Web lists-archives.com

Re: [Samba] SAmba 4.9 and Win XP Clients

On 2019-02-17 10:17 am, Rowland Penny via samba wrote:
On Sun, 17 Feb 2019 09:53:56 -0500
Marco Shmerykowsky <marco@xxxxxxxxxxxxxxxxx> wrote:

I tried the NTLM setting.  No change.

When I try to browse the network, I get the following error:

"internal is not accessible.  You might not have permission to
use this network resource.  The list of servers for this workgroup
is not currently available."

Here is the smb.conf from the AD machine.

         netbios name = MACHINE251
         realm = INTERNAL.DOMAIN.COM
         workgroup = INTERNAL
         dns forwarder =
         server role = active directory domain controller
         idmap_ldb:use rfc2307 = yes

         path = /var/lib/samba/sysvol/internal.domain.com/scripts
         read only = No

         path = /var/lib/samba/sysvol
         read only = No

         read only = no

On 2019-02-17 9:15 am, Rowland Penny via samba wrote:
> On Sun, 17 Feb 2019 09:06:21 -0500
> Marco J Shmerykowsky PE <marco@xxxxxxxxxxxxxxxxx> wrote:
>> Thanks. Will check.
>> I should have added that everything was working fine on the old
>> winNT style samba domain setup.  Its something related to the new
>> samba AD setup
> It might be and it probably is something to do with NTLMv1, but I am
> still guessing, because you still haven't posted your smb.conf
> Rowland

OK, there doesn't seem to be anything wrong with your DC smb.conf, have
you set up the libnss-winbind links ?

You said 'but they can't see any of the machines on the network'. This
is normal, there is no network browsing in a Samba AD domain.

You also said 'I created a stand alone member server', this is a
contradiction in terms (it is either a standalone server or a Unix
domain member). You haven't posted the smb.conf for this, can you do so.


Seems I can map a drive from the command line. (Didn't check that
- it was 2:00am and I was tired with fighting this stuff)
 The windows graphical way to map drives isn't working.
I guess no real issue if I can manually map drives.

Server smb.conf file (you helped with this one :) )
It's a domain member.

        workgroup = SCE-INTERNAL
        security = ADS
        server string = Samba 4 Client %h

        winbind use default domain = yes
        winbind expand groups = 2
        winbind refresh tickets = yes
        dedicated keytab file = /etc/krb5.keytab
        kerberos method = secrets and keytab

        ## map ids outside of domain to RDB files
        idmap config *:backend = tdb
        idmap config *:range = 2000-9999

        ## map ids from the domain
        idmap config SCE-INTERNAL : backend = rid
        idmap confog SCE-INTERNAL : range = 10000-999999

        # uncomment next line to allow loging
        # template shell = /bin/bash
        template homedir = /home/%U

        domain master = no
        local master = no
        preferred master = no

        # user Administrator workaround
        username map = /etc/samba/user.map

        # For ACL support on domain member
        vfs objects = acl_xattr
        map acl inherit = yes
        store dos attributes = yes

        # disable printing completely
        # remove these lines to print
        load printers = no
        printing = bsd
        printcap name =  /dev/null
        disable spoolss = yes

        # logging
        # change the number to raise level
        log level = 0
        # map untrusted to domain = yes

        path = /server/files
        read only = no

To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba