hi everyone, i can’t understand why a windows pc being accredited on neth7 in AD, forces the election as master browser. On AD-accredited linux machines, I had to change the samba directives to stop them from being master browsers. Am I wrong but neth7 being a Domain controller should prevent this?
AFAIK, this is a problem of your AD Linux clients… They have the wrong setting!
Don’t forget, Samba was programmed to replicate the Windows File Services of a Server, not a client. But if you didn’t adapt the config file, who is? NethServer? No, not possible…
Hi Andy, all pc have join with nsdc-neth7.ad.internal2.lan. I have installed the file sharing for what concerns neth7.internal2.lan. What do you mean impossible?
(upload://2hb4G5VnrQeHqxMoPrmHnHjMXwa.png)
It is not possible for an AD, no matter if Linux or Windows, to change the samba config of a client.
If you have the wrong default values, it will not change itself…
But nothing stops you from changing that “master browser” and domain level value…
BTW: Using .local or .lan is a bit an “old” setting - as of now 8 years, Microsoft suggests to use a subdomain of the realdomain, eg:
Realdomain: domain.it
AD: ad.domain.it
Not easy to change now, but next time you set up an AD…
Andy I am attaching the linux file type. But if you tell me that this is not possible all this, as you have seen from the photos where is the mistake? What did I do wrong? What can I check?
This option allows nmbd(8) to try and become a local master browser on a subnet. If set to no then nmbd will not attempt to become a local master browser on a subnet and will also lose in all browsing elections. By default this value is set to yes . Setting this value to yes doesn’t mean that Samba will become the local master browser on a subnet, just that nmbd will participate in elections for local master browser.
Setting this value to no will cause nmbdnever to become a local master browser.
Default: local master = yes
You may also need to set this:
SERVER ROLE = MEMBER SERVER
(Not auto!)
SECURITY = ADS
In this mode, Samba will act as a domain member in an ADS realm. To operate in this mode, the machine running Samba will need to have Kerberos installed and configured and Samba will need to be joined to the ADS realm using the net utility.
Note that this mode does NOT make Samba operate as a Active Directory Domain Controller.
Ok Andy, the reason why I have inseritor security = auto and not ADS because in the latest versions of linux mate ubuntu or other it goes into error. The security = ADS directive works fine on centos 7, antix, ubuntu 18. As you can see from the image by changing the directives as per your error indications!