[Eisfair] samba nach Update: kein Zugriff mehr

Fr Dez 16 15:05:11 CET 2022

Hier meine parameter.
Eins fällt mir auf:
	hosts allow = 127.0.0. 10.179.59.0/255.255.255.0 
10.10.11.0/255.255.255.0 192.168.0.0/255.255.255.0

Ist das 127.0.0. korrekt?
Die weiteren shares hab ich mal abgeschnitten...

#----------------------------------------------------------------------------
# /etc/user.map - windows to unix user name mappings
# generated by /var/install/config.d/samba.sh
#
# unixuser1 = "Windows-User-Name mit Leerzeichen"
# unixuser2 = "Windows-User-Name mit Leerzeichen" "2. Name" "3. Name"
#
# Version of Samba for eisfair is 13.0.6.
# SAMBA_MANUAL_CONFIGURATION is yes.
#
# Do not edit this file, use 'Edit Samba Configuration'
# in Samba Services Menu!
#
# Creation date: 2022-12-16 14:57:23
#----------------------------------------------------------------------------
root = "Administrator"

#----------------------------------------------------------------------------
# This is your current active configuration.
#
# You can see here an otput of *all* options, that were used, not used
# and are thus set to their defaults.
#
# This is much more than your smb.conf will show you!
#----------------------------------------------------------------------------

Load smb config files from /etc/smb.conf
Loaded services file OK.
Weak crypto is allowed

Server role: ROLE_STANDALONE

# Global parameters
[global]
	abort shutdown script =
	add group script = /var/install/bin/add-group '%g'
	additional dns hostnames =
	add machine script =
	addport command =
	addprinter command =
	add share command =
	add user script = /usr/sbin/useradd -m '%u' -c '%u'
	add user to group script = /usr/sbin/usermod -G '%g' '%u'
	afs token lifetime = 604800
	afs username map =
	aio max threads = 100
	algorithmic rid base = 1000
	allow dcerpc auth level connect = No
	allow dns updates = secure only
	allow insecure wide links = No
	allow nt4 crypto = No
	allow trusted domains = Yes
	allow unsafe cluster upgrade = No
	apply group policies = No
	async dns timeout = 10
	async smb echo handler = No
	auth event notification = No
	auto services =
	binddns dir = /var/lib/samba/bind-dns
	bind interfaces only = Yes
	browse list = Yes
	cache directory = /var/lib/samba
	change notify = Yes
	change share command =
	check password script =
	cldap port = 389
	client ipc max protocol = default
	client ipc min protocol = default
	client ipc signing = default
	client lanman auth = No
	client ldap sasl wrapping = sign
	client max protocol = default
	client min protocol = SMB2_02
	client NTLMv2 auth = Yes
	client plaintext auth = No
	client protection = default
	client schannel = Yes
	client signing = default
	client smb encrypt = default
	client smb3 encryption algorithms = AES-128-GCM, AES-128-CCM, 
AES-256-GCM, AES-256-CCM
	client smb3 signing algorithms = AES-128-GMAC, AES-128-CMAC, HMAC-SHA256
	client use kerberos = desired
	client use spnego principal = No
	client use spnego = Yes
	cluster addresses =
	clustering = No
	config backend = file
	config file =
	create krb5 conf = Yes
	ctdbd socket =
	ctdb locktime warn threshold = 0
	ctdb timeout = 0
	cups connection timeout = 30
	cups encrypt = No
	cups server =
	dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr, netlogon, 
lsarpc, drsuapi, dssetup, unixinfo, browser, eventlog6, backupkey, dnsserver
	deadtime = 60
	debug class = No
	debug encryption = No
	debug hires timestamp = Yes
	debug pid = No
	debug prefix timestamp = No
	debug uid = No
	dedicated keytab file =
	default service =
	defer sharing violations = Yes
	delete group script = /var/install/bin/remove-group '%g'
	deleteprinter command =
	delete share command =
	delete user from group script = /usr/sbin/userdel '%g' '%u'
	delete user script =
	dgram port = 138
	disable netbios = No
	disable spoolss = No
	dns forwarder =
	dns proxy = Yes
	dns update command = /usr/sbin/samba_dnsupdate
	dns zone scavenging = No
	dns zone transfer clients allow =
	dns zone transfer clients deny =
	domain logons = No
	domain master = No
	dos charset = CP850
	dsdb event notification = No
	dsdb group change notification = No
	dsdb password event notification = No
	enable asu support = No
	enable core files = No
	enable privileges = Yes
	encrypt passwords = Yes
	enhanced browsing = Yes
	enumports command =
	eventlog list =
	get quota command =
	getwd cache = Yes
	gpo update command = /usr/sbin/samba-gpupdate
	guest account = nobody
	host msdfs = Yes
	hostname lookups = No
	idmap backend = tdb
	idmap cache time = 604800
	idmap gid =
	idmap negative cache time = 120
	idmap uid =
	include system krb5 conf = Yes
	init logon delay = 100
	init logon delayed hosts =
	interfaces = 127.0.0.1/8 10.179.59.55/255.255.255.0
	iprint server =
	kdc default domain supported enctypes = 0
	kdc force enable rc4 weak session keys = No
	kdc supported enctypes = 0
	keepalive = 300
	kerberos encryption types = all
	kerberos method = default
	kernel change notify = Yes
	kpasswd port = 464
	krb5 port = 88
	lanman auth = No
	large readwrite = Yes
	ldap admin dn =
	ldap connection timeout = 2
	ldap debug level = 0
	ldap debug threshold = 10
	ldap delete dn = No
	ldap deref = auto
	ldap follow referral = Auto
	ldap group suffix =
	ldap idmap suffix =
	ldap machine suffix =
	ldap max anonymous request size = 256000
	ldap max authenticated request size = 16777216
	ldap max search request size = 256000
	ldap page size = 1000
	ldap passwd sync = no
	ldap replication sleep = 1000
	ldap server require strong auth = Yes
	ldap ssl = start tls
	ldap suffix =
	ldap timeout = 15
	ldap user suffix =
	lm announce = Auto
	lm interval = 60
	load printers = No
	local master = No
	lock directory = /var/lib/samba
	lock spin time = 200
	log file =
	logging =
	log level = 1
	log nt token command =
	logon drive =
	logon home = \\%N\%U
	logon path = \\%N\%U\profile
	logon script =
	log writeable files on exit = No
	lpq cache time = 30
	lsa over netlogon = No
	machine password timeout = 604800
	mangle prefix = 1
	mangling method = hash2
	map to guest = Never
	max disk size = 0
	max log size = 10000
	max mux = 10000
	max open files = 16384
	max smbd processes = 0
	max stat cache size = 512
	max ttl = 259200
	max wins ttl = 518400
	max xmit = 16644
	mdns name = netbios
	message command = /var/install/bin/samba-netbios-mail '%f' '%s'
	min domain uid = 1000
	min receivefile size = 16384
	min wins ttl = 21600
	mit kdc command =
	multicast dns register = Yes
	name cache timeout = 660
	name resolve order = lmhosts host wins bcast
	nbt client socket address = 0.0.0.0
	nbt port = 137
	ncalrpc dir = /run/samba/ncalrpc
	netbios aliases =
	netbios name = MYEIS
	netbios scope =
	neutralize nt4 emulation = No
	nmbd bind explicit broadcast = Yes
	nsupdate command = /usr/bin/nsupdate -g
	ntlm auth = ntlmv2-only
	nt pipe support = Yes
	ntp signd socket directory = /run/samba/ntp_signd
	nt status support = Yes
	null passwords = No
	obey pam restrictions = No
	old password allowed period = 60
	oplock break wait time = 0
	os2 driver map =
	os level = 0
	pam password change = No
	panic action =
	passdb backend = tdbsam
	passdb expand explicit = No
	passwd chat = *New*Password:* %n\n *Retype*new*password:* %n\n 
*password*updated*
	passwd chat debug = No
	passwd chat timeout = 2
	passwd program = /usr/bin/passwd %u
	password hash gpg key ids =
	password hash userPassword schemes =
	password server = *
	perfcount module =
	pid directory = /run
	preferred master = No
	prefork backoff increment = 10
	prefork children = 4
	prefork maximum backoff = 120
	preload modules =
	printcap cache time = 0
	printcap name = /etc/printcap
	private dir = /etc
	raw NTLMv2 auth = No
	read raw = Yes
	realm =
	registry shares = No
	reject md5 clients = Yes
	reject md5 servers = Yes
	remote announce =
	remote browse sync =
	rename user script =
	require strong key = Yes
	reset on zero vc = No
	restrict anonymous = 0
	root directory =
	rpc big endian = No
	rpc server dynamic port range = 49152-65535
	rpc server port = 0
	samba kcc command = /usr/sbin/samba_kcc
	security = USER
	server max protocol = SMB3
	server min protocol = SMB2_02
	server multi channel support = Yes
	server role = auto
	server schannel = Yes
	server schannel require seal = Yes
	server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, 
winbindd, ntp_signd, kcc, dnsupdate, dns
	server signing = default
	server smb3 encryption algorithms = AES-128-GCM, AES-128-CCM, 
AES-256-GCM, AES-256-CCM
	server smb3 signing algorithms = AES-128-GMAC, AES-128-CMAC, HMAC-SHA256
	server string =
	set primary group script = /var/install/bin/modify-user -g '%u' '%g'
	set quota command =
	show add printer wizard = Yes
	shutdown script =
	smb2 disable lock sequence checking = No
	smb2 disable oplock break retry = No
	smb2 leases = Yes
	smb2 max credits = 8192
	smb2 max read = 8388608
	smb2 max trans = 8388608
	smb2 max write = 8388608
	smbd profiling level = off
	smb passwd file = /etc/smbpasswd
	smb ports = 445 139
	socket options = TCP_KEEPCNT=5 TCP_KEEPIDLE=30 TCP_KEEPINTVL=1
	spn update command = /usr/sbin/samba_spnupdate
	stat cache = Yes
	state directory = /var/lib/samba
	svcctl list =
	syslog = 1
	syslog only = No
	template homedir = /home/%D/%U
	template shell = /bin/false
	time server = Yes
	timestamp logs = Yes
	tls cafile = tls/ca.pem
	tls certfile = tls/cert.pem
	tls crlfile =
	tls dh params file =
	tls enabled = Yes
	tls keyfile = tls/key.pem
	tls priority = NORMAL:-VERS-SSL3.0
	tls verify peer = as_strict_as_possible
	unicode = Yes
	unix charset = UTF-8
	unix extensions = No
	unix password sync = Yes
	use mmap = Yes
	username level = 2
	username map = /etc/user.map
	username map cache time = 0
	username map script =
	usershare allow guests = No
	usershare max shares = 0
	usershare owner only = Yes
	usershare path = /var/lib/samba/usershares
	usershare prefix allow list =
	usershare prefix deny list =
	usershare template share =
	utmp = Yes
	utmp directory =
	winbind cache time = 300
	winbindd socket directory = /run/samba/winbindd
	winbind enum groups = No
	winbind enum users = No
	winbind expand groups = 0
	winbind max clients = 200
	winbind max domain connections = 1
	winbind nested groups = Yes
	winbind normalize names = No
	winbind nss info = template
	winbind offline logon = No
	winbind reconnect delay = 30
	winbind refresh tickets = No
	winbind request timeout = 60
	winbind rpc only = No
	winbind scan trusted domains = No
	winbind sealed pipes = Yes
	winbind separator = \
	winbind use default domain = No
	winbind use krb5 enterprise principals = Yes
	wins hook =
	wins proxy = No
	wins server =
	wins support = Yes
	workgroup = DFC
	write raw = Yes
	wtmp directory =
	idmap config * : backend = tdb
	access based share enum = No
	acl allow execute always = Yes
	acl check permissions = Yes
	acl flag inherited canonicalization = Yes
	acl group control = Yes
	acl map full control = Yes
	administrative share = No
	admin users = root
	afs share = No
	aio read size = 1
	aio write behind =
	aio write size = 1
	allocation roundup size = 0
	available = Yes
	blocking locks = Yes
	block size = 1024
	browseable = Yes
	case sensitive = Auto
	check parent directory delete on close = No
	comment =
	copy =
	create mask = 0744
	csc policy = manual
	cups options =
	default case = lower
	default devmode = Yes
	delete readonly = No
	delete veto files = No
	dfree cache time = 0
	dfree command =
	directory mask = 0755
	directory name cache size = 100
	dmapi support = No
	dont descend =
	dos filemode = Yes
	dos filetime resolution = No
	dos filetimes = Yes
	durable handles = Yes
	ea support = Yes
	fake directory create times = No
	fake oplocks = No
	follow symlinks = Yes
	smbd force process locks = No
	force create mode = 0000
	force directory mode = 0000
	force group =
	force printername = No
	force unknown acl user = Yes
	force user =
	fstype = NTFS
	guest ok = No
	guest only = No
	hide dot files = Yes
	hide files = /desktop.ini/Thumbs.db/
	hide new files timeout = 0
	hide special files = No
	hide unreadable = No
	hide unwriteable files = No
	honor change notify privilege = No
	hosts allow = 127.0.0. 10.179.59.0/255.255.255.0 
10.10.11.0/255.255.255.0 192.168.0.0/255.255.255.0
	hosts deny =
	include =
	inherit acls = Yes
	inherit owner = no
	inherit permissions = No
	invalid users =
	kernel oplocks = No
	kernel share modes = Yes
	level2 oplocks = No
	locking = Yes
	lppause command =
	lpq command = lpq -P'%p'
	lpresume command =
	lprm command = lprm -P'%p' %j
	magic output =
	magic script =
	mangled names = illegal
	mangling char = ~
	map acl inherit = Yes
	map archive = No
	map hidden = No
	map readonly = no
	map system = No
	max connections = 0
	max print jobs = 1000
	max reported print jobs = 0
	min print space = 0
	msdfs proxy =
	msdfs root = No
	msdfs shuffle referrals = No
	nt acl support = Yes
	ntvfs handler = unixuid, default
	oplocks = No
	path =
	posix locking = Yes
	postexec =
	preexec =
	preexec close = No
	preserve case = Yes
	printable = No
	print command = lpr -r -P'%p' %s
	printer name =
	printing = lprng
	printjob username = %U
	print notify backchannel = No
	queuepause command =
	queueresume command =
	read list =
	read only = Yes
	root postexec =
	root preexec =
	root preexec close = No
	server smb encrypt = default
	short preserve case = Yes
	smbd async dosmode = No
	smbd getinfo ask sharemode = Yes
	smbd max async dosmode = 0
	smbd max xattr size = 65536
	smbd search ask sharemode = Yes
	spotlight = No
	spotlight backend = noindex
	store dos attributes = Yes
	strict allocate = No
	strict locking = Auto
	strict rename = No
	strict sync = Yes
	sync always = No
	use client driver = No
	use sendfile = Yes
	valid users =
	veto files =
	veto oplock files =
	vfs objects =
	volume =
	wide links = Yes
	write list =

[homes]
	browseable = No
	comment = homes directory on %h
	create mask = 0600
	directory mask = 0700
	force create mode = 0600
	force directory mode = 0700
	read only = No
	root preexec = /var/install/bin/samba-smbinfo 
"T=%T|d=%d|v=%v|h=%h|L=%L|N=%N|p=%p|R=%R|S=%S|P=%P|U=%U|G=%G|u=%u|g=%g|H=%H|I=%I|M=%M|m=%m|a=%a" 
&
	strict allocate = Yes
	valid users = %S root
	vfs objects = widelinks

[vol1]
	comment = vol1 on %h
	create mask = 0770
	directory mask = 0770
	force create mode = 0770
	force directory mode = 0770
	force group = users
	force user = ecodms1
	path = /data/vol1
	read only = No
	root preexec = /var/install/bin/samba-smbinfo 
"T=%T|d=%d|v=%v|h=%h|L=%L|N=%N|p=%p|R=%R|S=%S|P=%P|U=%U|G=%G|u=%u|g=%g|H=%H|I=%I|M=%M|m=%m|a=%a" 
&
	strict allocate = Yes
	valid users = alex +users root
	vfs objects = widelinks