Dne 2.1.2019 v 21:54 Gordon Messmer napsal(a): > On 1/2/19 12:09 PM, Miroslav Geisselreiter wrote: >> some parameters from smb.conf: >> [global] >> workgroup = NT4DOMAIN >> netbios name = nt4member >> security = domain >> passdb backend = ldapsam:"ldap://ldap1server.intranet.xx >> ldap://ldap2server.intranet.xx" > > > I'm not sure it makes sense to use "security = domain" with an ldap > passdb backend. If you're using a real NT4 domain, then you shouldn't > need a passdb backend at all. If you're not in an NT4 domain, then > you should set "security = USER". > > The man page for smb.conf notes "This mode will only work correctly if > net(8) has been used to add this machine into a Windows NT Domain." > Did you add this host to a Windows NT domain, using "net join ..."? > Yes, I add this host with command: net rpc join MEMBER -S NT4LIKEDOMAINSERVER -U root I tried to change "security = USER" but it did not help. I have to say that before upgrade samba from 4.7.1-9 to 4.8.3-4 I did not use and did not run winbind daemon. But now it is necessary to run winbind according to samba documentation: https://www.samba.org/samba/history/samba-4.8.0.html Domain member setups require winbindd ------------------------------------- Setups with "security = domain" or "security = ads" require a running 'winbindd' now. The fallback that smbd directly contacts domain controllers is gone. Without windbind running samba 4.8 do not allow mount smb shares so I have to run winbind.