Hallo,
wenn ich das richtig sehe, ist global für alle Shares “msdfs root = No” gesetzt.
hier der gewünschte Auszug:
Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[netlogon]"
Processing section "[sysvol]"
Processing section "[homes]"
Processing section "[printers]"
Processing section "[print$]"
Processing section "[GLeitung]"
Processing section "[Progs]"
Processing section "[Unternehmen]"
Processing section "[Profile]"
Processing section "[Kaufmann]"
Processing section "[LexEasy]"
Processing section "[home]"
Processing section "[logonscripts]"
Processing section "[Canon_MX_990]"
Loaded services file OK.
'winbind separator = +' might cause problems with group membership.
Server role: ROLE_ACTIVE_DIRECTORY_DC
# Global parameters
[global]
bind interfaces only = Yes
config backend = file
dos charset = CP850
enable core files = Yes
interfaces = lo eth0 eth1 vethbbb6c99
multicast dns register = Yes
netbios aliases =
netbios name = SCSHDC01
netbios scope =
realm = CSH-ONLINE.INTRA
server services = s3fs, rpc, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate
server string = Univention Corporate Server
share backend = classic
unix charset = UTF-8
workgroup = CSH-ONLINE
browse list = Yes
domain master = Yes
enhanced browsing = Yes
lm announce = Auto
lm interval = 60
local master = Yes
os level = 20
preferred master = Yes
allow dns updates = secure only
dns forwarder =
dns update command = /usr/sbin/samba_dnsupdate
machine password timeout = 0
nsupdate command = /usr/bin/nsupdate -g
rndc command = /usr/sbin/rndc
spn update command = /usr/sbin/samba_spnupdate
mangle prefix = 1
mangling method = hash2
max stat cache size = 256
stat cache = Yes
client ldap sasl wrapping = sign
ldap admin dn =
ldap connection timeout = 2
ldap delete dn = No
ldap deref = auto
ldap follow referral = Auto
ldap group suffix =
ldap idmap suffix =
ldap machine suffix =
ldap page size = 1000
ldap passwd sync = no
ldap replication sleep = 1000
ldap server require strong auth = allow_sasl_over_tls
ldap ssl = start tls
ldap ssl ads = No
ldap suffix =
ldap timeout = 15
ldap user suffix =
lock spin time = 200
oplock break wait time = 0
smb2 leases = Yes
debug class = No
debug hires timestamp = Yes
debug pid = Yes
debug prefix timestamp = No
debug uid = No
ldap debug level = 0
ldap debug threshold = 10
log file =
logging = file
log level = 2
max log size = 0
syslog = 1
syslog only = No
timestamp logs = Yes
abort shutdown script =
add group script =
add machine script =
add user script =
add user to group script =
allow nt4 crypto = No
delete group script =
delete user from group script =
delete user script =
domain logons = No
enable privileges = Yes
init logon delay = 100
init logon delayed hosts =
logon drive = I:
logon home = scshdc01%U
logon path = scshdc01%Uwindows-profiles%a
logon script =
reject md5 clients = No
set primary group script =
shutdown script =
add share command =
afs token lifetime = 604800
afs username map =
allow insecure wide links = No
async smb echo handler = No
auto services =
cache directory = /var/cache/samba
change notify = Yes
change share command =
cluster addresses =
clustering = No
config file =
ctdbd socket =
ctdb locktime warn threshold = 0
ctdb timeout = 0
default service =
delete share command =
homedir map = auto.home
kernel change notify = Yes
lock directory = /var/run/samba
log writeable files on exit = No
message command =
nbt client socket address = 0.0.0.0
ncalrpc dir = /var/run/samba/ncalrpc
NIS homedir = No
nmbd bind explicit broadcast = Yes
panic action =
perfcount module =
pid directory = /var/run/samba
registry shares = No
remote announce =
remote browse sync =
reset on zero vc = No
smbd profiling level = off
state directory = /var/lib/samba
usershare allow guests = No
usershare max shares = 0
usershare owner only = Yes
usershare path = /var/lib/samba/usershares
usershare prefix allow list =
usershare prefix deny list =
usershare template share =
utmp = No
utmp directory =
wtmp directory =
addport command =
addprinter command =
cups connection timeout = 30
cups encrypt = No
cups server =
deleteprinter command =
disable spoolss = No
enumports command =
iprint server =
load printers = Yes
lpq cache time = 30
os2 driver map =
printcap cache time = 750
printcap name = cups
show add printer wizard = Yes
cldap port = 389
client ipc max protocol = default
client ipc min protocol = default
client max protocol = default
client min protocol = CORE
client use spnego = Yes
dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr, netlogon, lsarpc, drsuapi, dssetup, unixinfo, browser, eventlog6, backupkey, dnsserver
defer sharing violations = Yes
dgram port = 138
disable netbios = No
enable asu support = No
eventlog list =
large readwrite = Yes
max mux = 50
max ttl = 259200
max wins ttl = 518400
max xmit = 65535
min receivefile size = 0
min wins ttl = 21600
name resolve order = lmhosts wins host bcast
nbt port = 137
nt pipe support = Yes
nt status support = Yes
read raw = Yes
rpc big endian = No
server max protocol = SMB3
server min protocol = LANMAN1
server multi channel support = No
smb2 max credits = 8192
smb2 max read = 8388608
smb2 max trans = 8388608
smb2 max write = 8388608
smb ports = 445 139
svcctl list =
time server = No
unicode = Yes
unix extensions = Yes
use spnego = Yes
web port = 901
write raw = Yes
algorithmic rid base = 1000
allow dcerpc auth level connect = No
allow trusted domains = Yes
auth methods =
check password script =
client ipc signing = default
client lanman auth = No
client NTLMv2 auth = Yes
client plaintext auth = No
client schannel = Auto
client signing = default
client use spnego principal = No
dedicated keytab file =
encrypt passwords = Yes
guest account = nobody
kerberos method = default
kpasswd port = 464
krb5 port = 88
lanman auth = No
log nt token command =
map to guest = Bad User
map untrusted to domain = No
ntlm auth = Yes
ntp signd socket directory = /var/lib/samba/ntp_signd
null passwords = No
obey pam restrictions = Yes
old password allowed period = 60
pam password change = No
passdb backend = samba_dsdb
passdb expand explicit = No
passwd chat = *New*password* %nn *Re-enter*new*password* %nn *password*changed*
passwd chat debug = No
passwd chat timeout = 2
passwd program =
password hash gpg key ids =
password server = *
preload modules =
private dir = /var/lib/samba/private
raw NTLMv2 auth = No
rename user script =
restrict anonymous = 0
root directory =
samba kcc command = /usr/sbin/samba_kcc
security = AUTO
server role = active directory domain controller
server schannel = Auto
server signing = default
smb passwd file = /etc/samba/smbpasswd
tls cafile = /etc/univention/ssl/ucsCA/CAcert.pem
tls certfile = /etc/univention/ssl/scshdc01.csh-online.intra/cert.pem
tls crlfile =
tls dh params file =
tls enabled = Yes
tls keyfile = /etc/univention/ssl/scshdc01.csh-online.intra/private.key
tls priority = NORMAL:-VERS-SSL3.0
tls verify peer = ca_and_name
unix password sync = No
username level = 0
username map =
username map cache time = 0
username map script =
aio max threads = 100
deadtime = 15
getwd cache = Yes
hostname lookups = No
keepalive = 300
max disk size = 0
max open files = 32808
max smbd processes = 0
name cache timeout = 660
socket options = TCP_NODELAY
use mmap = Yes
get quota command =
host msdfs = Yes
set quota command =
create krb5 conf = Yes
idmap backend = tdb
idmap cache time = 604800
idmap gid =
idmap negative cache time = 120
idmap uid =
neutralize nt4 emulation = No
reject md5 servers = No
require strong key = Yes
template homedir = /home/%D-%U
template shell = /bin/bash
winbind cache time = 300
winbindd privileged socket directory = /var/lib/samba/winbindd_privileged
winbindd socket directory = /var/run/samba/winbindd
winbind enum groups = No
winbind enum users = No
winbind expand groups = 0
winbind max clients = 200
winbind max domain connections = 1
winbind nested groups = Yes
winbind normalize names = No
winbind nss info = template
winbind offline logon = No
winbind reconnect delay = 30
winbind refresh tickets = No
winbind request timeout = 60
winbind rpc only = No
winbind sealed pipes = Yes
winbind separator = +
winbind trusted domains only = No
winbind use default domain = No
dns proxy = Yes
wins hook =
wins proxy = No
wins server =
wins support = Yes
rpc_server:tcpip = no
rpc_daemon:spoolssd = embedded
rpc_server:spoolss = embedded
rpc_server:winreg = embedded
rpc_server:ntsvcs = embedded
rpc_server:eventlog = embedded
rpc_server:srvsvc = embedded
rpc_server:svcctl = embedded
rpc_server:default = external
winbindd:use external pipes = true
acl:search = no
spoolss: architecture = Windows x64
idmap config * : range = 300000-400000
kccsrv:samba_kcc = False
dsdb:schema update allowed = no
nmbd_proxy_logon:cldap_server = 127.0.0.1
server role check:inhibit = yes
idmap config * : backend = tdb
comment =
path =
administrative share = No
browseable = Yes
case sensitive = Auto
default case = lower
delete veto files = No
hide dot files = Yes
hide files =
hide special files = No
hide unreadable = No
hide unwriteable files = No
mangled names = Yes
mangling char = ~
map archive = No
map hidden = No
map readonly = no
map system = No
preserve case = Yes
short preserve case = Yes
store dos attributes = Yes
veto files =
veto oplock files =
blocking locks = Yes
csc policy = manual
fake oplocks = No
kernel oplocks = Yes
kernel share modes = Yes
level2 oplocks = Yes
locking = Yes
oplock contention limit = 2
oplocks = Yes
posix locking = Yes
strict locking = Auto
acl xattr update mtime = No
afs share = No
available = Yes
copy =
delete readonly = No
dfree cache time = 0
dfree command =
directory name cache size = 100
dmapi support = No
dont descend =
dos filemode = No
dos filetime resolution = No
dos filetimes = Yes
fake directory create times = No
follow symlinks = Yes
fstype = NTFS
include = /etc/samba/base.conf
magic output =
magic script =
postexec =
preexec =
preexec close = No
root postexec =
root preexec =
root preexec close = No
spotlight = No
volume =
wide links = No
cups options =
default devmode = Yes
force printername = No
lppause command =
lpq command = %p
lpresume command =
lprm command =
max print jobs = 1000
max reported print jobs = 0
printable = No
print command =
printer name =
printing = cups
printjob username = %U
print notify backchannel = No
queuepause command =
queueresume command =
use client driver = No
acl allow execute always = Yes
acl check permissions = Yes
acl map full control = Yes
durable handles = Yes
ea support = No
map acl inherit = No
nt acl support = Yes
profile acls = No
access based share enum = No
acl group control = No
admin users = administrator join-backup
create mask = 0744
directory mask = 0755
force create mode = 0000
force directory mode = 0000
force group =
force unknown acl user = No
force user =
guest ok = No
guest only = No
hosts allow =
hosts deny =
inherit acls = No
inherit owner = No
inherit permissions = No
invalid users =
read list =
read only = Yes
smb encrypt = default
valid users =
write list =
aio read size = 0
aio write behind =
aio write size = 0
allocation roundup size = 1048576
block size = 1024
max connections = 0
min print space = 0
strict allocate = No
strict rename = No
strict sync = No
sync always = No
use sendfile = No
write cache size = 0
msdfs proxy =
msdfs root = No
msdfs shuffle referrals = No
ntvfs handler = unixuid, default
vfs objects = dfs_samba4 acl_xattr
[netlogon]
comment = Domain logon service
path = /var/lib/samba/sysvol/csh-online.intra/scripts
case sensitive = No
read only = No
[sysvol]
path = /var/lib/samba/sysvol
case sensitive = No
acl xattr update mtime = Yes
read only = No
[homes]
comment = Heimatverzeichnisse
browseable = No
create mask = 0700
directory mask = 0700
read only = No
vfs objects = acl_xattr
[printers]
comment = Drucker
path = /tmp
browseable = No
printable = Yes
create mask = 0700
[print$]
comment = Printer Drivers
path = /var/lib/samba/drivers
include = /etc/samba/shares.conf.d/GLeitung
read only = No
write list = root Administrator @Printer-Admins
[GLeitung]
path = /shares/gleitung
dos filemode = Yes
include = /etc/samba/shares.conf.d/Progs
inherit acls = Yes
read only = No
vfs objects = acl_xattr
[Progs]
path = /shares/progs
dos filemode = Yes
include = /etc/samba/shares.conf.d/Unternehmen
inherit acls = Yes
read only = No
vfs objects = acl_xattr
[Unternehmen]
path = /shares/unternehmen
dos filemode = Yes
include = /etc/samba/shares.conf.d/Profile
inherit acls = Yes
read only = No
vfs objects = acl_xattr
[Profile]
path = /shares/profile
include = /etc/samba/shares.conf.d/Kaufmann
inherit acls = Yes
read only = No
vfs objects = acl_xattr
[Kaufmann]
path = /shares/kaufmann
dos filemode = Yes
include = /etc/samba/shares.conf.d/LexEasy
inherit acls = Yes
read only = No
vfs objects = acl_xattr
[LexEasy]
path = /shares/lexeasy
dos filemode = Yes
include = /etc/samba/shares.conf.d/home
inherit acls = Yes
read only = No
vfs objects = acl_xattr
[home]
path = /shares/home
include = /etc/samba/shares.conf.d/logonscripts
inherit acls = Yes
read only = No
vfs objects = acl_xattr
[logonscripts]
path = /shares/logonscripts
include = /etc/samba/printers.conf.d/Canon_MX_990
inherit acls = Yes
read only = No
vfs objects = acl_xattr
[Canon_MX_990]
path = /tmp
force printername = Yes
printable = Yes
printer name = Canon_MX_990
guest ok = Yes
mfG
HH