Web lists-archives.com

Re: [Samba] Odd behavior on group membership

Hi Rowland, thank you for your prompt reply,

I sent you the testparam output hence lots of defaults (i presumed would be better), here is crude smb.conf:

root@araucaria:~# cat /etc/samba/smb.conf
    netbios name = ARAUCARIA
    realm = AD.TLD
    server role = active directory domain controller
    workgroup = A1
    server services = -dns
    ldap server require strong auth = no
    wins support = yes
    ntlm auth = yes
    log file = /var/log/samba/%m.log
    log level = 1 auth_audit:3 auth_json_audit:3
    idmap_ldb:use rfc2307 = yes
    idmap config * : backend = tdb
    template shell = /bin/bash
    template homedir = /home/usuarios/%U

    path = /var/lib/samba/sysvol/ad.tld/scripts
    read only = No

    path = /var/lib/samba/sysvol
    read only = No

Em 28/11/2018 09:17, Rowland Penny via samba escreveu:
On Wed, 28 Nov 2018 08:48:07 -0200
Marcio Vogel Merlone dos Santos via samba <samba@xxxxxxxxxxxxxxx> wrote:

Hi Rowland,

Those tests were made on DC (araucaria), not a domain member.

root@araucaria:~# testparm /etc/samba/smb.conf
Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit
(16384) Processing section "[netlogon]"
Processing section "[sysvol]"
Loaded services file OK.

Press enter to see a dump of your service definitions

# Global parameters
          passdb backend = samba_dsdb
          wins support = Yes
          rpc_server:tcpip = no
          rpc_daemon:spoolssd = embedded
          rpc_server:spoolss = embedded
          rpc_server:winreg = embedded
          rpc_server:ntsvcs = embedded
          rpc_server:eventlog = embedded
          rpc_server:srvsvc = embedded
          rpc_server:svcctl = embedded
          rpc_server:default = external
          winbindd:use external pipes = true
          idmap config * : backend = tdb
          map archive = No
          map readonly = no
          store dos attributes = Yes
          vfs objects = dfs_samba4 acl_xattr

I would remove the above lines from your smb.conf, most are defaults,
but some are actually wrong for an AD DC, see 'man smb.conf' for more


*Marcio Merlone*
TI - Administrador de redes

*A1 Engenharia - Unidade Corporativa*
Fone: 	+55 41 3616-3797
Cel: 	+55 41 99689-0036

https://a1.ind.br/ <https://a1.ind.br>
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba