Quote:
Originally Posted by rpenny
No, I didn't say that, I said you only use 'security = ADS' with an Active directory domain, and your link plainly shows a smb.conf for an NT4-style PDC.
idmap uid/gid have been deprecated for years, they really should be removed.
Now, I do not do mind reading and my crystal ball is on the fritz, so can you please post your smb.conf, so we can see how you think you are running Samba ;-)
|
I'm sorry for the delay in responding. It is the first time that I focus on samba in the company, before my focus was more on Zabbix and some databases (we have numerous responsibilities in the company's Network and Security department). So I'm studying samba now, the settings are (some names I changed to nas1234 to avoid risks, not sure):
#======================= Global Settings =====================================
[global]
server role = classic primary domain controller
workgroup = NAS1234
server string = Servidor Samba NAS1234
netbios name = NAS1234
netbios aliases = NAS1234
dos charset = CP850
unix charset = ISO8859-1
encrypt passwords = Yes
wide links = no
log file = /var/log/samba/samba.%m
preserve case = yes
short preserve case = yes
default case = lower
time server = yes
max connections = 0
deadtime = 1
keepalive = 120
utmp = yes
remote browse sync = no
remote announce = no
log level = 2
security = user
printcap name = /etc/printcap
browseable = no
pid directory = /var/run/
printing = lprng
max log size = 5000
passdb backend = ldapsam:ldaps://ldap.nas1234.br
ldapsam:trusted = no
ldapsam:editposix = no
ldap ssl = off
ldap admin dn = cn=freenasbdc01,ou=DSA,dc=nas1234,dc=nas1234,dc=br
ldap suffix = dc=nas1234,dc=nas1234,dc=br
ldap group suffix = ou=groups
ldap user suffix = ou=people
ldap machine suffix = ou=machines
ldap idmap suffix = ou=Idmap
ldap passwd sync = yes
idmap uid = 2147483648-4294967294
idmap gid = 2147483648-4294967294
idmap backend = ldaps:ldaps://ldap.nas1234.br
ldap delete dn = no
bind interfaces only = yes
local master = yes
os level = 2
domain master = no
preferred master = no
domain logons = yes
name resolve order = wins lmhosts host bcast
wins server = 192.168.X.X
dns proxy = no
add machine script = /usr/local/sbin/smbldap-useradd -W "%u"
add user script = /usr/local/sbin/smbldap-useradd -m "%u"
delete user script = /usr/local/sbin/smbldap-userdel "%u"
add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" "%u"
#============================ Share Definitions ==============================
[Profiles]
root preexec = /bin/close.sh %U %m
root preexec close = yes
root postexec = /bin/change_perms.sh %U
root preexec = /bin/chklogon.sh %U %m A PROFILES
root preexec close = no
root postexec = /bin/chklogon.sh %U %m F PROFILES
read only = no
browseable = no
create mask = 0600
directory mask = 0700
csc policy = disable
force user = %U
profile acls = yes
[homes]
comment = Diretorios nas1234
browseable = no
writable = yes
public = no
follow symlinks = no
create mode = 0600
directory mode = 0700
valid users = %S
invalid users = nobody root bin daemon adm lp sync shutdown halt mail ftp rpc sshd gdm pop
# Un-comment the following and create the netlogon directory for Domain Logons
[netlogon]
root preexec = /bin/netlogon.sh %U %m %d %a %R %I
root preexec close = no
comment = Network Logon Service
valid users = %U
path = /profiles/netlogon
guest ok = no
writable = no
force create mode = 0755
force directory mode = 0755
force create mode = 0755
force directory mode = 0755
browseable = no
locking = No
[tmp]
comment = Temporary file
path = /tmp
read only = yes
[netlogoff]
root postexec = /bin/netlogoff.sh %U %m %d %a %R %I
preexec close = no
comment = Network Logoff Service
valid users = %U
path = /profiles/netlogoff
guest ok = no
writable = no
force create mode = 0000
force directory mode = 0000
browseable = no
[folder-example]
comment = nas1234
path = /nas1234/nas1234
valid users = @nas1234, unas1234
force group = +nas1234
public = no
writable = yes
printable = no
guest ok = no
create mask = 0770
directory mask = 0770
vfs objects = recycle
recycle:repository = .trash
recycle:directory_mode = 0770
recycle:keeptree = yes
recycle:versions = yes
hosts allow = 192.168.x.x, 192.168.x.x