I try to configure share on Ubuntu Client, that is joined to UCS Domain.
I joined Ubuntu 18.04 with “univention-domain-join” to UCS domain, now users can login to this Ubuntu but cannot access to their “home” folders on that Ubuntu over samba Share.
I would try to adapt smb.conf like normal “UCS Member Server” but some scripts are missing, should i just upload them?
Here is my starting smb.conf (comments welcome):
Blockquote
[global]
debug level = 0
logging = file
max log size = 0
max open files = 32808
server string = %h univention corporate server
socket options = TCP_NODELAY SO_KEEPALIVE TCP_KEEPIDLE=30 TCP_KEEPCNT=3 TCP_KEEPINTVL=3
ntlm auth = ntlmv2-only
machine password timeout = 0
acl allow execute always = True
# ignore interfaces in samba/register/exclude/interfaces
bind interfaces only = yes
interfaces = lo eth0
netbios name = servr1
; ldap
ldap suffix = dc=lan,dc=domain,dc=com
ldap admin dn = "cn=servr1,cn=Computers,dc=lan,dc=domain,dc=com"
ldap ssl = start tls
passdb expand explicit = no
; idmap/winbind
ldap idmap suffix = cn=idmap,cn=univention
idmap config * : backend = ldap
idmap config * : range = 55000-64000
idmap config * : ldap_url = ldap://ucs.lan.domain.com:7389
idmap config * : ldap_user_dn = cn=servr1,cn=computers,dc=lan,dc=domain,dc=com
idmap config LAN : backend = nss
idmap config LAN : range = 1000-54999
winbind max clients = 500
winbind nested groups = no
winbind enum users = yes
winbind enum groups = yes
winbind separator = +
; winbind use default domain = yes
; winbind enable local accounts = yes
template shell = /bin/bash
template homedir = /home/%D-%U
; password sync
pam password change = no
unix password sync = no
; ldap passwd sync = yes
passwd chat = *New*password* %n\n *Re-enter*new*password* %n\n *password*changed*
passwd chat timeout = 60
client use spnego = yes
obey pam restrictions = yes
encrypt passwords = yes
spoolss: architecture = Windows x64
; domain
security = ads
realm = LAN.DOMAIN.COM
domain logons = no
domain master = no
preferred master = no
local master = no
os level = 65
wins support = no
workgroup = LAN
oplocks = yes
kernel oplocks = yes
large readwrite = yes
deadtime = 15
read raw = yes
write raw = yes
max xmit = 65535
getwd cache = yes
wide links = no
store dos attributes = yes
preserve case = yes
short preserve case = yes
time server = yes
host msdfs = no
msdfs root = no
guest account = nobody
map to guest = Bad User
admin users = administrator join-backup
set quota command = /usr/sbin/univention-setquota
check password script = /usr/share/univention-samba/password_check %u
usershare max shares = 0
; -----------------------------------------------------------------------------------------------------------
[homes]
comment = Homefolder
hide files = /windows-profiles/
browsable = no
read only = no
create mask = 0700
directory mask = 0700
vfs objects = acl_xattr
include = /etc/samba/local.conf