[Samba] samba member file server failer

L.P.H. van Belle belle at bazuin.nl
Mon Jun 15 00:58:09 MDT 2015 

Hi David, 

If you only are use windows users.. and no linux user will access the windows shares
then its very simple, 

on the file server, set any idmap ( rid or AD ) it does not care. 
Most easy is rid, most flexible for expanding, set AD.
winbind is easy to setup. 
and on any share you make for windows, set. 
acl_xattr:ignore system acl = yes 
read : 
https://www.samba.org/samba/docs/man/manpages/vfs_acl_xattr.8.html 



Greetz, 

Louis




>-----Oorspronkelijk bericht-----
>Van: dwbear75 at gmail.com [mailto:samba-bounces at lists.samba.org] 
>Namens David Bear
>Verzonden: maandag 15 juni 2015 6:10
>Aan: Rowland Penny
>CC: samba
>Onderwerp: Re: [Samba] samba member file server failer
>
>I am aware of sssd -- but I assumed I had to use the sssd 
>package which was
>a complete compile. I wasn't sure all the additions sssd made 
>so I thought
>I would understand things better if I compiled from scratch.
>
>I don't know what nslcd is --
>
>My goal is to provide ONLY file servers for samba ADDC 
>authenticated users.
>I assmed winbind was the shortest route to that.
>
>On Thu, Jun 11, 2015 at 1:29 AM, Rowland Penny 
><rowlandpenny at googlemail.com>
>wrote:
>
>>  On 10/06/15 22:08, David Bear wrote:
>>
>> I think winbind is required for file service isn't it?
>>
>> On Wed, Jun 10, 2015 at 1:28 PM, Rowland Penny <
>> rowlandpenny at googlemail.com> wrote:
>>
>>>  On 10/06/15 21:15, David Bear wrote:
>>>
>>> Thanks Rowland -- will attempt to pull the startup script 
>from the deb
>>> package.
>>>
>>>  Just to clarify, When starting samba as an AD DC, we use the
>>> samba-ad-dc  script, when starting samba as a file server 
>only, we need a
>>> script that only starts smbd, nmbd, and winbind.  ?
>>>
>>>
>>>  Basically yes, but on Debian the script called  samba will 
>start the AD
>>> DC by running the samba-ad-dc script, or it will run the 
>two scripts called
>>> smbd and nmbd to start a member server. I would suggest 
>that you just use
>>> the smbd & nmbd scripts, you will also need the winbind 
>script from the
>>> winbind package if you intend to use winbind.
>>>
>>> Rowland
>>>
>>>
>>>
>>>
>>> On Wed, Jun 10, 2015 at 12:59 AM, Rowland Penny <
>>> rowlandpenny at googlemail.com> wrote:
>>>
>>>>  On 10/06/15 03:26, David Bear wrote:
>>>>
>>>>> I have setup samba 4.2.x as an AD DC in a linux 
>container. This is an
>>>>> privileged container. I am using the brdging interface 
>and have bound
>>>>> samba
>>>>> to the specific interface I want.
>>>>>
>>>>> As an ADDC it is working great.
>>>>>
>>>>> Now I go to the linux host, and created a samba 4.2 file 
>server. I was
>>>>> able
>>>>> to join it to the domain. I followed the member server 
>instructions at
>>>>> https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server .
>>>>>
>>>>> There were a couple of things that were confusing. Since I am
>>>>> installing an
>>>>> an ubuntu 14 LTS server I followed the debian side of the 
>instructions.
>>>>>
>>>>> Instructions for starting the daemons are given at
>>>>> https://wiki.samba.org/index.php/Samba4/InitScript.  
>Towards the end
>>>>> of the
>>>>> wiki we were given instructions for both an init.d script 
>and an upstart
>>>>> configuration file. I have grabbed the init.d/ script, made the
>>>>> modfications to point things to /usr/local/samba 
>installation -- and
>>>>> when I
>>>>> run it, nothing happens.. So I start samba using 
>sbin/samba and the
>>>>> deamons
>>>>> start.
>>>>>
>>>>> However at the tail end of my log file I see
>>>>>
>>>>> [2015/06/09 19:22:16.752250,  0]
>>>>> ../source4/smbd/server.c:475(binary_smbd_main)
>>>>>    At this time the 'samba' binary should only be used for either:
>>>>>    'server role = active directory domain controller' or 
>to access the
>>>>> ntvfs
>>>>> file server with 'server services = +smb' or the rpc 
>proxy with 'dcerpc
>>>>> endpoint servers = remote'
>>>>>    You should start smbd/nmbd/winbindd instead for domain 
>member and
>>>>> standalone file server tasks
>>>>> [2015/06/09 19:22:16.752314,  0]
>>>>> ../lib/util/become_daemon.c:111(exit_daemon)
>>>>>    STATUS=daemon failed to start: Samba detected 
>misconfigured 'server
>>>>> role'
>>>>> and exited. Check logs for details, error code 22
>>>>>
>>>>> since I followed the member server how to -- I am 
>wondering if something
>>>>> there is left out?
>>>>>
>>>>> Here's my smb.conf
>>>>>
>>>>> /usr/local/samba# less etc/smb.conf
>>>>> [global]
>>>>>
>>>>> netbios name = srv1
>>>>> workgroup = INTERNAL
>>>>> security = ADS
>>>>> realm = INTNERAL.XCITY.COM
>>>>> dedicated keytab file = /etc/krb5.keytab
>>>>> kerberos method = secrets and keytab
>>>>>
>>>>> idmap config *:backend = tdb
>>>>> idmap config *:range = 2000-9999
>>>>> idmap config IN:backend = ad
>>>>> idmap config IN:schema_mode = rfc2307
>>>>> idmap config IN:range = 10000-99999
>>>>>
>>>>> winbind nss info = rfc2307
>>>>> winbind trusted domains only = no
>>>>> winbind use default domain = yes
>>>>> winbind enum users = yes
>>>>> winbind enum groups = yes
>>>>> winbind refresh tickets = yes
>>>>>
>>>>> bind interfaces only = yes
>>>>> interfaces = em1
>>>>> log level = 5
>>>>> log file = /usr/local/samba/var/log.%m
>>>>>
>>>>>
>>>>> ----
>>>>> which matches the how to.
>>>>>
>>>>> So there seems to be something missing from the how to .
>>>>>
>>>>> Any suggestions ?
>>>>> Also the %m macro expansion fails for the log file. It 
>actually calls
>>>>> the
>>>>> log vile %m...
>>>>>
>>>>
>>>>  Nope, there is nothing missing from the member server 
>howto, it tells
>>>> you what samba processes to start, (smbd, nmbd and 
>winbind). You should
>>>> only start the samba process on an AD DC.
>>>>
>>>> The problem seems to be that the wiki init script page 
>only seems to
>>>> have a script to start smbd & nmbd (it's at the bottom of 
>the page) and
>>>> there isn't one for winbind.
>>>>
>>>> The easiest way to get the required init scripts is to download the
>>>> samba package with 'apt-get download samba', unpack it 
>(the easiest way is
>>>> to browse to the deb and right click it and select 
>'Extract here'). Now
>>>> browse into the directory that will be created
>>>> ~/samba_2%3a4.1.6+dfsg-1ubuntu2.14.04.7_amd64/etc/init.d
>>>> You should find 4 files, you want 3 of them, the one you 
>don't want is
>>>> 'samba-ad-dc'
>>>> Open each of the required files in your favourite editor 
>and change the
>>>> paths to point to your samba binaries, save the file and 
>then move it to
>>>> /etc/init.d/
>>>>
>>>> Rowland
>>>> --
>>>> To unsubscribe from this list go to the following URL and read the
>>>> instructions:  https://lists.samba.org/mailman/options/samba
>>>>
>>>
>>>
>>>
>>>  --
>>>  David Bear
>>> mobile: (602) 903-6476
>>>
>>>
>>>
>>>
>>
>>
>>  --
>>  David Bear
>> mobile: (602) 903-6476
>>
>>
>>
>> Yes, but you could use nslcd or sssd.
>>
>> Rowland
>>
>
>
>
>-- 
>David Bear
>mobile: (602) 903-6476
>-- 
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba
>
>

More information about the samba mailing list