[Samba] Samba 4 to replicate my samba3.6 config

Rowland Penny rowlandpenny at googlemail.com
Fri Oct 17 06:49:29 MDT 2014


On 17/10/14 13:34, Justin Cooper-Marsh wrote:
> Still the same issue
>
> A slight development, When I use force group development and chown the group, all works
>
> If I leave the group as is, it should authenticate as a unix user in my instance "jcm".
>
> It does not. Perhaps the window/unix user mapping is not in place.

idmap config * : backend = tdb
idmap config * : range = 30000-40000

The above maps the windows builtin users & groups to the range '30000-40000'

idmap config MYDOMAIN : backend = rid
idmap config MYDOMAIN : range = 10000-20000

The above should map your windows users & groups to the range '10000-20000'

Your users & groups are in AD, aren't they ?

Rowland


>
> -----Original Message-----
> From: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] On Behalf Of Rowland Penny
> Sent: 17 October 2014 13:18
> To: samba at lists.samba.org
> Subject: Re: [Samba] Samba 4 to replicate my samba3.6 config
>
> On 17/10/14 12:18, Justin Cooper-Marsh wrote:
>> The security server for the samba 3 config is a Windows 2008 Active
>> Directory server
>>
>> I have run net ads join on the samba 4 server to allow the winbindd to authenticate. Until I did this I was unable to authenticate from a windows PC.
>>
>>
>>
>> -----Original Message-----
>> From: samba-bounces at lists.samba.org
>> [mailto:samba-bounces at lists.samba.org] On Behalf Of Rowland Penny
>> Sent: 17 October 2014 11:51
>> To: samba at lists.samba.org
>> Subject: Re: [Samba] Samba 4 to replicate my samba3.6 config
>>
>> On 17/10/14 11:36, Justin Cooper-Marsh wrote:
>>> [global]
>>>
>>>       workgroup = CBL
>>>       netbios name = NEWVSBUILD
>>>       null passwords = yes
>>>       fake oplocks = yes
>>>       log level = 1
>>>
>>>       server string = Engsvr
>>> log file = /var/log/samba-engsvr/log.%m lock directory =
>>> /var/run/samba-engsvr state directory = /var/lib/samba-engsvr cache
>>> directory = /var/cache/samba-engsvr pid directory =
>>> /var/run/samba-engsvr private dir = /var/lib/samba-engsvr
>>>       max log size = 512
>>>       security = server
>>>       password server = dc1, dc2, dc3
>>>
>>>       password level = 8
>>>       username level = 8
>>> #vfs objects = extd_audit
>>>
>>>
>>> #  socket options = TCP_NODELAY SO_RCVBUF=65536 SO_SNDBUF=16384
>>>      socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
>>>
>>> # Configure Samba to use multiple interfaces # If you have multiple
>>> network interfaces then you must list them # here. See the man page
>>> for details.
>>> ;   interfaces = 192.168.12.2/24 192.168.13.2/24
>>> interfaces = eth0
>>> bind interfaces only = Yes
>>>
>>> # Configure remote browse list synchronisation here #  request
>>> announcement to, or browse list sync from:
>>> #       a specific host or from / to a whole subnet (see below)
>>> ;   remote browse sync = 192.168.3.25 192.168.5.255
>>> # Cause this host to announce itself to local subnets here
>>> ;   remote announce = 192.168.1.255 192.168.2.44
>>> remote announce = 172.24.0.255 172.16.8.255 172.16.4.255
>>>
>>> # Browser Control Options:
>>> # set local master to no if you don't want Samba to become a master #
>>> browser on your network. Otherwise the normal election rules apply
>>>       local master = no
>>>
>>> name resolve order = host wins lmhosts bcast
>>>
>>>       wins server = 10.0.0.184
>>>
>>> #============================ Share Definitions
>>> ==============================
>>>
>>> # This one is useful for people to share files
>>>
>>> [scratch]
>>>     comment = Scratch folders
>>>     path = /scratch
>>>     valid users = @development @test-ver @cvs
>>>     browseable = yes
>>>     writable = yes
>>>     locking = yes
>>>
>>>
>>> -----Original Message-----
>>> From: samba-bounces at lists.samba.org
>>> [mailto:samba-bounces at lists.samba.org] On Behalf Of Rowland Penny
>>> Sent: 17 October 2014 11:31
>>> To: samba at lists.samba.org
>>> Subject: Re: [Samba] Samba 4 to replicate my samba3.6 config
>>>
>>> On 17/10/14 11:26, Justin Cooper-Marsh wrote:
>>>> We are running Arch Linux as a new sever and only has samba4
>>>> available officially I am trying to migrate my samba 3 config to
>>>> work with samba 4
>>>>
>>>>
>>>> I currently use samba to authenticate windows users to use our Linux shares. Then using the Unix groups setup in NIS to validate the users access to a particular share.
>>>>
>>>> Here is the problem.
>>>>
>>>> I can see the shares using samba 4 but it uses the "Domain users" group to read and write to the shares and not any of the Unix groups.
>>>>
>>>> Any Suggestions?
>>>>
>>>>
>>>> My samba 4 config
>>>>
>>>>
>>>>
>>>> [Global]
>>>>       netbios name = newvsbuild
>>>>       workgroup = mydomain
>>>>       realm = mydomain.local
>>>>       server string = %h ArchLinux Host
>>>>       security = ads
>>>>       encrypt passwords = yes
>>>>       #password server = dc1.cambridgebroadband.com
>>>>
>>>>       idmap config * : backend = rid
>>>>       idmap config * : range = 10000-20000
>>>>
>>>>       winbind use default domain = Yes
>>>>       winbind enum users = Yes
>>>>       winbind enum groups = Yes
>>>>       winbind nested groups = Yes
>>>>       winbind separator = @
>>>>       winbind refresh tickets = yes
>>>>
>>>>       template shell = /bin/bash
>>>>       template homedir = /home/%D/%U
>>>>
>>>>       preferred master = no
>>>>       dns proxy = no
>>>>       wins server = cb-dc1.cambridgebroadband.com
>>>>       wins proxy = no
>>>>
>>>>       inherit acls = Yes
>>>>       map acl inherit = Yes
>>>>       acl group control = yes
>>>>
>>>> # load printers = no
>>>>       debug level = 3
>>>>       use sendfile = no
>>>>
>>>>
>>>> [share]
>>>> comment = Scratch folders
>>>> path = /scratch
>>>> valid users = @development @cvs
>>>> browseable = yes
>>>> writable = yes
>>>> locking = yes
>>>> create mode = 0770
>>>> directory mode = 0770
>>>>
>>>>
>>>> Cambridge Broadband Networks Limited (CBNL) is registered in England and Wales at Byron House, Cambridge Business Park, Cowley Road, Cambridge CB4 0WZ under company registration number 3879840. CBNL is the market leader in carrier-class multipoint microwave backhaul and access solutions, serving customers in over 40 countries across the globe.
>>>>      
>>>> This e-mail and any attachments to it are confidential. If you are not the intended recipient, please send an e-mail to the sender stating that it has been received in error and then delete all copies of it immediately. Any views expressed may not be the views of CBNL. Please only print this email if necessary.
>>> Hi, any chance that you can post your samba3 smb.conf ?
>>>
>>> Rowland
>>>
>> OK, trying to understand this, it looks as if your original S3 machine
>> uses another machine for authentication (security = server), just what
>> is this machine ? another samba machine or a windows server ?
>>
>> Your samba4 machine appears to be a domain member, is it joined to a
>> domain ?
>>
>> Rowland
>>
> OK, try changing smb.conf to this:
>
> [Global]
>     workgroup = MYDOMAIN
>     realm = MYDOMAIN.LOCAL
>     server string = %h ArchLinux Host
>     security = ADS
>     dedicated keytab file = /etc/krb5.keytab
>     kerberos method = secrets and keytab
>     idmap config * : backend = tdb
>     idmap config * : range = 30000-40000
>     idmap config MYDOMAIN : backend = rid
>     idmap config MYDOMAIN : range = 10000-20000
>
>     winbind use default domain = Yes
>     winbind enum users = Yes
>     winbind enum groups = Yes
>     winbind nested groups = Yes
>     winbind separator = @
>     winbind refresh tickets = yes
>
>     template shell = /bin/bash
>     template homedir = /home/%D/%U
>
>     preferred master = no
>     dns proxy = no
>     wins server = cb-dc1.cambridgebroadband.com
>     wins proxy = no
>
>     inherit acls = Yes
>     map acl inherit = Yes
>     acl group control = yes
>
> # load printers = no
>     debug level = 3
>     use sendfile = no
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>
>
> Cambridge Broadband Networks Limited (CBNL) is registered in England and Wales at Byron House, Cambridge Business Park, Cowley Road, Cambridge CB4 0WZ under company registration number 3879840. CBNL is the market leader in carrier-class multipoint microwave backhaul and access solutions, serving customers in over 40 countries across the globe.
>   
> This e-mail and any attachments to it are confidential. If you are not the intended recipient, please send an e-mail to the sender stating that it has been received in error and then delete all copies of it immediately. Any views expressed may not be the views of CBNL. Please only print this email if necessary.
>



More information about the samba mailing list