I broke samba somehow

Software & Operating Systems Linux
21

I followed everything in the tutorial but getent still only shows local.

I’m officially out of ideas and its quitting time, so until tommorow.

1 Like
22

The first two answers might help?

23 
[global]
    workgroup = xxxx
    security = ads
    kerberos method = secrets and keytab
    realm = xxxx
    encrypt passwords = yes
    domain master = no
    local master = no
    preferred master = no
    min protocol = SMB2

    passdb backend = tdbsam

    log file = /var/log/samba/log.%m
    log level = 3 auth:10
    max log size = 50

    vfs objects = acl_xattr
    map acl inherit = yes
    store dos attributes = yes

    printing = cups
    printcap name = cups
    load printers = no
    cups options = raw
    client signing = yes
    client use spnego = yes
#client ntlmv2 auth = yes

idmap config xxxx : backend = sss
idmap config xxxx : range = 200000-2147483647

idmap config * : backend = tdb
idmap config * : range = 100000-199999

This the the config I use for samba that is domain joined using sssd. for ID map provider I’m not using winbind but the SSSD id map plugin to keep the UID translation consistent. But winbind is still required and recommended for NTLM authentication as sssd only does kerberos. I found that out when nextcloud stopped authenticating my samba shares but I was still able to login on Windows clients. If you have legacy devices that require NTLMv1 or SMB1 then you may have to do some tweaking to accomdate.

I think this guide worked for me to get ubuntu joined up to a domain
http://blog.admindiary.com/integrate-ubuntu-active-directory-using-kerberos-realmd-sssd/

1 Like
24

The whole network is forced to smb1 because of a legacy erp software.

26

I followed that to the T and it does not work.

27

I have given up on this as I have to get it to just work™

I removed all of the AD stuff from my config and reverted to stand alone server, giving everyone 777.

definitely not ideal but I dont have time to mess with it anymore.

28

Smbpasswd

29

I shouldnt need it with AD

oh I see what you’re saying now.

yeah im not going to go to everyones machine and set them up with creds. vacation starts tomorrow so I cant be here to troubleshoot.