[Samba] after classicupgrade
L.P.H. van Belle
belle at bazuin.nl
Thu Aug 11 09:03:34 UTC 2016
Your search,
Thats because of : ldap server require strong auth (G) ( man smb.conf )
Search over ssl that helps, or change the above setting.
More about that here :
https://www.samba.org/samba/latest_news.html#4.4.2
ldapsearch -H ldaps://fqdn.internal.domain.tld:636 -b "dc=our,dc=site" \
-Y EXTERNAL
Whats best ldap or winbind, i really dont know, i only use winbindd.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Pisch Tamás via
> samba
> Verzonden: donderdag 11 augustus 2016 10:37
> Aan: samba at lists.samba.org
> Onderwerp: [Samba] after classicupgrade
>
> Hi,
>
> I have Samba 4.2.10 server with NT4 configuration, with ldap backend on
> Debian Jessie, and I want to upgrade it to AD. I test it now in virtul
> environment. The classicupgrade was succesful.
> getent passwd username
> and
> chown "username:Domain Users" test.txt
> didn't work with this nsswitch.conf:
> passwd: files ldap
> group: files ldap
> shadow: files ldap
> , so I changed ldap to winbind. Now the two above commands work, but the
> local login delays some seconds. Which nss setup is better: ldap, or
> winbind? Ldap doesn't work perfectly, because I cannot use ldapsearch:
> ldapsearch -xLL -H ldap://localhost:389 -D
> "cn=Administrator,dc=Users,dc=our,dc=site" -b "dc=our,dc=site"
> ldap_bind: Strong(er) authentication required(8)
> additional info: BindSimple: transport encryption required.
> smb.conf:
> [global]
> workgroup = OUR
> realm = our.site
> interfaces = lo eth0
> bind interfaces only = yes
> server role = active directory domain controller
> passdb backend = samba_dsdb
> winbind enum users = yes
> winbind enum groups = yes
> winbind use default domain =yes
> dns forwarder = 208.67.222.222
> rpc_server:tcpip = no
> rpc_daemon:spoolssd = enabled
> rpc_server:spoolss = embedded
> rpc_server:winreg = embedded
> rpc_server:ntsvcs = embedded
> rpc_server:eventlog = embedded
> rpc_server:srvsvc = embedded
> rpc_server:default = external
> winbindd:use external pipes = true
> idmap config our : range = 10000-100000
> idmap config our : backend = ad
> idmap config * : range = 1000000-1999999
> idmap_ldb:use rfc2307 = yes
> idmap config * : backend = tdb
> map archive = no
> map readonly = no
> store dos attributes = yes
> vfs objects = dfs_samba4 acl_xattr
>
> [netlogon]
> path= /var/lib/samba/sysvol/perczelmor.site/scripts
> read only = no
>
> [sysvol]
> path= /var/lib/samba/sysvol
> read only = no
>
> /etc/ldap/ldap.conf:
> host 127.0.0.1
> base dc=our,dc=site
> logdir /var/lib/ldap/log
> TLS_REQCERT hard
> TLS_CACERT /etc/ssl/certs/cacert.pem
>
> I tried to integrate winbind login into pam according to this:
> https://help.ubuntu.com/community/ActiveDirectoryWinbindHowto but it
> didn't
> work.
>
> Regards,
>
> Tamas.
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list