[Samba] Samba 3 to Samba 4 [Solved]
Shem Pasamba
shemgp at aiias.edu
Mon Jan 20 23:39:46 MST 2014
On 1/15/2014 7:32 PM, Rowland Penny wrote:
> OK, try this smb.conf on your Ubuntu machine:
>
> [global]
> workgroup = AIIASSAMBA4
> realm = aiias.samba4.edu
> server string = %h server
> log file = /var/log/samba/log.%m
> log level = 3
> max log size = 1000
> syslog = 0
> panic action = /usr/share/samba/panic-action %d
> security = ADS
> invalid users = root
> winbind cache time = 100
> winbind enum users = Yes
> winbind enum groups = Yes
> winbind use default domain = Yes
> winbind expand groups = 4
> winbind nss info = rfc2307
> winbind refresh tickets = Yes
> winbind normalize names = Yes
> idmap config * : backend = tdb
> idmap config * : range = 1100-5000
> idmap config AIIASSAMBA4:backend = ad
> idmap config AIIASSAMBA4:range = 15000-30000
> idmap config AIIASSAMBA4:schema_mode = rfc2307
> winbind offline logon = yes
>
> [homes]
> comment = Home Directories
> browseable = no
> # the line below will not allow the user to write to their own
> homedirectory, I think you meant 'read only = No'
> # writable = no
> read only = No
> create mask = 0700
> directory mask = 0700
> valid users = %S
>
> [printers]
> comment = All Printers
> browseable = no
> path = /var/spool/samba
> printable = yes
> public = no
> writable = no
> create mode = 0700
>
> [print$]
> comment = Printer Drivers
> path = /var/lib/samba/printers
> browseable = yes
> read only = yes
> guest ok = no
>
> It will only work if your users have the uidNumber & gidNumber
> attributes in AD and they must also fall inside the range 15000-30000
>
> Install the new smb.conf and restart samba, then join the machine to
> the domain with:
>
> sudo net ads join -U Administrator at AIIAS.SAMBA4.EDU
>
> When asked, enter the password you used during provision.
>
> You will probably have to add 'winbind' to the passwd & group lines in
> /etc/nsswitch.conf, but wbinfo should now work correctly and getent
> passwd should display all your local & domain users.
>
> Rowland
Thank you for this configuration. My connection to samba 4 from samba 3
is now working. Here's what I did in the client (samba 3):
1. Added my proper computer name in /etc/hosts
127.0.0.1 sambatest.local sambatest.aiias.samba4.edu sambatest
2. Edited my resolv.conf to this:
domain aiias.samba4.edu
search aiias.samba4.edu
nameserver 172.16.0.242
3. Here's my smb.conf
[global]
workgroup = AIIAS.SAMBA4
realm = AIIAS.SAMBA4.EDU
server string = %h server
log file = /var/log/samba/log.%m
log level = 3
max log size = 1000
syslog = 0
panic action = /usr/share/samba/panic-action %d
security = ADS
invalid users = root
winbind cache time = 100
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
winbind expand groups = 4
winbind nss info = rfc2307
winbind refresh tickets = Yes
winbind normalize names = Yes
idmap config * : backend = tdb
idmap config * : range = 1100-5000
idmap config AIIAS.SAMBA4:backend = ad
idmap config AIIAS.SAMBA4:range = 15000-30000
idmap config AIIAS.SAMBA4:schema_mode = rfc2307
winbind offline logon = yes
password server = 172.16.0.242
encrypt passwords = true
obey pam restrictions = yes
unix password sync = yes
passwd program = /usr/bin/passwd %u
pam password change = yes
netbios name = sambatest
idmap uid = 10000-20000
idmap gid = 10000-20000
usershare allow guests = yes
[homes]
comment = Home Directories
browseable = no
# the line below will not allow the user to write to their own homedirectory, I think you meant 'read only = No'
# writable = no
read only = No
create mask = 0700
directory mask = 0700
valid users = %S
Here's how I joined the ADS:
net ads join AIIAS.SAMBA4 -W AIIAS.SAMBA4 -S SAMBA4.AIIAS.SAMBA4.EDU -I 172.16.0.242 -U administrator
Some things to take note while joining.
If the error is:
Failed to join domain: failed to connect to AD: Operations error
the resolv.conf is wrong. Edit it like in above.
If the error is:
[2014/01/21 14:34:04, 0] libads/sasl.c:ads_sasl_spnego_bind(819)
kinit succeeded but ads_sasl_spnego_krb5_bind failed: Server not found in Kerberos database
Failed to join domain: failed to connect to AD: Server not found in Kerberos database
Then the make sure that the -S server name includes the DC name. In my
instance, I needed to use
SAMBA4.AIIAS.SAMBA4.EDU
instead of
AIIAS.SAMBA4.EDU
I got SAMBA4 from the OU=Domain Controllers of the samba4 ldap.
Also, take note it works even if workgroup has a dot.
Thanks again. Have a great day!
More information about the samba
mailing list