot)
  Requested protocol [LM1.2X002]
[2017/09/21 00:36:03.320482,  3] ../source3/smbd/negprot.c:603(reply_negprot)
  Requested protocol [LANMAN2.1]
[2017/09/21 00:36:03.320497,  3] ../source3/smbd/negprot.c:603(reply_negprot)
  Requested protocol [NT LM 0.12]
[2017/09/21 00:36:03.320509,  3] ../source3/smbd/negprot.c:603(reply_negprot)
  Requested protocol [SMB 2.002]
[2017/09/21 00:36:03.320538,  3] ../source3/smbd/negprot.c:603(reply_negprot)
  Requested protocol [SMB 2.???]
[2017/09/21 00:36:03.320638,  4] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2017/09/21 00:36:03.320722,  3] ../source3/smbd/smb2_negprot.c:290(smbd_smb2_request_process_negprot)
  Selected protocol SMB2_FF
[2017/09/21 00:36:03.321314,  2] ../source3/librpc/crypto/gse_krb5.c:229(fill_mem_keytab_from_secrets)
  ../source3/librpc/crypto/gse_krb5.c:229: failed to fetch machine password
[2017/09/21 00:36:03.321344,  3] ../source3/librpc/crypto/gse_krb5.c:587(gse_krb5_get_server_keytab)
  ../source3/librpc/crypto/gse_krb5.c:587: Warning! Unable to set mem keytab from secrets!
[2017/09/21 00:36:03.322377,  3] ../source3/smbd/negprot.c:730(reply_negprot)
  Selected protocol SMB 2.???
[2017/09/21 00:36:03.323207,  4] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2017/09/21 00:36:03.323262,  4] ../source3/smbd/sec_ctx.c:217(push_sec_ctx)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2017/09/21 00:36:03.323300,  4] ../source3/smbd/uid.c:491(push_conn_ctx)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2017/09/21 00:36:03.323326,  4] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2017/09/21 00:36:03.325145,  4] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2017/09/21 00:36:03.325187,  3] ../source3/smbd/smb2_negprot.c:290(smbd_smb2_request_process_negprot)
  Selected protocol SMB2_10
[2017/09/21 00:36:03.325448,  2] ../source3/librpc/crypto/gse_krb5.c:229(fill_mem_keytab_from_secrets)
  ../source3/librpc/crypto/gse_krb5.c:229: failed to fetch machine password
[2017/09/21 00:36:03.325466,  3] ../source3/librpc/crypto/gse_krb5.c:587(gse_krb5_get_server_keytab)
  ../source3/librpc/crypto/gse_krb5.c:587: Warning! Unable to set mem keytab from secrets!
[2017/09/21 00:36:03.327171,  4] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2017/09/21 00:36:03.327477,  4] ../source3/smbd/sec_ctx.c:217(push_sec_ctx)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2017/09/21 00:36:03.327498,  4] ../source3/smbd/uid.c:491(push_conn_ctx)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2017/09/21 00:36:03.327509,  4] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2017/09/21 00:36:03.327562,  4] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2017/09/21 00:36:03.327754,  3] ../auth/ntlmssp/ntlmssp_util.c:69(debug_ntlmssp_flags)
  Got NTLMSSP neg_flags=0xe2088297
    NTLMSSP_NEGOTIATE_UNICODE
    NTLMSSP_NEGOTIATE_OEM
    NTLMSSP_REQUEST_TARGET
    NTLMSSP_NEGOTIATE_SIGN
    NTLMSSP_NEGOTIATE_LM_KEY
    NTLMSSP_NEGOTIATE_NTLM
    NTLMSSP_NEGOTIATE_ALWAYS_SIGN
    NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
    NTLMSSP_NEGOTIATE_VERSION
    NTLMSSP_NEGOTIATE_128
    NTLMSSP_NEGOTIATE_KEY_EXCH
    NTLMSSP_NEGOTIATE_56
[2017/09/21 00:36:03.327897,  4] ../source3/smbd/sec_ctx.c:217(push_sec_ctx)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2017/09/21 00:36:03.327919,  4] ../source3/smbd/uid.c:491(push_conn_ctx)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2017/09/21 00:36:03.327930,  4] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2017/09/21 00:36:03.327951,  4] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2017/09/21 00:36:03.328313,  4] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2017/09/21 00:36:03.328360,  4] ../source3/smbd/sec_ctx.c:217(push_sec_ctx)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2017/09/21 00:36:03.328376,  4] ../source3/smbd/uid.c:491(push_conn_ctx)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2017/09/21 00:36:03.328387,  4] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2017/09/21 00:36:03.328403,  4] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2017/09/21 00:36:03.328478,  3] ../auth/ntlmssp/ntlmssp_server.c:452(ntlmssp_server_preauth)
  Got user=[arkadmin] domain=[QA] workstation=[NWT-VM-ARK8118] len1=24 len2=350
[2017/09/21 00:36:03.328573,  3] ../source3/param/loadparm.c:3823(lp_load_ex)
  lp_load_ex: refreshing parameters
[2017/09/21 00:36:03.328664,  3] ../source3/param/loadparm.c:542(init_globals)
  Initialising global parameters
[2017/09/21 00:36:03.328773,  3] ../source3/param/loadparm.c:2752(lp_do_section)
  Processing section "[global]"
  doing parameter netbios name = ARK-CENTOS-SMB4
  doing parameter security = ADS
  doing parameter workgroup = QA.ARKIVIO.COM
  doing parameter kerberos method = secrets and keytab
  doing parameter realm = QA.ARKIVIO.COM
  doing parameter log file = /var/log/samba/%m.log
  doing parameter log level = 4
  doing parameter local master = no
  doing parameter domain master = no
  doing parameter server string = Samba Server Version %v
  doing parameter max log size = 5000
  doing parameter load printers = No
  doing parameter wins support = no
  doing parameter wins proxy = no
  doing parameter dns proxy = yes
  doing parameter name resolve order = host lmhosts wins bcast
[2017/09/21 00:36:03.328953,  2] ../source3/param/loadparm.c:2769(lp_do_section)
  Processing section "[arkc1]"
  doing parameter comment = centos samba4 share1
  doing parameter path = /rocket/cifs/cifs1
  doing parameter writable = yes
  doing parameter guest ok = yes
  doing parameter valid users = administrator@xxxxxxxxxxxxxx,auto-stor@xxxxxxxxxxxxxx,arkadmin@xxxxxxxxxxxxxx,@"Domain Admins@xxxxxxxxxxxxxx",@"AutostorAdmins@xxxxxxxxxxxxxx","QA.ARKIVIO.COM\AutostorAdmins",arkadmin@xxxxxxxxxxxxxx
  doing parameter admin users = administrator@xxxxxxxxxxxxxx,auto-stor@xxxxxxxxxxxxxx,arkadmin@xxxxxxxxxxxxxx,@"Domain Admins@xxxxxxxxxxxxxx",@"AutostorAdmins@xxxxxxxxxxxxxx",arkadmin@xxxxxxxxxxxxxx,QA\arkadmin,QA.ARKIVIO.COM\arkadmin
[2017/09/21 00:36:03.329055,  2] ../source3/param/loadparm.c:2769(lp_do_section)
  Processing section "[arkc2]"
  doing parameter comment = centos samba4 share2
  doing parameter path = /rocket/cifs/cifs2
  doing parameter writable = yes
  doing parameter admin users = administrator@xxxxxxxxxxxxxx,auto-stor@xxxxxxxxxxxxxx,arkadmin@xxxxxxxxxxxxxx,@"Domain Admins@xxxxxxxxxxxxxx",@"AutostorAdmins@xxxxxxxxxxxxxx",arkadmin@xxxxxxxxxxxxxx,QA\arkadmin,QA.ARKIVIO.COM\arkadmin
  doing parameter valid users = administrator@xxxxxxxxxxxxxx,auto-stor@xxxxxxxxxxxxxx,arkadmin@xxxxxxxxxxxxxx,@"Domain Admins@xxxxxxxxxxxxxx",@"AutostorAdmins@xxxxxxxxxxxxxx","QA.ARKIVIO.COM\AutostorAdmins",arkadmin@xxxxxxxxxxxxxx,QA\arkadmin,QA.ARKIVIO.COM\arkadmin
[2017/09/21 00:36:03.329149,  4] ../source3/param/loadparm.c:3864(lp_load_ex)
  pm_process() returned Yes
[2017/09/21 00:36:03.329186,  3] ../source3/param/loadparm.c:1592(lp_add_ipc)
  adding IPC service
[2017/09/21 00:36:03.329981,  4] ../source3/libsmb/namequery_dc.c:77(ads_dc_name)
  ads_dc_name: domain=QA.ARKIVIO.COM
[2017/09/21 00:36:03.331294,  3] ../source3/libsmb/namequery.c:3160(get_dc_list)
  get_dc_list: preferred server list: ", *"
[2017/09/21 00:36:03.332043,  4] ../lib/addns/dnsquery.c:435(ads_dns_lookup_srv)
  ads_dns_lookup_srv: 2 records returned in the answer section.
[2017/09/21 00:36:03.333572,  4] ../source3/libsmb/namequery.c:3305(get_dc_list)
  get_dc_list: returning 3 ip addresses in an ordered list
[2017/09/21 00:36:03.333594,  4] ../source3/libsmb/namequery.c:3306(get_dc_list)
  get_dc_list: 192.168.32.231:389 192.168.32.230:389 2001:21:21:32:743e:17d2:61a4:fdb8:389
[2017/09/21 00:36:03.334552,  3] ../source3/libads/ldap.c:618(ads_connect)
  Successfully contacted LDAP server 192.168.32.231
[2017/09/21 00:36:03.334622,  3] ../source3/libsmb/namequery.c:3160(get_dc_list)
  get_dc_list: preferred server list: ", *"
[2017/09/21 00:36:03.334961,  4] ../lib/addns/dnsquery.c:435(ads_dns_lookup_srv)
  ads_dns_lookup_srv: 2 records returned in the answer section.
[2017/09/21 00:36:03.335007,  4] ../source3/libsmb/namequery.c:3305(get_dc_list)
  get_dc_list: returning 3 ip addresses in an ordered list
[2017/09/21 00:36:03.335023,  4] ../source3/libsmb/namequery.c:3306(get_dc_list)
  get_dc_list: 192.168.32.230:88 192.168.32.231:88 2001:21:21:32:743e:17d2:61a4:fdb8:88
[2017/09/21 00:36:03.335042,  3] ../source3/libsmb/namequery.c:3160(get_dc_list)
  get_dc_list: preferred server list: ", *"
[2017/09/21 00:36:03.335419,  4] ../lib/addns/dnsquery.c:435(ads_dns_lookup_srv)
  ads_dns_lookup_srv: 2 records returned in the answer section.
[2017/09/21 00:36:03.335463,  4] ../source3/libsmb/namequery.c:3305(get_dc_list)
  get_dc_list: returning 3 ip addresses in an ordered list
[2017/09/21 00:36:03.335478,  4] ../source3/libsmb/namequery.c:3306(get_dc_list)
  get_dc_list: 192.168.32.230:88 192.168.32.231:88 2001:21:21:32:743e:17d2:61a4:fdb8:88
[2017/09/21 00:36:03.336391,  4] ../source3/libsmb/namequery_dc.c:151(ads_dc_name)
  ads_dc_name: using server='ARK-QA-DC2.QA.ARKIVIO.COM' IP=192.168.32.231
[2017/09/21 00:36:03.336496,  3] ../source3/lib/util_sock.c:515(open_socket_out_send)
  Connecting to 192.168.32.231 at port 445
[2017/09/21 00:36:03.337733,  3] ../source3/libsmb/cliconnect.c:271(cli_session_creds_prepare_krb5)
  got OID=1.3.6.1.4.1.311.2.2.30
  got OID=1.2.840.48018.1.2.2
[2017/09/21 00:36:03.338945,  3] ../auth/ntlmssp/ntlmssp_client.c:270(ntlmssp_client_challenge)
  Got challenge flags:
[2017/09/21 00:36:03.338973,  3] ../auth/ntlmssp/ntlmssp_util.c:69(debug_ntlmssp_flags)
  Got NTLMSSP neg_flags=0x62898215
    NTLMSSP_NEGOTIATE_UNICODE
    NTLMSSP_REQUEST_TARGET
    NTLMSSP_NEGOTIATE_SIGN
    NTLMSSP_NEGOTIATE_NTLM
    NTLMSSP_NEGOTIATE_ALWAYS_SIGN
    NTLMSSP_TARGET_TYPE_DOMAIN
    NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
    NTLMSSP_NEGOTIATE_TARGET_INFO
    NTLMSSP_NEGOTIATE_VERSION
    NTLMSSP_NEGOTIATE_128
    NTLMSSP_NEGOTIATE_KEY_EXCH
[2017/09/21 00:36:03.339060,  3] ../auth/ntlmssp/ntlmssp_client.c:726(ntlmssp_client_challenge)
  NTLMSSP: Set final flags:
[2017/09/21 00:36:03.339076,  3] ../auth/ntlmssp/ntlmssp_util.c:69(debug_ntlmssp_flags)
  Got NTLMSSP neg_flags=0x62008a15
    NTLMSSP_NEGOTIATE_UNICODE
    NTLMSSP_REQUEST_TARGET
    NTLMSSP_NEGOTIATE_SIGN
    NTLMSSP_NEGOTIATE_NTLM
    NTLMSSP_ANONYMOUS
    NTLMSSP_NEGOTIATE_ALWAYS_SIGN
    NTLMSSP_NEGOTIATE_VERSION
    NTLMSSP_NEGOTIATE_128
    NTLMSSP_NEGOTIATE_KEY_EXCH
[2017/09/21 00:36:03.339112,  3] ../auth/ntlmssp/ntlmssp_sign.c:509(ntlmssp_sign_reset)
  NTLMSSP Sign/Seal - Initialising with flags:
[2017/09/21 00:36:03.339123,  3] ../auth/ntlmssp/ntlmssp_util.c:69(debug_ntlmssp_flags)
  Got NTLMSSP neg_flags=0x62008a15
    NTLMSSP_NEGOTIATE_UNICODE
    NTLMSSP_REQUEST_TARGET
    NTLMSSP_NEGOTIATE_SIGN
    NTLMSSP_NEGOTIATE_NTLM
    NTLMSSP_ANONYMOUS
    NTLMSSP_NEGOTIATE_ALWAYS_SIGN
    NTLMSSP_NEGOTIATE_VERSION
    NTLMSSP_NEGOTIATE_128
    NTLMSSP_NEGOTIATE_KEY_EXCH
[2017/09/21 00:36:03.339972,  3] ../auth/ntlmssp/ntlmssp_sign.c:509(ntlmssp_sign_reset)
  NTLMSSP Sign/Seal - Initialising with flags:
[2017/09/21 00:36:03.340000,  3] ../auth/ntlmssp/ntlmssp_util.c:69(debug_ntlmssp_flags)
  Got NTLMSSP neg_flags=0x62008a15
    NTLMSSP_NEGOTIATE_UNICODE
    NTLMSSP_REQUEST_TARGET
    NTLMSSP_NEGOTIATE_SIGN
    NTLMSSP_NEGOTIATE_NTLM
    NTLMSSP_ANONYMOUS
    NTLMSSP_NEGOTIATE_ALWAYS_SIGN
    NTLMSSP_NEGOTIATE_VERSION
    NTLMSSP_NEGOTIATE_128
    NTLMSSP_NEGOTIATE_KEY_EXCH
[2017/09/21 00:36:03.344582,  3] ../source3/auth/auth.c:178(auth_check_ntlm_password)
  check_ntlm_password:  Checking password for unmapped user [QA]\[arkadmin]@[NWT-VM-ARK8118] with the new password interface
[2017/09/21 00:36:03.344615,  3] ../source3/auth/auth.c:181(auth_check_ntlm_password)
  check_ntlm_password:  mapped user is: [ARK-CENTOS-SMB4]\[arkadmin]@[NWT-VM-ARK8118]
[2017/09/21 00:36:03.344650,  4] ../source3/smbd/sec_ctx.c:217(push_sec_ctx)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2017/09/21 00:36:03.344698,  4] ../source3/smbd/uid.c:491(push_conn_ctx)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2017/09/21 00:36:03.344714,  4] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2017/09/21 00:36:03.344768,  4] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2017/09/21 00:36:03.344785,  3] ../source3/auth/check_samsec.c:399(check_sam_security)
  check_sam_security: Couldn't find user 'arkadmin' in passdb.
[2017/09/21 00:36:03.344808,  3] ../source3/auth/auth_winbind.c:60(check_winbind_security)
  check_winbind_security: Not using winbind, requested domain [ARK-CENTOS-SMB4] was for this SAM.
[2017/09/21 00:36:03.344835,  2] ../source3/auth/auth.c:315(auth_check_ntlm_password)
  check_ntlm_password:  Authentication for user [arkadmin] -> [arkadmin] FAILED with error NT_STATUS_NO_SUCH_USER
[2017/09/21 00:36:03.344858,  2] ../auth/gensec/spnego.c:768(gensec_spnego_server_negTokenTarg)
  SPNEGO login failed: NT_STATUS_NO_SUCH_USER
[2017/09/21 00:36:03.344879,  4] ../source3/smbd/sec_ctx.c:217(push_sec_ctx)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2017/09/21 00:36:03.344891,  4] ../source3/smbd/uid.c:491(push_conn_ctx)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2017/09/21 00:36:03.344901,  4] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2017/09/21 00:36:03.344919,  4] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2017/09/21 00:36:03.344949,  3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex)
  smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_LOGON_FAILURE] || at ../source3/smbd/smb2_sesssetup.c:134
[2017/09/21 00:36:03.345308,  4] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2017/09/21 00:36:03.345337,  4] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2017/09/21 00:36:03.345351,  4] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2017/09/21 00:36:03.345365,  4] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2017/09/21 00:36:03.345535,  3] ../source3/smbd/server_exit.c:246(exit_server_common)
  Server exit (NT_STATUS_CONNECTION_RESET)


here is my smb.conf content


#working since 2017-8-1 with sssd?+ad
[global]
netbios name = ARK-CENTOS-SMB4
security = ADS
#workgroup = QA
workgroup = QA.ARKIVIO.COM
kerberos method = secrets and keytab
realm = QA.ARKIVIO.COM
log file = /var/log/samba/%m.log
log level = 4
#password server = *
#passdb backend  = tdbsam
#template shell  = /bin/bash
#template homedir = /home/%u
#winbind separator = +
local master    = no
domain master   = no
#auth methods    = guest sam_ignoredomain winbind
#guest ok        = no
server string = Samba Server Version %v
max log size = 5000
load printers = No
#idmap config * : backend = tdb
#preferred master = no
wins support = no
wins proxy = no
dns proxy = yes
#name resolve order = wins bcast host lmhosts
name resolve order = host lmhosts wins bcast

# Winbind idmap RID settings
#    winbind use default domain = yes
#    allow trusted domains = yes
#    winbind enum users = yes
#    winbind enum groups = yes
#    winbind nested groups = yes
#    idmap config QA : backend = rid
#    idmap config QA : default = yes
#    idmap config QA : range = 100-33554431
#    idmap config * : range = 33554432-67108862
#    idmap config * : backend = tdb
#    printing        = bsd
#    load printers   = no
#    disable spoolss = yes
#    printcap name   = /dev/null
#    log level       = 10
#    log file        = /var/log/samba/samba.log.%m
#    max log size    = 5000
#    debug timestamp = yes
#    oplocks         = 1
#    unix extensions = yes
#    clustering      = 0
#    smb ports       = 445, 139
#    mangled names   = yes
#    default case    = lower
#    case sensitive  = auto
#    preserve case   = yes
#    short preserve case = yes
#    bind interfaces only = yes
#    interfaces = lo bond0:2 eth0:1 eth0:2 eth2 eth3
#    dos filetimes = 1
#    create mask = 777
#    admin users = administrator

[arkc1]
comment = centos samba4 share1
path = /rocket/cifs/cifs1
#public = no
#read only = no
writable = yes
#guest ok = yes
#inherit permissions = 1
#inherit acls = 1
#map acl inherit = 1
#vfs objects = acl_xattr
#acl_xattr:ignore system acls = 1

#valid users = @"autostoradmins@xxxxxxxxxxxxxx"
#valid users = administrator,auto-stor,arkadmin,Domain Admins,autostoradmins
valid users = administrator@xxxxxxxxxxxxxx,auto-stor@xxxxxxxxxxxxxx,arkadmin@xxxxxxxxxxxxxx,@"Domain Admins@xxxxxxxxxxxxxx",@"AutostorAdmins@xxxxxxxxxxxxxx","QA.ARKIVIO.COM\AutostorAdmins",arkadmin@xxxxxxxxxxxxxx
#admin users = administrator,auto-stor,arkadmin,Domain Admins,autostoradmins,QA\arkadmin,QA.ARKIVIO.COM\arkadmin
admin users = administrator@xxxxxxxxxxxxxx,auto-stor@xxxxxxxxxxxxxx,arkadmin@xxxxxxxxxxxxxx,@"Domain Admins@xxxxxxxxxxxxxx",@"AutostorAdmins@xxxxxxxxxxxxxx",arkadmin@xxxxxxxxxxxxxx,QA\arkadmin,QA.ARKIVIO.COM\arkadmin

[arkc2]
comment = centos samba4 share2
path = /rocket/cifs/cifs2
#public = no
#read only = no
writable = yes
#guest ok = no
#vfs objects = acl_xattr
#acl_xattr:ignore system acls = yes

admin users = administrator@xxxxxxxxxxxxxx,auto-stor@xxxxxxxxxxxxxx,arkadmin@xxxxxxxxxxxxxx,@"Domain Admins@xxxxxxxxxxxxxx",@"AutostorAdmins@xxxxxxxxxxxxxx",arkadmin@xxxxxxxxxxxxxx,QA\arkadmin,QA.ARKIVIO.COM\arkadmin
valid users = administrator@xxxxxxxxxxxxxx,auto-stor@xxxxxxxxxxxxxx,arkadmin@xxxxxxxxxxxxxx,@"Domain Admins@xxxxxxxxxxxxxx",@"AutostorAdmins@xxxxxxxxxxxxxx","QA.ARKIVIO.COM\AutostorAdmins",arkadmin@xxxxxxxxxxxxxx,QA\arkadmin,QA.ARKIVIO.COM\arkadmin


please give some advice,thanks




-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba