[Samba] Samba 4 to replicate my samba3.6 config

Justin Cooper-Marsh JCooper-Marsh at cbnl.com
Fri Oct 17 05:18:31 MDT 2014


The security server for the samba 3 config is a Windows 2008 Active Directory server

I have run net ads join on the samba 4 server to allow the winbindd to authenticate. Until I did this I was unable to authenticate from a windows PC.



-----Original Message-----
From: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] On Behalf Of Rowland Penny
Sent: 17 October 2014 11:51
To: samba at lists.samba.org
Subject: Re: [Samba] Samba 4 to replicate my samba3.6 config

On 17/10/14 11:36, Justin Cooper-Marsh wrote:
> [global]
>
>     workgroup = CBL
>     netbios name = NEWVSBUILD
>     null passwords = yes
>     fake oplocks = yes
>     log level = 1
>
>     server string = Engsvr
> log file = /var/log/samba-engsvr/log.%m
> lock directory = /var/run/samba-engsvr
> state directory = /var/lib/samba-engsvr
> cache directory = /var/cache/samba-engsvr
> pid directory = /var/run/samba-engsvr
> private dir = /var/lib/samba-engsvr
>     max log size = 512
>     security = server
>     password server = dc1, dc2, dc3
>
>     password level = 8
>     username level = 8
> #vfs objects = extd_audit
>
>
> #  socket options = TCP_NODELAY SO_RCVBUF=65536 SO_SNDBUF=16384
>    socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
>
> # Configure Samba to use multiple interfaces
> # If you have multiple network interfaces then you must list them
> # here. See the man page for details.
> ;   interfaces = 192.168.12.2/24 192.168.13.2/24
> interfaces = eth0
> bind interfaces only = Yes
>
> # Configure remote browse list synchronisation here
> #  request announcement to, or browse list sync from:
> #       a specific host or from / to a whole subnet (see below)
> ;   remote browse sync = 192.168.3.25 192.168.5.255
> # Cause this host to announce itself to local subnets here
> ;   remote announce = 192.168.1.255 192.168.2.44
> remote announce = 172.24.0.255 172.16.8.255 172.16.4.255
>
> # Browser Control Options:
> # set local master to no if you don't want Samba to become a master
> # browser on your network. Otherwise the normal election rules apply
>     local master = no
>
> name resolve order = host wins lmhosts bcast
>
>     wins server = 10.0.0.184
>
> #============================ Share Definitions ==============================
>
> # This one is useful for people to share files
>
> [scratch]
>   comment = Scratch folders
>   path = /scratch
>   valid users = @development @test-ver @cvs
>   browseable = yes
>   writable = yes
>   locking = yes
>
>
> -----Original Message-----
> From: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] On Behalf Of Rowland Penny
> Sent: 17 October 2014 11:31
> To: samba at lists.samba.org
> Subject: Re: [Samba] Samba 4 to replicate my samba3.6 config
>
> On 17/10/14 11:26, Justin Cooper-Marsh wrote:
>> We are running Arch Linux as a new sever and only has samba4 available officially
>> I am trying to migrate my samba 3 config to work with samba 4
>>
>>
>> I currently use samba to authenticate windows users to use our Linux shares. Then using the Unix groups setup in NIS to validate the users access to a particular share.
>>
>> Here is the problem.
>>
>> I can see the shares using samba 4 but it uses the "Domain users" group to read and write to the shares and not any of the Unix groups.
>>
>> Any Suggestions?
>>
>>
>> My samba 4 config
>>
>>
>>
>> [Global]
>>     netbios name = newvsbuild
>>     workgroup = mydomain
>>     realm = mydomain.local
>>     server string = %h ArchLinux Host
>>     security = ads
>>     encrypt passwords = yes
>>     #password server = dc1.cambridgebroadband.com
>>
>>     idmap config * : backend = rid
>>     idmap config * : range = 10000-20000
>>
>>     winbind use default domain = Yes
>>     winbind enum users = Yes
>>     winbind enum groups = Yes
>>     winbind nested groups = Yes
>>     winbind separator = @
>>     winbind refresh tickets = yes
>>
>>     template shell = /bin/bash
>>     template homedir = /home/%D/%U
>>
>>     preferred master = no
>>     dns proxy = no
>>     wins server = cb-dc1.cambridgebroadband.com
>>     wins proxy = no
>>
>>     inherit acls = Yes
>>     map acl inherit = Yes
>>     acl group control = yes
>>
>> # load printers = no
>>     debug level = 3
>>     use sendfile = no
>>
>>
>> [share]
>> comment = Scratch folders
>> path = /scratch
>> valid users = @development @cvs
>> browseable = yes
>> writable = yes
>> locking = yes
>> create mode = 0770
>> directory mode = 0770
>>
>>
>> Cambridge Broadband Networks Limited (CBNL) is registered in England and Wales at Byron House, Cambridge Business Park, Cowley Road, Cambridge CB4 0WZ under company registration number 3879840. CBNL is the market leader in carrier-class multipoint microwave backhaul and access solutions, serving customers in over 40 countries across the globe.
>>    
>> This e-mail and any attachments to it are confidential. If you are not the intended recipient, please send an e-mail to the sender stating that it has been received in error and then delete all copies of it immediately. Any views expressed may not be the views of CBNL. Please only print this email if necessary.
> Hi, any chance that you can post your samba3 smb.conf ?
>
> Rowland
>
OK, trying to understand this, it looks as if your original S3 machine 
uses another machine for authentication (security = server), just what 
is this machine ? another samba machine or a windows server ?

Your samba4 machine appears to be a domain member, is it joined to a 
domain ?

Rowland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba


Cambridge Broadband Networks Limited (CBNL) is registered in England and Wales at Byron House, Cambridge Business Park, Cowley Road, Cambridge CB4 0WZ under company registration number 3879840. CBNL is the market leader in carrier-class multipoint microwave backhaul and access solutions, serving customers in over 40 countries across the globe. 
 
This e-mail and any attachments to it are confidential. If you are not the intended recipient, please send an e-mail to the sender stating that it has been received in error and then delete all copies of it immediately. Any views expressed may not be the views of CBNL. Please only print this email if necessary. 



More information about the samba mailing list