[Samba] Samba 3 to Samba 4

Rowland Penny rowlandpenny at googlemail.com
Wed Jan 15 04:32:53 MST 2014


On 15/01/14 10:19, shemgp at aiias.edu wrote:
>> On 15/01/14 04:13, Shem Pasamba wrote:
>>> On 1/14/2014 7:17 PM, Rowland Penny wrote:
>>>> Ah, just a bit late, he already has ;-)
>>>>
>>>> Just waiting for him to tell us what OS's he is using, his client
>>>> smb.conf is all over the place and I think he is using a very old
>>>> distro.
>>>>
>>>> Rowland
>>> I'm using CentOS release 6.4 (Final) for the samba 4 server.
>>>
>>> Thanks for the help.
>> OK, but what OS is running on the clients ??
>> Did you compile samba4 yourself ??
> The OS running in the clients is Debian. I tried an Ubuntu 13.10 to
> connect to the samba with the same configuration of the Debian machine and
> I got the same results. The samba4 was compiled from the source including
> the bind and ntp servers.
>
OK, try this smb.conf on your Ubuntu machine:

[global]
    workgroup = AIIASSAMBA4
    realm = aiias.samba4.edu
    server string = %h server
    log file = /var/log/samba/log.%m
    log level = 3
    max log size = 1000
    syslog = 0
    panic action = /usr/share/samba/panic-action %d
    security = ADS
    invalid users = root
    winbind  cache time = 100
    winbind enum users = Yes
    winbind enum groups = Yes
    winbind use default domain = Yes
    winbind expand groups = 4
    winbind nss info = rfc2307
    winbind refresh tickets = Yes
    winbind normalize names = Yes
    idmap config * : backend = tdb
    idmap config * : range = 1100-5000
    idmap config AIIASSAMBA4:backend = ad
    idmap config AIIASSAMBA4:range = 15000-30000
    idmap config AIIASSAMBA4:schema_mode = rfc2307
    winbind offline logon = yes

[homes]
    comment = Home Directories
    browseable = no
    # the line below will not allow the user to write to their own 
homedirectory, I think you meant 'read only = No'
    # writable = no
    read only = No
    create mask = 0700
    directory mask = 0700
    valid users = %S

[printers]
    comment = All Printers
    browseable = no
    path = /var/spool/samba
    printable = yes
    public = no
    writable = no
    create mode = 0700

[print$]
    comment = Printer Drivers
    path = /var/lib/samba/printers
    browseable = yes
    read only = yes
    guest ok = no

It will only work if your users have the uidNumber & gidNumber 
attributes in AD and they must also fall inside the range 15000-30000

Install the new smb.conf and restart samba, then join the machine to the 
domain with:

sudo net ads join -U Administrator at AIIAS.SAMBA4.EDU

When asked, enter the password you used during provision.

You will probably have to add 'winbind' to the passwd & group lines in 
/etc/nsswitch.conf, but wbinfo should now work correctly and getent 
passwd should display all your local & domain users.

Rowland


More information about the samba mailing list