[Samba] Upgrading samba from jessie (4.2) to stretch (4.5) in AD mode...

Rowland Penny rpenny at samba.org
Wed Jun 21 14:17:08 UTC 2017 

On Wed, 21 Jun 2017 15:53:42 +0200
Marco Gaiarin via samba <samba at lists.samba.org> wrote:

> Mandi! L.P.H. van Belle via samba
>   In chel di` si favelave...
> 
> [ I've written to Rowland, offlist, supposing a debian specific
>   trouble... because we are back here, i change subject. ]

I asked Louis to help because you may be using his packages, I wasn't
sure ;-)

> root at lupus:~# testparm 
> Load smb config files from /etc/samba/smb.conf
> Processing section "[netlogon]"
> Processing section "[sysvol]"
> Processing section "[printers]"
> Processing section "[print$]"
> Processing section "[profiles]"
> Processing section "[users]"
> Loaded services file OK.
> Server role: ROLE_ACTIVE_DIRECTORY_DC
> 
> Press enter to see a dump of your service definitions
> 
> # Global parameters
> [global]
> 	bind interfaces only = Yes
> 	interfaces = lo eth0.17
> 	netbios aliases = CUPS FILE MEDIA TIME
> 	realm = AD.CORSI.SV.LNF.IT
> 	server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
> drepl, winbindd, ntp_signd, kcc, dnsupdate workgroup = SVCORSI
> 	ldap server require strong auth = allow_sasl_over_tls
> 	logon drive = p:
> 	logon home = \\LUPUS\%U
> 	logon path = \\LUPUS\profiles\%U
> 	logon script = startup.bat
> 	printcap name = cups
> 	passdb backend = samba_dsdb
> 	server role = active directory domain controller
> 	winbind enum groups = Yes
> 	winbind enum users = Yes
> 	winbind nss info = rfc2307
> 	rpc_server:tcpip = no
> 	rpc_daemon:spoolssd = embedded
> 	rpc_server:spoolss = embedded
> 	rpc_server:winreg = embedded
> 	rpc_server:ntsvcs = embedded
> 	rpc_server:eventlog = embedded
> 	rpc_server:srvsvc = embedded
> 	rpc_server:svcctl = embedded
> 	rpc_server:default = external
> 	winbindd:use external pipes = true
> 	idmap config svcorsi : schema_mode = rfc2307
> 	idmap config svcorsi : backend = ad
> 	idmap_ldb:use rfc2307 = yes
> 	dsdb:schema update allowed = true
> 	idmap config * : backend = tdb
> 	map archive = No
> 	map readonly = no
> 	store dos attributes = Yes
> 	vfs objects = dfs_samba4 acl_xattr
> 

Did you add any lines, or is this what the classicupgrade gave you ?

Either way I would make your smb.conf look like this:

[global]
	netbios name = <YOUR DC HOSTNAME IN UPPERCASE>
	realm = AD.CORSI.SV.LNF.IT
	server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate
	workgroup = SVCORSI
	server role = active directory domain controller
	idmap_ldb:use rfc2307 = yes
	printcap name = cups
	bind interfaces only = Yes
	interfaces = lo eth0.17
	ldap server require strong auth = allow_sasl_over_tls

The rest is either default settings or shouldn't be used on a DC.

Rowland

More information about the samba mailing list