[Samba] Upgrading Samba 3 to Samba 4 - Domain Controller unreachable
Luke Barone
lukebarone at gmail.com
Sat Apr 2 16:37:07 UTC 2016
[global]
server max protocol = SMB2
# Line above added by lbarone - March 30, 2016
name resolve order = host wins lmhosts bcast
write list = @domainadmins
passwd chat = *new*password* %n\n *new*password* %n\n *updated*
admin users = machine,add,lbarone, at domainadmins
smb ports = 139
lock directory = /var/cache/samba
preserve case = yes
passwd program = /usr/bin/passwd %u
netbios name = jmac
printing = lprng
logon script = login.bat
local master = yes
workgroup = jmc
os level = 255
printcap name = /dev/null
security = user
disable spoolss = yes
log file = /var/log/samba/log.%m
log level = 2
load printers = yes
logon drive = h:
domain master = yes
interfaces = eth1
encrypt passwords = true
wins support = yes
server string = jmac
wide links = no
path = /var/spool/lpd/samba
unix password sync = true
preferred master = yes
bind interfaces only = yes
pam password change = yes
domain logons = yes
dns proxy = yes
idmap config * : range = 1000-1999999
# Above line added by lbarone - March 29, 2016
################## SHARES ########################
[netlogon]
path = /usr/local/share/netlogon
browseable = no
##profile acls = yes
write list = @domainadmins
inherit permissions = yes
[homes]
browseable = no
read only = no
path = /home/%U/
[Programs]
path = /usr/local/share/Apps/NetApps
inherit permissions = yes
writeable = yes
[Windsor]
path = /usr/local/share/Windsor
inherit permissions = yes
writeable = yes
[Career]
path = /usr/local/share/Staff/CLA/Career
inherit permissions = yes
writeable = yes
comment = Career Programs
[Office]
path = /usr/local/share/Office
writeable = yes
inherit permissions = yes
[Admin]
path = /usr/local/share/Admin
inherit permissions = yes
writeable = yes
[Student_Share]
comment = Classwork Share
path = /usr/local/share/Student
writeable = yes
inherit permissions = yes
[Tech_Tips]
comment = Tech Applications and tips. Public to see/read.
path = /usr/local/share/TECH_TIPS
writeable = yes
valid users = @staff
inherit permissions = yes
[Tech_Apps]
comment = Tech Applications.
path = /usr/local/share/Tech_Apps
writeable = no
inherit permissions = yes
valid users = @domainadmins, at admin
browseable = no
[DropBox]
comment = Classwork Hand-in
path = /usr/local/share/Classwork
writeable = yes
create mode = 700
force directory mode = 1777
inherit owner = yes
[SSS]
comment = Student Support Services
path = /usr/local/share/Staff/SSS
writeable = yes
inherit permissions = yes
[JMC]
comment = JMC Global Share
path = /usr/local/share/Staff/JMC
writeable = yes
write list = @staff
read list = @staff
[DRC]
comment = DRC
path = /usr/local/share/Staff/DRC
writeable = yes
inherit permissions = yes
[CLA]
comment = CLA
path = /usr/local/share/Staff/CLA
writeable = yes
inherit permissions = yes
[YAPS]
path = /usr/local/share/YAPS
inherit permissions = yes
writeable = yes
[IMAGES]
comment = System images. Keep out.
path = /usr/local/share/IMAGES
valid users = blast,lbarone, at domainadmins
writeable = yes
inherit permissions = yes
[Printer_Drivers]
comment = Printer Drivers for any printers in the building.
path = /usr/local/share/Printer_Drivers
writeable = no
inherit permissions = yes
I commented when and where I changed the file, based on advice from various
forums when I was trying to figure out this issue. The upgrade occurred on
March 17th, so the changes I made were after issues were reported to me.
On Fri, Apr 1, 2016 at 1:53 PM, Rowland penny <rpenny at samba.org> wrote:
> On 01/04/16 21:20, Luke Barone wrote:
>
>> Anyone able to chime in? Suggestions on where to go?
>>
>> On Thu, Mar 31, 2016 at 11:21 AM, Luke Barone <lukebarone at gmail.com>
>> wrote:
>>
>> Hi all,
>>>
>>> I upgraded Samba 3 to 4 when doing a Debian Wheezy to Jessie upgrade over
>>> the last couple of weeks. Most things worked, but now that staff are
>>> back,
>>> we're seeing more and more issues.
>>>
>>> Computers are logging in using their cached credentials only. The
>>> computers are not using updated password information from the server
>>> anymore. The computers will not connect to the server via it's NetBIOS
>>> name
>>> unless I add the entry under the hosts and lmhosts file on each
>>> workstation
>>> (which is a pain...). My remote management won't work either for using
>>> the
>>> server credentials, I need to use a local username and password.
>>>
>>> It's running Samba 4.1.17-debian, as a Windows NT Domain Controller, NOT
>>> Active Directory.
>>>
>>> I have also edited the /etc/nsswitch.conf file so that:
>>>
>>> passwd: files winbind
>>> shadow: files
>>> group: files winbind
>>> hosts: files wins
>>>
>>> instead of:
>>> passwd: compat
>>> group: compat
>>> shadow: compat
>>> hosts: files dns
>>>
>>>
>>> ... based on advice around the getpwuid error that seems so famous.
>>>
>>> My goal is to get this up and running *properly* without needing to touch
>>> every computer, and so that user changes (i.e. password changes, new
>>> users,
>>> users getting deleted, etc) take effect immediately.
>>>
>>> If I need to post other config files, please let me know
>>>
>>>
> OK, lets start with the smb.conf, please post it.
> I take it you haven't modified it after the upgrade.
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list