Web lists-archives.com

Re: [Samba] AD member server, some users suddenly can only connect to shares via ip address




On 2019/04/25 14:44, Rowland Penny via samba wrote:
OK, post your smb.conf

Thanks for help.... remember this has been working up to now and only a few users have the password prompt..  (btw "gibb.local" is a trusted samba3 domain used for migration, connecting as a gibb.local user does work)

getent passwd returns expected results, as does wbinfo -u

# Global parameters
[global]
        netbios name = PTA-CLUSTER
        realm = AD.GIBB.CO.ZA
        server string = Pretoria Cluster
        workgroup = GIBB
        ldap connection timeout = 20
        ldap timeout = 60
        log file = /var/log/samba/log.%m
        max log size = 1000
        syslog = 0
        panic action = /usr/share/samba/panic-action %d
        map to guest = Bad User
        obey pam restrictions = Yes
        pam password change = Yes
        passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
        passwd program = /usr/bin/passwd %u
        security = ADS
        server role = member server
        unix password sync = Yes
        username map = /etc/samba/user.map
        template homedir = /home/gibb/%U
        winbind enum groups = Yes
        winbind enum users = Yes
        winbind refresh tickets = Yes
        winbind request timeout = 120
        dns proxy = No
        wins server = 192.168.112.94 192.168.104.2
        idmap config gibb.local : range = 1600000-1999999
        idmap config gibb.local : backend = rid
        idmap config gibb : range = 1000000-1599999
        idmap config gibb : backend = rid
        idmap config * : range = 3000-7999
        idmap config * : backend = tdb
[homes]
        comment = Home Directories
        path = /home/gibb/%U
        browseable = No
        root preexec = /usr/local/sbin/mkhomedir.sh %U
        create mask = 0750
        directory mask = 0750
        read only = No
       valid users = %S GIBB.LOCAL\%S GIBB\%S

[projects]
        comment = Pretoria projects
        path = /home/shares/projects
        inherit permissions = Yes
        read only = No
        valid users = @domusers "@GIBB.LOCAL\Domain Users" "@GIBB\Domain Users"

user.map:

!root = GIBB\Administrator


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba