Web lists-archives.com

Re: [Samba] Share cannot be accessed when samba is in Domain with security enabled




On Mon, 24 Sep 2018 13:44:29 +0530
Shivappa <ssangapur3@xxxxxxxxx> wrote:

> Rowland,
> 
> Thanks for ur suggestions.
> I have used “map to guest=never” and I no longer getting that
> original error.
> 
> Do you guess any other issues I may face with keeping stand-alone
> server and above parameter.
> 
> So far it is working fine for me in Domain environment.

If that is all you have changed, then I am surprised.

If you just want a standalone server without users, then I would expect
your smb.conf to look similar to this:

[global]
    workgroup = NOTSAMBADFS
    security = user
    server string = SMB Standalone Server

    log level = 1
    max log size = 2000 
    max smbd processes = 100 
    dns proxy = no
    guest only = yes
    map to guest = Bad User
    ntlm auth = yes 
    deadtime = 60
    dos charset = CP932 

#my share
[SHIVA_SHARE] 
    path = /etc/test
    guest ok = yes

The computer must not be joined to the domain and you would not create
any users on the standalone server and winbind doesn't need to run.

If however you want Domain users to log into the computer, it will need
to be a domain member and the smb.conf will need to be similar to this:

[global]
    workgroup = SAMBADFS
    security = ADS
    server string = SMB ADS Server
    realm = SAMBADFS.LOCAL

    log level = 1
    max log size = 2000
    max smbd processes = 100
    ntlm auth = yes
    deadtime = 60
    dos charset = CP932

    idmap config *:backend = tdb
    idmap config *:range = 3000-7999
    idmap config SAMBADFS : backend = rid
    idmap config SAMBADFS : range = 10000-999999
    template shell = /bin/bash
    template homedir = /home/%U

#my share
[SHIVA_SHARE] 
    path = /etc/test 

The computer will need to be joined to the domain, the users will come
from AD and winbind must be running.

I would also suggest you read 'man smb.conf', most of your smb.conf
lines were defaults (as is 'map to guest = yes')

Rowland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba