[Samba] Problems after migration from samba 3.5.2 to samba 4.3.1
Rowland penny
rpenny at samba.org
Mon Feb 15 18:43:16 UTC 2016
On 15/02/16 17:22, Fernando Favero wrote:
> My smb.conf files.
> The OS is a CentOS 7
>
> DC Server 1
> -------------------------------
> [global]
> workgroup = EXAMPLE.COM
> realm = campus.example.com
> netbios name = DC-SERVER1
> server role = active directory domain controller
> idmap_ldb:use rfc2307 = yes
> dns forwarder = 8.8.8.8
> dsdb:schema update allowed = true
> winbind max clients = 2000
> bind interfaces only = yes
> interfaces = eth0
>
> log file = /var/log/samba/%m.log
> log level = 1
>
> [netlogon]
> path = /usr/local/samba/var/locks/sysvol/campus.example.com/scripts
> read only = No
>
> [sysvol]
> path = /usr/local/samba/var/locks/sysvol
> read only = No
>
>
> DC Server 2
> -------------------------------
> [global]
> workgroup = EXAMPLE.COM
> realm = campus.example.com
> netbios name = DC-SERVER2
> server role = active directory domain controller
> idmap_ldb:use rfc2307 = yes
> dns forwarder = 8.8.8.8
> dsdb:schema update allowed = true
> winbind max clients = 2000
> bind interfaces only = yes
> interfaces = eth0
>
> log file = /var/log/samba/%m.log
> log level = 1
>
> [netlogon]
> path = /usr/local/samba/var/locks/sysvol/campus.example.com/scripts
> read only = No
>
> [sysvol]
> path = /usr/local/samba/var/locks/sysvol
> read only = No
>
>
> FileServer1
> -------------------------------
> [global]
> netbios name = FileServer1
> server string = FileServer1
> security = ADS
> workgroup = EXAMPLE.COM
> realm = CAMPUS.EXAMPLE.COM
> bind interfaces only = yes
> interfaces = lo eth0
> winbind request timeout = 90
>
> log file = /var/log/samba/%m.log
> log level = 1
>
> dedicated keytab file = /etc/krb5.keytab
> kerberos method = secrets and keytab
> winbind refresh tickets = yes
> winbind max clients = 2000
>
> winbind trusted domains only = no
> winbind use default domain = yes
> winbind enum users = yes
> winbind enum groups = yes
>
> idmap config *:backend = tdb
> idmap config *:range = 1000-50000
>
> vfs objects = acl_xattr
> map acl inherit = yes
> store dos attributes = yes
> acl allow execute always = true
>
>
> FileServer2
> -------------------------------
> [global]
> netbios name = FileServer2
> server string = FileServer2
> security = ADS
> workgroup = EXAMPLE.COM
> realm = CAMPUS.EXAMPLE.COM
> bind interfaces only = yes
> interfaces = lo eth0
> winbind request timeout = 90
>
> log file = /var/log/samba/%m.log
> log level = 1
>
> dedicated keytab file = /etc/krb5.keytab
> kerberos method = secrets and keytab
> winbind refresh tickets = yes
> winbind max clients = 2000
>
>
> winbind trusted domains only = no
> winbind use default domain = yes
> winbind enum users = yes
> winbind enum groups = yes
>
> idmap config *:backend = tdb
> idmap config *:range = 1000-50000
>
> vfs objects = acl_xattr
> map acl inherit = yes
> store dos attributes = yes
> acl allow execute always = true
>
>
>
OK, two things jump out at me, I wouldn't use 'EXAMPLE.COM' for the
workgroup name, I would have just used 'EXAMPLE' i.e. no dot in the name.
Your idmap config stack is incorrect, you only have settings for the
builtin users & groups, see here for how you should set it up:
https://wiki.samba.org/index.php/Setup_Samba_as_an_AD_Domain_Member
Follow the links on that page for the correct settings.
Rowland
More information about the samba
mailing list