[Samba] samba to ad transition

Kaz Staleman kajkoz at gmail.com
Tue Sep 20 18:00:15 UTC 2016 

Yes, of course. It is my smb.conf

[global]
    workgroup = MYDOMAIN
    printing=cups
    printcap name =cups
    cups options = Raw

    load printers =yes

    server string = DOMAIN SERVER
    interfaces = eth0, eth1, lo
    bind interfaces only = yes
    passdb backend = tdbsam
    pam password change = yes
    passwd program = /usr/bin/passwd %u
    passwd chat = *New*Password* %n\n *Re-enter*new*password*%n\n
*Password*changed*
    username map = /etc/samba/smbusers
    unix password sync = yes

    socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=65536
SO_SNDBUF=65536
    hosts allow = 192.168.1. 192.168.7. 192.168.10.
    hosts deny = all
    syslog = 0
    log level = 4
    log file = /var/log/samba/%m
    max log size = 50
    smb ports = 139 445
    strict locking = no

    notify:inofity=false

    show add printer wizard = yes
    add user script = /usr/sbin/useradd '%u' -n -g users
    delete user script = /usr/sbin/userdel -r '%u'
    add group script = /usr/sbin/groupdel '%g'
    add user to group script = /usr/sbin/usermod -G '%g' '%u'
    add machine script = /usr/sbin/useradd  -n -g computers -c "Workstation
(%u)" -M -d /nohome -s /bin/false '%u'
    shutdown script = /sbin/shutdown -c
    logon script = scripts\logon.cmd
    logon drive = X:
    logon path =
    logon home =

    domain logons = yes
    domain master = yes
    os level = 64
    preferred master = yes
    wins support = Yes
    name resolve order = wins bcast hosts
    dns proxy = yes
    utmp = Yes
    map acl inherit = Yes
    guest account = nobody

    veto oplock files = /*.doc/*.xls/*.mdb/*.MDB/*.ldb/*.LDB/*.xlsx/*.docx/

    time server=yes

    follow symlinks = yes
    wide links = yes
    unix extensions = no
    hide dot files = yes



[homes]
    comment = Home Directories
    valid users = %S
    read only = no
    writable = Yes
    browseable = No
    create mode = 0600
    directory mode = 0700


[printers]
    comment = All Printers
    path = /var/spool/samba
    browseable = No
    public = Yes
    guest ok = Yes
    writable = No
    printable = Yes
    use client driver = No
#    default devmode = Yes
    printer admin = @ntadmin

[print$]
    comment = Printer Driver Download Area
    path=/var/lib/samba/printers
    browseable= yes
    guest ok = no
    read only = yes
    write list = kzurad, at ntadmin


[netlogon]
    comment = Network Logon Service
    path = /var/lib/samba/netlogon
    guest ok = Yes
    locking = No
    browseable = No
    read only = no

[profiles]
    comment = Profile Share
    create mode = 0600
    directory mode = 0700
    profile acls = Yes
    path = /home/%U
    read only = No
    writable = Yes


[public]
    comment = Public Files
    path = /data/public
    read only = No
    guest ok = Yes
    create mask = 0777
    directory mask = 0777
    oplocks = no
    level2 oplocks = no
    strict locking = no
    fake oplocks = no
    veto oplock files =
/*.MDB/*.mdb/*.LDB/*.ldb/*.DOC/*.doc/*.XLS/*.xls/*.DOCX/*.docx/*.XLSX/*.xlsx

    vfs objects = recycle
    recycle:repository =.RECYCLE_BIN
    recycle:keeptree = True
    recycle:version = True
    recycle:touch = True
    recycle:exclude =
?~$*,~$*,*.tmp,index*.pl,index*.htm*,*.temp,*.TMP,*.ldb,*.LDB




[Automation]
    valid users = @automation, at root
    path = /data/automation
    read only=No

    create mask = 0770
    directory mask = 0770
        vfs objects = recycle
    recycle:repository =.RECYCLE_BIN
    recycle:keeptree = True
    recycle:version = True
    recycle:touch = True
    recycle:exclude = ?~$*,~$*,*.tmp,index*.pl,index*.htm*,*.temp,*.TMP



On Tue, Sep 20, 2016 at 10:55 AM, Rowland Penny via samba <
samba at lists.samba.org> wrote:

> On Tue, 20 Sep 2016 08:33:23 -0700 (PDT)
> kajkoz via samba <samba at lists.samba.org> wrote:
>
> > I did it again, mean. I followed the instruction
> > https://wiki.samba.org/index.php/Migrating_a_Samba_NT4_
> domain_to_a_Samba_AD_domain_%28classic_upgrade%29
> > then I tried to log in from the client computer. ANd again. If that
> > user already existed on client computer there was not a problem with
> > log it to the AD, but if user doesn't exist I got that message
> > "The trust relationship  between this workstation AND the primary
> > domain failed"
> >
> > Of course I can add that computer to the domain again, but it is not a
> > point.
> >
>
> Very strange, the whole idea behind the classic upgrade is that the
> clients aren't supposed to notice the difference.
>
> Can you post the global part of the smb.conf from the NT4-style PDC you
> are upgrading from.
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>



-- 
Kaz

More information about the samba mailing list