Share access problem.

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Share access problem.

Samba - General mailing list
Hi all,

I search A LOT before post here but I didn't find a right answer.
I can list Samba shares on a server but I CANT access the content (view, read or write).

Here is my complete config with debug steps.

######### kinit boubou; klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: [hidden email]

Valid starting     Expires            Service principal
04/08/17 16:03:00  05/08/17 02:03:00  krbtgt/[hidden email]
        renew until 05/08/17 16:02:55

# net ads testjoin
Join is OK
# wbinfo -P
checking the NETLOGON for domain[DOMAIN] dc connection to "dc1.domain.qc.ca" succeeded

**** getent passwd + getent group work perfectly. I can list all users/groups.

#################################################################################
# service smbd status
smbd is running.
# service nmbd status
nmbd is running.
# service winbind status
winbind is running.

# krb5.conf
https://pastebin.com/gDhMnM4B

# nsswitch.conf
https://pastebin.com/HEk1LwJg

# smb.conf
https://pastebin.com/f5hqStFk

# log.winbindd
https://pastebin.com/nxv13gd9

drwsrwxrwx 10 root domain users 4.0K Jun 13 16:00 site

Do you see something wrong in my config ?
How can I find what fail ?

Thanks in advance for your help!

Sébastien

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: Share access problem.

Samba - General mailing list
On Sat, 5 Aug 2017 13:21:28 -0400
Sébastien Boulianne via samba <[hidden email]> wrote:

>
> Do you see something wrong in my config ?

Lots and when I stop laughing I will reply in full, but first, you
have in smb.conf:

security = ADS

and

server role = standalone server

So, which do you want it to be, a Unix domain member (ADS) or a
standalone server ? it cannot be both!

Rowland



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: Share access problem.

Samba - General mailing list
On Sat, 5 Aug 2017 14:34:40 -0400
<[hidden email]> wrote:

>
> I want access the files on this server from my pc which part of a
> domain then I will comment out the standardone line. So what else ?
>

Then you need to set up your machine correctly for Samba and this
includes using winbind instead of sssd

can I suggest you start by reading this:

https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member

It will also help if you consult 'man smb.conf'

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: Share access problem.

Samba - General mailing list
In reply to this post by Samba - General mailing list
Hi,

I checked my config this week.
I did some changes.

I can now list the share FTPFiles but I cant view the files.
What can be wrong ?

# krb5.conf
https://pastebin.com/gDhMnM4B 

# nsswitch.conf
https://pastebin.com/HEk1LwJg 

# smb.conf
https://pastebin.com/f5hqStFk 

# log.winbindd
https://pastebin.com/nxv13gd9 

drwsrwxrwx 10 root domain users 4.0K Jun 13 16:00 site

Thanks in advance

Sébastien Boulianne
Administrateur réseau & système / Network & System Administrator (Linux, Solaris & Windows).
Gestion des infrastructures / Infrastructure Management.
CCNA / CompTIA Server+ / Spécialiste en supervision.
[hidden email]

-----Message d'origine-----
De : Sebastien Boulianne
Envoyé : 5 août 2017 14:35
À : 'Rowland Penny' <[hidden email]>
Objet : RE: [Samba] Share access problem.

Hi Rowland,

Please respect.
I want to learn it.

I want access the files on this server from my pc which part of a domain then I will comment out the standardone line.
So what else ?

Thanks in advance sir.

-----Message d'origine-----
De : samba [mailto:[hidden email]] De la part de Rowland Penny via samba Envoyé : 5 août 2017 14:19 À : [hidden email] Objet : Re: [Samba] Share access problem.

On Sat, 5 Aug 2017 13:21:28 -0400
Sébastien Boulianne via samba <[hidden email]> wrote:

>
> Do you see something wrong in my config ?

Lots and when I stop laughing I will reply in full, but first, you have in smb.conf:

security = ADS

and

server role = standalone server

So, which do you want it to be, a Unix domain member (ADS) or a standalone server ? it cannot be both!

Rowland



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: Share access problem.

Samba - General mailing list
On Fri, 11 Aug 2017 14:59:36 -0400
<[hidden email]> wrote:

> Hi,
>
> I checked my config this week.
> I did some changes.
>
> I can now list the share FTPFiles but I cant view the files.
> What can be wrong ?
>
> # krb5.conf
> https://pastebin.com/gDhMnM4B 
>
> # nsswitch.conf
> https://pastebin.com/HEk1LwJg 
>
> # smb.conf
> https://pastebin.com/f5hqStFk 
>
> # log.winbindd
> https://pastebin.com/nxv13gd9 
>

OK, I would change /etc/krb5.conf to just this:

[libdefaults]
    default_realm = DOMAIN.QC.CA
    dns_lookup_realm = false
    dns_lookup_kdc = true

In /etc/nsswitch.conf change:

passwd:         files winbind systemd sss
group:          files winbind systemd sss
shadow:         files systemd sss

To:

passwd:         files winbind
group:          files winbind
shadow:         files

Change:

hosts:          files docker [NOTFOUND=return] gw_name mdns4_minimal
[NOTFOUND=return] resolve [!UNAVAIL=return] dns myhostname mymachines

To:

hosts:          files dns

Change:

protocols:      db files winbind
services:       db files winbind sss

To:

protocols:      db files
services:       db files

Change:

netgroup:       nis files winbind sss

To:

netgroup:       nis

I would remove all these lines from smb.conf:

        logon drive = H:
        max xmit = 32768
        min receivefile size = 2048
        map to guest = Bad User
        obey pam restrictions = Yes
        pam password change = Yes
        passdb backend = smbpasswd
        passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully*.
        passwd program = /usr/bin/passwd %u
        password server = domainmaster2.domain.qc.ca domainmaster1.domain.qc.ca
        restrict anonymous = 1
        unix password sync = Yes
        deadtime = 15
        idmap gid = 10000-20000
        winbind cache time = 30
        winbind enum groups = Yes
        winbind enum users = Yes
        dns proxy = No
        wins server = 10.20.1.64
        aio read size = 2048
        aio write size = 2048
        use sendfile = Yes
        write cache size = 1024000

I would change this line:

        idmap config * : range = 10000-20000

To:

        idmap config * : range = 3000-7999

I would add:

    idmap config DOMAIN : backend = rid
    idmap config DOMAIN : range = 10000-999999
    template shell = /bin/bash
    template homedir = /home/%U

    vfs objects = acl_xattr
    map acl inherit = Yes
    store dos attributes = Yes

With these changes it should work, but it is your computer, so the
choice is yours, use winbind or sssd for authentication, you cannot use
both.

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba