[Samba] after classicupgrade

Pisch Tamás pischta at gmail.com
Thu Aug 11 08:36:57 UTC 2016 

Hi,

I have Samba 4.2.10 server with NT4 configuration, with ldap backend on
Debian Jessie, and I want to upgrade it to AD. I test it now in virtul
environment. The classicupgrade was succesful.
getent passwd username
and
chown "username:Domain Users" test.txt
didn't work with this nsswitch.conf:
passwd: files ldap
group: files ldap
shadow: files ldap
, so I changed ldap to winbind. Now the two above commands work, but the
local login delays some seconds. Which nss setup is better: ldap, or
winbind? Ldap doesn't work perfectly, because I cannot use ldapsearch:
ldapsearch -xLL -H ldap://localhost:389 -D
"cn=Administrator,dc=Users,dc=our,dc=site" -b "dc=our,dc=site"
ldap_bind: Strong(er) authentication required(8)
       additional info: BindSimple: transport encryption required.
smb.conf:
[global]
workgroup = OUR
realm = our.site
interfaces = lo eth0
bind interfaces only = yes
server role = active directory domain controller
passdb backend = samba_dsdb
winbind enum users = yes
winbind enum groups = yes
winbind use default domain =yes
dns forwarder = 208.67.222.222
rpc_server:tcpip = no
rpc_daemon:spoolssd = enabled
rpc_server:spoolss = embedded
rpc_server:winreg = embedded
rpc_server:ntsvcs = embedded
rpc_server:eventlog = embedded
rpc_server:srvsvc = embedded
rpc_server:default = external
winbindd:use external pipes = true
idmap config our : range = 10000-100000
idmap config our : backend = ad
idmap config * : range = 1000000-1999999
idmap_ldb:use rfc2307 = yes
idmap config * : backend = tdb
map archive = no
map readonly = no
store dos attributes = yes
vfs objects = dfs_samba4 acl_xattr

[netlogon]
path= /var/lib/samba/sysvol/perczelmor.site/scripts
read only = no

[sysvol]
path= /var/lib/samba/sysvol
read only =  no

/etc/ldap/ldap.conf:
host 127.0.0.1
base dc=our,dc=site
logdir /var/lib/ldap/log
TLS_REQCERT hard
TLS_CACERT /etc/ssl/certs/cacert.pem

I tried to integrate winbind login into pam according to this:
https://help.ubuntu.com/community/ActiveDirectoryWinbindHowto but it didn't
work.

Regards,

Tamas.

More information about the samba mailing list