So after only dovecot has made problems, and this problem was dealt with a renewed update.
does not work now with the current version NethServer release 7.6.1810 (final) Kernel 3.10.0-957.1.3.el7.x86_64 also the Samba service.
First, samba was off, restarted. but you can not access the shares.
Gerald
Thereâs another fix to apply (still not fully tested). To ensure it is good to fix your setup run
net getdomainsid
If the Sid number is the same on both output lines* run this command
yum install http://packages.nethserver.org/nethserver/7.6.1810/autobuild/x86_64/Packages/nethserver-samba-4.2.0-1.3.pr31.g04d6bcf.ns7.noarch.rpm
Otherwise attach the output of
systemctl status smb winbind
See also
*) The duplicate Sid occurs on a ns6 upgraded system, or if the configuration was restored from a ns6 backup
[Good Morning!
So the SID is not identical, what would be the solution?
root@openzwo ~]# net getdomainsid
SID for local machine OPENZWO is: S-1-5-21-1124315269-312086000-2235371999
SID for domain NANDLNET is: S-1-5-21-1955059481-3219934149-1051263816
[root@openzwo ~]#Here is the output of âsystemctl status smb winbindâ
[root@openzwo ~]# systemctl status smb winbind
â smb.service - Samba SMB Daemon
Loaded: loaded (/usr/lib/systemd/system/smb.service; enabled; vendor preset: disabled)
Active: active (running) since Sat 2018-12-15 19:30:29 CET; 15h ago
Docs: man:smbd(8)
man:samba(7)
man:smb.conf(5)
Main PID: 5446 (smbd)
Status: "smbd: ready to serve connections..."
Tasks: 4
CGroup: /system.slice/smb.service
ââ5446 /usr/sbin/smbd --foreground --no-process-group
ââ5822 /usr/sbin/smbd --foreground --no-process-group
ââ5823 /usr/sbin/smbd --foreground --no-process-group
ââ7474 /usr/sbin/smbd --foreground --no-process-group
Dec 16 11:19:14 openzwo.nandlnet.de smbd[21303]: [2018/12/16 11:19:14.385138, 0] ../lib/param/loadparm.c:1844(lpcfg_do_service_parameter)
Dec 16 11:19:14 openzwo.nandlnet.de smbd[21303]: Ignoring unknown parameter "share modes"
Dec 16 11:19:14 openzwo.nandlnet.de smbd[21304]: [2018/12/16 11:19:14.436411, 0] ../lib/param/loadparm.c:784(lpcfg_map_parameter)
Dec 16 11:19:14 openzwo.nandlnet.de smbd[21304]: Unknown parameter encountered: "share modes"
Dec 16 11:19:14 openzwo.nandlnet.de smbd[21304]: [2018/12/16 11:19:14.436755, 0] ../lib/param/loadparm.c:1844(lpcfg_do_service_parameter)
Dec 16 11:19:14 openzwo.nandlnet.de smbd[21304]: Ignoring unknown parameter "share modes"
Dec 16 11:19:14 openzwo.nandlnet.de smbd[21305]: [2018/12/16 11:19:14.485041, 0] ../lib/param/loadparm.c:784(lpcfg_map_parameter)
Dec 16 11:19:14 openzwo.nandlnet.de smbd[21305]: Unknown parameter encountered: "share modes"
Dec 16 11:19:14 openzwo.nandlnet.de smbd[21305]: [2018/12/16 11:19:14.485282, 0] ../lib/param/loadparm.c:1844(lpcfg_do_service_parameter)
Dec 16 11:19:14 openzwo.nandlnet.de smbd[21305]: Ignoring unknown parameter "share modes"
â winbind.service - Samba Winbind Daemon
Loaded: loaded (/usr/lib/systemd/system/winbind.service; enabled; vendor preset: disabled)
Active: active (running) since Sat 2018-12-15 19:30:26 CET; 15h ago
Docs: man:winbindd(8)
man:samba(7)
man:smb.conf(5)
Main PID: 5027 (winbindd)
Status: "winbindd: ready to serve connections..."
Tasks: 2
CGroup: /system.slice/winbind.service
ââ5027 /usr/sbin/winbindd --foreground --no-process-group
ââ5444 /usr/sbin/winbindd --foreground --no-process-group
Dec 15 19:30:25 openzwo.nandlnet.de systemd[1]: Starting Samba Winbind Daemon...
Dec 15 19:30:26 openzwo.nandlnet.de winbindd[5027]: [2018/12/15 19:30:26.343756, 0] ../source3/winbindd/winbindd_cache.c:3160(initialize_winbindd_cache)
Dec 15 19:30:26 openzwo.nandlnet.de winbindd[5027]: initialize_winbindd_cache: clearing cache and re-creating with version number 2
Dec 15 19:30:26 openzwo.nandlnet.de winbindd[5027]: [2018/12/15 19:30:26.731481, 0] ../lib/util/become_daemon.c:138(daemon_ready)
Dec 15 19:30:26 openzwo.nandlnet.de systemd[1]: Started Samba Winbind Daemon.
Dec 15 19:30:26 openzwo.nandlnet.de winbindd[5027]: daemon_ready: STATUS=daemon 'winbindd' finished starting up and ready to serve connections
[root@openzwo ~]#
At startup, they are not automatically included, but I can select the shares manually.
The (Linux) client is included here in the forum according to the WIki , but the releases are not loaded, as well from the stb - he finds the releases but does not bind them.
Having same Problem after updateâŚ
Do you have any template-custom?
Did you check if you have a duplicate Sid as described above?
they are different
Please also try to access the share with smbclient, something like:
smbclient -d 3 -U <user>@<domain> //<server>/<folder>
Report back any error.
Interestingy it all looks fine from the Windows clients except one special app which needs a share for receiving and sending docs thrue a protected channel.
But from the SUSE client with embeded profiles on the server and also embeded shares (all from the function: YAST/ Windows Domain/ Experts settings) there seems to bee no access.
I donât know what are embedded profiles/shares from SUSE.
If youâre talking about accessing the shares using Gnome Nautilus, it never worked for me 
Could you please test the smbclient command from SUSE and report back?
Otherwise we have no clue about the error.
I will try that and give you the output. Embeded means that there is a posibilty routing the Profil on Suse to the User-Share on the NS by default for all Domain users- as long as it works- perfect and better than a roaming profile.
No, I did not edit the templates.
We have Tested as you told us (iglqut)
smbclient -d 3 -U root@smb.mydomain.at //server/share
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section â[global]â
WARNING: The âidmap gidâ option is deprecated
WARNING: The âidmap uidâ option is deprecated
added interface eth0 ip=192.168.0.104 bcast=192.168.0.255 netmask=255.255.255.0
Client started (version 4.6.16-git.124.aee309c5c1821.1-SUSE-SLE_12-x86_64).
resolve_lmhosts: Attempting lmhosts lookup for name igl-dc<0x20>
resolve_wins: WINS server resolution selected and no WINS servers listed.
resolve_hosts: Attempting host lookup for name server<0x20>
Connecting to 192.168.0.70 at port 445
got OID=1.2.840.48018.1.2.2
Enter root@smb.mydomain.atâs password: GENSEC backend âgssapi_spnegoâ registered
GENSEC backend âgssapi_krb5â registered
GENSEC backend âgssapi_krb5_saslâ registered
GENSEC backend âspnegoâ registered
GENSEC backend âschannelâ registered
GENSEC backend ânaclrpc_as_systemâ registered
GENSEC backend âsasl-EXTERNALâ registered
GENSEC backend ântlmsspâ registered
GENSEC backend ântlmssp_resume_ccacheâ registered
GENSEC backend âhttp_basicâ registered
GENSEC backend âhttp_ntlmâ registered
Got challenge flags:
Got NTLMSSP neg_flags=0x62898215
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62008215
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62008215
SPNEGO login failed: Logon failure
session setup failed: NT_STATUS_LOGON_FAILURE
Dear giacomo,
What is your suggestion?
Thanks
Itâs probably something related to client configuration.
Letâs do another couple of tests:
testparm -s -vTest fron Nethserver:
smbclient -d 3 -U root@smb.mydomain.at //server/share
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section â[global]â
Processing section â[global]â
Processing section â[global]â
added interface br0 ip=192.168.0.70 bcast=192.168.0.255 netmask=255.255.255.0
Client started (version 4.8.3).
resolve_lmhosts: Attempting lmhosts lookup for name igl-dc<0x20>
resolve_wins: WINS server resolution selected and no WINS servers listed.
resolve_hosts: Attempting host lookup for name server<0x20>
Connecting to 192.168.0.70 at port 445
got OID=1.2.840.48018.1.2.2
Test fromk SUSE-Client
testparm -s -v
Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
WARNING: The "idmap gid" option is deprecated
WARNING: The "idmap uid" option is deprecated
Processing section "[homes]"
Processing section "[profiles]"
Processing section "[users]"
Processing section "[groups]"
Processing section "[printers]"
Processing section "[print$]"
Loaded services file OK.
Server role: ROLE_DOMAIN_MEMBER
# Global parameters
[global]
bind interfaces only = No
config backend = file
dos charset = CP850
enable core files = Yes
interfaces =
multicast dns register = Yes
netbios aliases =
netbios name = IGLL-ANM
netbios scope =
realm = smb.mydomain.at
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate, dns
server string = Samba 4.6.16-git.124.aee309c5c1821.1-SUSE-SLE_12-x86_64
share backend = classic
unix charset = UTF-8
workgroup = smb
browse list = Yes
domain master = Auto
enhanced browsing = Yes
lm announce = Auto
lm interval = 60
local master = Yes
os level = 20
preferred master = Auto
allow dns updates = secure only
dns forwarder =
dns update command = /usr/sbin/samba_dnsupdate
machine password timeout = 604800
nsupdate command = /usr/bin/nsupdate -g
rndc command = /usr/sbin/rndc
spn update command = /usr/sbin/samba_spnupdate
mangle prefix = 1
mangling method = hash2
max stat cache size = 256
stat cache = Yes
client ldap sasl wrapping = sign
ldap admin dn =
ldap connection timeout = 2
ldap delete dn = No
ldap deref = auto
ldap follow referral = Auto
ldap group suffix =
ldap idmap suffix =
ldap machine suffix =
ldap page size = 1000
ldap passwd sync = no
ldap replication sleep = 1000
ldap server require strong auth = Yes
ldap ssl = start tls
ldap ssl ads = No
ldap suffix =
ldap timeout = 15
ldap user suffix =
lock spin time = 200
oplock break wait time = 0
smb2 leases = Yes
debug class = No
debug hires timestamp = Yes
debug pid = No
debug prefix timestamp = No
debug uid = No
ldap debug level = 0
ldap debug threshold = 10
log file =
logging =
log level = 2
max log size = 5000
syslog = 1
syslog only = No
timestamp logs = Yes
abort shutdown script =
add group script =
add machine script =
add user script =
add user to group script =
allow nt4 crypto = No
delete group script =
delete user from group script =
delete user script =
domain logons = No
enable privileges = Yes
init logon delay = 100
init logon delayed hosts =
logon drive = P:
logon home = \\%L\%U\.9xprofile
logon path = \\%L\profiles\.msprofile
logon script =
reject md5 clients = No
set primary group script =
shutdown script =
add share command =
afs token lifetime = 604800
afs username map =
allow insecure wide links = No
async smb echo handler = No
auto services =
cache directory = /var/lib/samba
change notify = Yes
change share command =
cluster addresses =
clustering = No
config file =
ctdbd socket =
ctdb locktime warn threshold = 0
ctdb timeout = 0
default service =
delete share command =
homedir map = auto.home
kernel change notify = Yes
lock directory = /var/lib/samba/lock
log writeable files on exit = No
message command =
nbt client socket address = 0.0.0.0
ncalrpc dir = /var/run/samba/ncalrpc
NIS homedir = No
nmbd bind explicit broadcast = Yes
panic action =
perfcount module =
pid directory = /run/samba
registry shares = No
remote announce =
remote browse sync =
reset on zero vc = No
smbd profiling level = off
state directory = /var/lib/samba
usershare allow guests = No
usershare max shares = 0
usershare owner only = Yes
usershare path = /var/lib/samba/usershares
usershare prefix allow list =
usershare prefix deny list =
usershare template share =
utmp = No
utmp directory =
wtmp directory =
addport command =
addprinter command =
cups connection timeout = 30
cups encrypt = No
cups server =
deleteprinter command =
disable spoolss = No
enumports command =
iprint server =
load printers = Yes
lpq cache time = 30
os2 driver map =
printcap cache time = 750
printcap name = cups
show add printer wizard = Yes
cldap port = 389
client ipc max protocol = default
client ipc min protocol = default
client max protocol = default
client min protocol = CORE
client use spnego = Yes
dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr, netlogon, lsarpc, drsuapi, dssetup, unixinfo, browser, eventlog6, backupkey, dnsserver
defer sharing violations = Yes
dgram port = 138
disable netbios = No
enable asu support = No
eventlog list =
large readwrite = Yes
lsa over netlogon = No
max mux = 50
max ttl = 259200
max wins ttl = 518400
max xmit = 16644
min receivefile size = 0
min wins ttl = 21600
name resolve order = lmhosts wins host bcast
nbt port = 137
nt pipe support = Yes
nt status support = Yes
read raw = Yes
rpc big endian = No
rpc server port = 0
server max protocol = SMB3
server min protocol = LANMAN1
server multi channel support = No
smb2 max credits = 8192
smb2 max read = 8388608
smb2 max trans = 8388608
smb2 max write = 8388608
smb ports = 445 139
svcctl list =
time server = No
unicode = Yes
unix extensions = Yes
use spnego = Yes
web port = 901
write raw = Yes
algorithmic rid base = 1000
allow dcerpc auth level connect = No
allow trusted domains = Yes
auth methods =
check password script =
client ipc signing = default
client lanman auth = No
client NTLMv2 auth = Yes
client plaintext auth = No
client schannel = Auto
client signing = default
client use spnego principal = No
dedicated keytab file =
encrypt passwords = Yes
guest account = nobody
kerberos encryption types = all
kerberos method = secrets and keytab
kpasswd port = 464
krb5 port = 88
lanman auth = No
log nt token command =
map to guest = Bad User
map untrusted to domain = No
ntlm auth = No
ntp signd socket directory = /var/lib/samba/ntp_signd
null passwords = No
obey pam restrictions = No
old password allowed period = 60
pam password change = No
passdb backend = tdbsam
passdb expand explicit = No
passwd chat = *new*password* %n\n *new*password* %n\n *changed*
passwd chat debug = No
passwd chat timeout = 2
passwd program =
password hash gpg key ids =
password server = *
preload modules =
private dir = /var/lib/samba/private
raw NTLMv2 auth = No
rename user script =
restrict anonymous = 0
root directory =
samba kcc command = /usr/sbin/samba_kcc
security = ADS
server role = auto
server schannel = Auto
server signing = default
smb passwd file = /var/lib/samba/private/smbpasswd
tls cafile = tls/ca.pem
tls certfile = tls/cert.pem
tls crlfile =
tls dh params file =
tls enabled = Yes
tls keyfile = tls/key.pem
tls priority = NORMAL:-VERS-SSL3.0
tls verify peer = as_strict_as_possible
unix password sync = No
username level = 0
username map =
username map cache time = 0
username map script =
aio max threads = 100
deadtime = 0
getwd cache = Yes
hostname lookups = No
keepalive = 300
max disk size = 0
max open files = 16384
max smbd processes = 0
name cache timeout = 660
socket options = TCP_NODELAY
use mmap = Yes
get quota command =
host msdfs = Yes
set quota command =
create krb5 conf = Yes
idmap backend = tdb
idmap cache time = 604800
idmap gid = 10000-20000
idmap negative cache time = 120
idmap uid = 10000-20000
include system krb5 conf = Yes
neutralize nt4 emulation = No
reject md5 servers = No
require strong key = Yes
template homedir = /home/%D/%U
template shell = /bin/bash
winbind cache time = 300
winbindd privileged socket directory = /var/lib/samba/winbindd_privileged
winbindd socket directory = /var/run/samba/winbindd
winbind enum groups = No
winbind enum users = No
winbind expand groups = 0
winbind max clients = 200
winbind max domain connections = 1
winbind nested groups = Yes
winbind normalize names = No
winbind nss info = template
winbind offline logon = Yes
winbind reconnect delay = 30
winbind refresh tickets = Yes
winbind request timeout = 60
winbind rpc only = No
winbind sealed pipes = Yes
winbind separator = \
winbind trusted domains only = No
winbind use default domain = No
dns proxy = Yes
wins hook =
wins proxy = No
wins server =
wins support = No
idmap config * : range = 10000-20000
idmap config * : backend = tdb
comment =
path =
administrative share = No
browseable = Yes
case sensitive = Auto
default case = lower
delete veto files = No
hide dot files = Yes
hide files =
hide special files = No
hide unreadable = No
hide unwriteable files = No
mangled names = Yes
mangling char = ~
map archive = Yes
map hidden = No
map readonly = yes
map system = No
preserve case = Yes
short preserve case = Yes
store dos attributes = No
veto files =
veto oplock files =
blocking locks = Yes
csc policy = manual
fake oplocks = No
kernel oplocks = No
kernel share modes = Yes
level2 oplocks = Yes
locking = Yes
oplock contention limit = 2
oplocks = Yes
posix locking = Yes
strict locking = Auto
afs share = No
available = Yes
copy =
delete readonly = No
dfree cache time = 0
dfree command =
directory name cache size = 100
dmapi support = No
dont descend =
dos filemode = No
dos filetime resolution = No
dos filetimes = Yes
fake directory create times = No
follow symlinks = Yes
fstype = NTFS
include =
magic output =
magic script =
postexec =
preexec =
preexec close = No
root postexec =
root preexec =
root preexec close = No
spotlight = No
volume =
wide links = No
cups options = raw
default devmode = Yes
force printername = No
lppause command =
lpq command = %p
lpresume command =
lprm command =
max print jobs = 1000
max reported print jobs = 0
printable = No
print command =
printer name =
printing = cups
printjob username = %U
print notify backchannel = No
queuepause command =
queueresume command =
use client driver = No
acl allow execute always = No
acl check permissions = Yes
acl map full control = Yes
durable handles = Yes
ea support = No
map acl inherit = No
nt acl support = Yes
profile acls = No
access based share enum = No
acl group control = No
admin users =
create mask = 0744
directory mask = 0755
force create mode = 0000
force directory mode = 0000
force group =
force unknown acl user = No
force user =
guest ok = No
guest only = No
hosts allow =
hosts deny =
inherit acls = No
inherit owner = no
inherit permissions = No
invalid users =
read list =
read only = Yes
smb encrypt = default
valid users =
write list =
aio read size = 0
aio write behind =
aio write size = 0
allocation roundup size = 1048576
block size = 1024
max connections = 0
min print space = 0
strict allocate = No
strict rename = No
strict sync = No
sync always = No
use sendfile = No
write cache size = 0
msdfs proxy =
msdfs root = No
msdfs shuffle referrals = No
ntvfs handler = unixuid, default
vfs objects =
[homes]
comment = Home Directories
browseable = No
inherit acls = Yes
read only = No
valid users = %S %D%w%S
[profiles]
comment = Network Profiles Service
path = %H
store dos attributes = Yes
create mask = 0600
directory mask = 0700
read only = No
[users]
comment = All users
path = /home
veto files = /aquota.user/groups/shares/
inherit acls = Yes
read only = No
[groups]
comment = All groups
path = /home/groups
inherit acls = Yes
read only = No
[printers]
comment = All Printers
path = /var/tmp
browseable = No
printable = Yes
create mask = 0600
[print$]
comment = Printer Drivers
path = /var/lib/samba/drivers
create mask = 0664
directory mask = 0775
force group = ntadmin
write list = @ntadmin root
The output seems truncated: does it succeed?
Furthermore âroot@smb.mydomain.atâ is not an AD user and is not mapped in nethserver to any Samba user.
my output when I type it in the console:
[root@openzwo ~]# smbclient -d 3 -U gerald.musch@nandlnet.de //openzwo/ablage
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[global]"
Processing section "[global]"
Processing section "[global]"
added interface enp0s20u1u4 ip=2003:d8:6bc5:3400:8eae:4cff:fefe:194 bcast= netmask=ffff:ffff:ffff:ffff::
added interface enp0s20u1u4 ip=192.168.20.3 bcast=192.168.20.255 netmask=255.255.255.0
added interface br0 ip=192.168.200.10 bcast=192.168.200.255 netmask=255.255.255.0
added interface br0.11 ip=192.168.222.10 bcast=192.168.222.255 netmask=255.255.255.0
Client started (version 4.8.3).
resolve_lmhosts: Attempting lmhosts lookup for name openzwo<0x20>
resolve_wins: WINS server resolution selected and no WINS servers listed.
resolve_hosts: Attempting host lookup for name openzwo<0x20>
Connecting to 192.168.200.10 at port 445
got OID=1.2.840.48018.1.2.2
Enter gerald.musch@nandlnet.de's password:
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'http_negotiate' registered
Try "help" to get a list of possible commands.
smb: \>and the next output testparm -s -v
ntlm auth = ntlmv2-only
nt pipe support = Yes
ntp signd socket directory = /var/lib/samba/ntp_signd
nt status support = Yes
null passwords = No
obey pam restrictions = Yes
old password allowed period = 60
oplock break wait time = 0
os2 driver map =
os level = 20
pam password change = No
panic action =
passdb backend = tdbsam
passdb expand explicit = No
passwd chat = *new*password* %n\n *new*password* %n\n *changed*
passwd chat debug = No
passwd chat timeout = 2
passwd program =
password hash gpg key ids =
password hash userPassword schemes =
password server = *
perfcount module =
pid directory = /run
preferred master = Auto
prefork children = 1
preload modules =
printcap cache time = 750
printcap name = cups
private dir = /var/lib/samba/private
raw NTLMv2 auth = No
read raw = Yes
realm = NANDLNET.DE
registry shares = No
reject md5 clients = No
reject md5 servers = No
remote announce =
remote browse sync =
rename user script =
require strong key = Yes
reset on zero vc = No
restrict anonymous = 0
rndc command = /usr/sbin/rndc
root directory =
rpc big endian = No
rpc server dynamic port range = 49152-65535
rpc server port = 0
samba kcc command = /usr/sbin/samba_kcc
security = ADS
server max protocol = SMB3
server min protocol = LANMAN1
server multi channel support = No
server role = auto
server schannel = Yes
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate, dns
server signing = default
server string = NethServer 7.6.1810 final (Samba %v)
set primary group script =
set quota command =
share backend = classic
show add printer wizard = Yes
shutdown script =
smb2 leases = Yes
smb2 max credits = 8192
smb2 max read = 8388608
smb2 max trans = 8388608
smb2 max write = 8388608
smbd profiling level = off
smb passwd file = /var/lib/samba/private/smbpasswd
smb ports = 445 139
socket options = TCP_NODELAY
spn update command = /usr/sbin/samba_spnupdate
stat cache = Yes
state directory = /var/lib/samba
svcctl list =
syslog = 1
syslog only = No
template homedir = /home/%D/%U
template shell = /bin/false
time server = No
timestamp logs = Yes
tls cafile = tls/ca.pem
tls certfile = tls/cert.pem
tls crlfile =
tls dh params file =
tls enabled = Yes
tls keyfile = tls/key.pem
tls priority = NORMAL:-VERS-SSL3.0
tls verify peer = as_strict_as_possible
unicode = Yes
unix charset = UTF-8
unix extensions = Yes
unix password sync = No
use mmap = Yes
username level = 0
username map =
username map cache time = 0
username map script =
usershare allow guests = No
usershare max shares = 0
usershare owner only = Yes
usershare path = /var/lib/samba/usershares
usershare prefix allow list =
usershare prefix deny list =
usershare template share =
utmp = No
utmp directory =
web port = 901
winbind cache time = 300
winbindd socket directory = /run/samba/winbindd
winbind enum groups = No
winbind enum users = No
winbind expand groups = 0
winbind max clients = 200
winbind max domain connections = 1
winbind nested groups = Yes
winbind normalize names = No
winbind nss info = template
winbind offline logon = No
winbind reconnect delay = 30
winbind refresh tickets = No
winbind request timeout = 60
winbind rpc only = No
winbind scan trusted domains = Yes
winbind sealed pipes = Yes
winbind separator = \
winbind use default domain = No
wins hook =
wins proxy = No
wins server =
wins support = No
workgroup = NANDLNET
write raw = Yes
wtmp directory =
idmap config nandlnet : range = 200000-2147483647
idmap config nandlnet : backend = nss
idmap config * : range = 10000-99999
idmap config * : backend = tdb
access based share enum = No
acl allow execute always = No
acl check permissions = Yes
acl group control = No
acl map full control = Yes
administrative share = No
admin users =
afs share = No
aio read size = 1
aio write behind =
aio write size = 1
allocation roundup size = 1048576
available = Yes
blocking locks = Yes
block size = 1024
browseable = Yes
case sensitive = Auto
comment =
copy =
create mask = 0744
csc policy = manual
cups options =
default case = lower
default devmode = Yes
delete readonly = No
delete veto files = No
dfree cache time = 0
dfree command =
directory mask = 0755
directory name cache size = 100
dmapi support = No
dont descend =
dos filemode = No
dos filetime resolution = No
dos filetimes = Yes
durable handles = Yes
ea support = No
fake directory create times = No
fake oplocks = No
follow symlinks = Yes
force create mode = 0000
force directory mode = 0000
force group =
force printername = No
force unknown acl user = No
force user =
fstype = NTFS
guest ok = No
guest only = No
hide dot files = Yes
hide files =
hide special files = No
hide unreadable = No
hide unwriteable files = No
hosts allow =
hosts deny =
include =
inherit acls = No
inherit owner = windows and unix
inherit permissions = No
invalid users =
kernel oplocks = No
kernel share modes = Yes
level2 oplocks = Yes
locking = Yes
lppause command =
lpq command = %p
lpresume command =
lprm command =
magic output =
magic script =
mangled names = yes
mangling char = ~
map acl inherit = No
map archive = Yes
map hidden = No
map readonly = yes
map system = No
max connections = 0
max print jobs = 1000
max reported print jobs = 0
min print space = 0
msdfs proxy =
msdfs root = No
msdfs shuffle referrals = No
nt acl support = Yes
ntvfs handler = unixuid, default
oplocks = Yes
path =
posix locking = Yes
postexec =
preexec =
preexec close = No
preserve case = Yes
printable = No
print command =
printer name =
printing = cups
printjob username = %U
print notify backchannel = No
queuepause command =
queueresume command =
read list =
read only = Yes
root postexec =
root preexec =
root preexec close = No
short preserve case = Yes
smb encrypt = default
spotlight = No
store dos attributes = No
strict allocate = No
strict locking = Auto
strict rename = No
strict sync = Yes
sync always = No
use client driver = No
use sendfile = No
valid users =
veto files =
veto oplock files =
vfs objects =
volume =
wide links = No
write cache size = 0
write list =
[printers]
browseable = No
comment = All Printers
path = /var/spool/samba
printable = Yes
use client driver = Yes
[homes]
comment = Home directories
create mask = 0660
directory mask = 0770
force create mode = 0660
force directory mode = 0770
read only = No
[print$]
comment = Printer drivers
guest ok = Yes
path = /var/lib/nethserver/print_driver
[netlogon]
comment = Network Logon Service
guest ok = Yes
path = /var/lib/nethserver/netlogon
read only = No
[ablage]
comment = allgemeine Ablage
create mask = 0664
inherit acls = Yes
inherit permissions = Yes
map acl inherit = Yes
map archive = No
map readonly = no
path = /var/lib/nethserver/ibay/ablage
read only = No
store dos attributes = Yes
vfs objects = recycle
recycle: exclude = *.tmp,*.temp,*.o,*.obj,~$*
recycle: directory_mode = 0770
recycle: touch = True
recycle: keeptree = True
recycle: versions = True
recycle: repository = Recycle Bin
recycle: exclude_dir = /tmp,/temp,/cache
[bilder]
comment = in Stein gemeisselt
create mask = 0664
inherit acls = Yes
inherit permissions = Yes
map acl inherit = Yes
map archive = No
map readonly = no
path = /var/lib/nethserver/ibay/bilder
read only = No
store dos attributes = Yes
vfs objects = recycle
recycle: exclude = *.tmp,*.temp,*.o,*.obj,~$*
recycle: directory_mode = 0770
recycle: touch = True
recycle: keeptree = True
recycle: versions = True
recycle: repository = Recycle Bin
recycle: exclude_dir = /tmp,/temp,/cache
[filme]
comment = bewegte Bilder
create mask = 0664
guest ok = Yes
inherit acls = Yes
inherit permissions = Yes
map acl inherit = Yes
map archive = No
map readonly = no
path = /var/lib/nethserver/ibay/filme
read only = No
store dos attributes = Yes
[login]
comment = Skripte
create mask = 0664
guest ok = Yes
inherit acls = Yes
inherit permissions = Yes
map acl inherit = Yes
map archive = No
map readonly = no
path = /var/lib/nethserver/ibay/login
read only = No
store dos attributes = Yes
[lumix]
comment = Kamera
create mask = 0664
guest ok = Yes
inherit acls = Yes
inherit permissions = Yes
map acl inherit = Yes
map archive = No
map readonly = no
path = /var/lib/nethserver/ibay/lumix
read only = No
store dos attributes = Yes
[musik]
comment = was auf die Ohren
create mask = 0664
guest ok = Yes
inherit acls = Yes
inherit permissions = Yes
map acl inherit = Yes
map archive = No
map readonly = no
path = /var/lib/nethserver/ibay/musik
read only = No
store dos attributes = Yes
vfs objects = recycle
recycle: exclude = *.tmp,*.temp,*.o,*.obj,~$*
recycle: directory_mode = 0770
recycle: touch = True
recycle: keeptree = True
recycle: versions = True
recycle: repository = Recycle Bin
recycle: exclude_dir = /tmp,/temp,/cache
[nadelundfaden]
comment = Anika's Paradies
create mask = 0664
inherit acls = Yes
inherit permissions = Yes
map acl inherit = Yes
map archive = No
map readonly = no
path = /var/lib/nethserver/ibay/nadelundfaden
read only = No
store dos attributes = Yes
vfs objects = recycle
recycle: exclude = *.tmp,*.temp,*.o,*.obj,~$*
recycle: directory_mode = 0770
recycle: touch = True
recycle: keeptree = True
recycle: versions = True
recycle: repository = Recycle Bin
recycle: exclude_dir = /tmp,/temp,/cache
[pdf]
comment = PDF Ablage
create mask = 0664
guest ok = Yes
inherit acls = Yes
inherit permissions = Yes
map acl inherit = Yes
map archive = No
map readonly = no
path = /var/lib/nethserver/ibay/pdf
read only = No
store dos attributes = Yes
vfs objects = recycle
recycle: exclude = *.tmp,*.temp,*.o,*.obj,~$*
recycle: directory_mode = 0770
recycle: touch = True
recycle: keeptree = True
recycle: versions = True
recycle: repository = Recycle Bin
recycle: exclude_dir = /tmp,/temp,/cache
[privatxxx]
comment = nur fĂźr Mama & Papa
create mask = 0664
inherit acls = Yes
inherit permissions = Yes
map acl inherit = Yes
map archive = No
map readonly = no
path = /var/lib/nethserver/ibay/privatxxx
read only = No
store dos attributes = Yes
[scanner]
comment = Ablage Scanner
create mask = 0664
guest ok = Yes
inherit acls = Yes
inherit permissions = Yes
map acl inherit = Yes
map archive = No
map readonly = no
path = /var/lib/nethserver/ibay/scanner
read only = No
store dos attributes = Yes
[thw]
comment = Gerald's Arbeitsverzeichnis
create mask = 0664
inherit acls = Yes
inherit permissions = Yes
map acl inherit = Yes
map archive = No
map readonly = no
path = /var/lib/nethserver/ibay/thw
read only = No
store dos attributes = Yes
vfs objects = recycle
recycle: exclude = *.tmp,*.temp,*.o,*.obj,~$*
recycle: directory_mode = 0770
recycle: touch = True
recycle: keeptree = True
recycle: versions = True
recycle: repository = Recycle Bin
recycle: exclude_dir = /tmp,/temp,/cache
[tipp10]
comment = Dianas Schreibprogramm
create mask = 0664
inherit acls = Yes
inherit permissions = Yes
map acl inherit = Yes
map archive = No
map readonly = no
path = /var/lib/nethserver/ibay/tipp10
read only = No
store dos attributes = Yes
vfs objects = recycle
recycle: exclude = *.tmp,*.temp,*.o,*.obj,~$*
recycle: directory_mode = 0770
recycle: touch = True
recycle: keeptree = True
recycle: versions = True
recycle: repository = Recycle Bin
recycle: exclude_dir = /tmp,/temp,/cacheSorry,
I tested with a normal user at Nethserver and it seems to be Ok.
I will try same in a minute at SUSE
smbclient -d 3 -U myuser@smb.mydomain.at //server/share
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section â[global]â
Processing section â[global]â
Processing section â[global]â
added interface br0 ip=192.168.0.70 bcast=192.168.0.255 netmask=255.255.255.0
Client started (version 4.8.3).
resolve_lmhosts: Attempting lmhosts lookup for name igl-dc<0x20>
resolve_wins: WINS server resolution selected and no WINS servers listed.
resolve_hosts: Attempting host lookup for name igl-dc<0x20>
Connecting to 192.168.0.70 at port 445
got OID=1.2.840.48018.1.2.2
Enter myuser@smb.mydomain.at 's password:
GENSEC backend âgssapi_spnegoâ registered
GENSEC backend âgssapi_krb5â registered
GENSEC backend âgssapi_krb5_saslâ registered
GENSEC backend âspnegoâ registered
GENSEC backend âschannelâ registered
GENSEC backend ânaclrpc_as_systemâ registered
GENSEC backend âsasl-EXTERNALâ registered
GENSEC backend ântlmsspâ registered
GENSEC backend ântlmssp_resume_ccacheâ registered
GENSEC backend âhttp_basicâ registered
GENSEC backend âhttp_ntlmâ registered
GENSEC backend âhttp_negotiateâ registered
Try âhelpâ to get a list of possible commands.
smb: >
smb: > ls
dos_clean_name [*]
unix_clean_name [*]
. D 0 Mon Dec 17 17:04:57 2018
⌠D 0 Mon Dec 3 13:11:47 2018
software D 0 Mon Mar 20 17:04:11 2017
Other Dirâs and Files
893728388 blocks of size 1024. 507048796 blocks available
Total bytes listed: 4779870
smb: > ^C