Hi Alexander,
Finally succeeded to make it work with the following configuration on the freeipa server.
[global]
workgroup = MYDOMAIN.LOCAL
netbios name = MYSERVER
realm = MYDOMAIN.LOCAL
kerberos method = dedicated keytab
dedicated keytab file = /etc/samba/samba.keytab
create krb5 conf = no
security = user
domain master = yes
domain logons = yes
max log size = 100000
log file = /var/log/samba/log.%m
rpc_server:epmapper = external
rpc_server:lsarpc = external
rpc_server:lsass = external
rpc_server:lsasd = external
rpc_server:samr = external
rpc_server:netlogon = external
rpc_server:tcpip = yes
rpc_daemon:epmd = fork
rpc_daemon:lsasd = fork
smb ports = 139 445
log level = 10
[scratch]
path = /data/scratch
comment = Scratch shared files
read only = no
browseable = yes
guest ok = no
create mask = 0644
I commented out the following from the global section:
;passdb backend = ipasam:ldapi://%2fvar%2frun%2fslapd-MYDOMAIN-LOCAL.socket
;disable spoolss = yes
;ldapsam:trusted = yes
;ldap ssl = off
;ldap suffix = dc=mydomain,dc=local
;ldap user suffix = cn=users,cn=accounts
;ldap group suffix = cn=groups,cn=accounts
;ldap machine suffix = cn=computers,cn=accounts
Any idea why this was causing trouble?
The smbstatus below shows several '.' as well as a file that I'm accessing.
Samba version 4.9.4
PID Username Group Machine Protocol Version Encryption Signing
----------------------------------------------------------------------------------------------------------------------------------------
23252 beauduin mydomain 10.0.21.247 (ipv4:10.0.21.247:39798) SMB3_02 - partial(AES-128-CMAC)
23253 baina mydomain 10.0.21.251 (ipv4:10.0.21.251:62736) SMB3_02 - partial(AES-128-CMAC)
Service pid Machine Connected at Encryption Signing
---------------------------------------------------------------------------------------------
scratch 23252 10.0.21.247 Wed Mar 13 10:16:14 AM 2019 CET - -
scratch 23253 10.0.21.251 Wed Mar 13 10:16:17 AM 2019 CET - -
public 23252 10.0.21.247 Wed Mar 13 10:16:21 AM 2019 CET - -
Locked files:
Pid Uid DenyMode Access R/W Oplock SharePath Name Time
--------------------------------------------------------------------------------------------------
23252 1010 DENY_NONE 0x100081 RDONLY NONE /data/public . Wed Mar 13 10:16:21 2019
23252 1010 DENY_WRITE 0x120089 RDONLY LEASE(RWH) /data/scratch Time-Shift Project.docx Wed Mar 13 10:19:23 2019
23252 1010 DENY_NONE 0x120080 RDONLY LEASE(RWH) /data/scratch Time-Shift Project.docx Wed Mar 13 10:19:23 2019
23252 1010 DENY_NONE 0x120089 RDONLY LEASE(RWH) /data/scratch Time-Shift Project.docx Wed Mar 13 10:19:23 2019
23253 1011 DENY_NONE 0x100081 RDONLY NONE /data/scratch . Wed Mar 13 10:16:16 2019
23252 1010 DENY_NONE 0x100081 RDONLY NONE /data/scratch . Wed Mar 13 10:16:20 2019
23253 1011 DENY_NONE 0x100081 RDONLY NONE /data/scratch . Wed Mar 13 10:16:16 2019
23252 1010 DENY_NONE 0x100081 RDONLY NONE /data/scratch . Wed Mar 13 10:16:22 2019
23252 1010 DENY_NONE 0x1000a0 RDONLY NONE /data/scratch . Wed Mar 13 10:19:24 2019
Also, when i check in the properties, tab "security" in windows, of a file in the freeipa server's share /data/scratch, the SIDs of user and group are not resolved.
My desktop is also a samba server and the SIDs are resolved.
What could be the cause of this non-resolution of the SIDs?
Thank you.
Regards,
F