[Samba] Upgrading samba from jessie (4.2) to stretch (4.5) in AD mode...

Marco Gaiarin gaio at sv.lnf.it
Wed Jun 21 16:06:45 UTC 2017 

Mandi! L.P.H. van Belle via samba
  In chel di` si favelave...

> He did not post smb.conf ;-) 

It is full of comment, now, because i'm moving some settings from my
old 'NT' domain...


[From other thread...]

> If he has added 'security = user' to his smb.conf, he needs to remove
> it, you do not use this on a DC.

Clearly, i've removed that; i've added exclusively to finish the
post-installation task of debian package.
Sorry if iwas not clear.


> It looks like he got hit by the 'winbind package not installed on
> debian unless you ask for it' error.

?!


> The rest is shown because he used testparm not samba-tool testparm 

I don't know about that. ;-)

 root at lupus:~# samba-tool testparm 
 Press enter to see a dump of your service definitions
 # Global parameters
 [global]
	bind interfaces only = Yes
	interfaces = lo eth0.17
	netbios aliases = CUPS FILE MEDIA TIME
	netbios name = LUPUS
	realm = AD.CORSI.SV.LNF.IT
	server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate
	workgroup = SVCORSI
	ldap server require strong auth = allow_sasl_over_tls
	logon drive = p:
	logon home = \\LUPUS\%U
	logon path = \\LUPUS\profiles\%U
	logon script = startup.bat
	load printers = Yes
	printcap name = cups
	server role = active directory domain controller
	winbind enum groups = Yes
	winbind enum users = Yes
	winbind nss info = rfc2307
	idmap config svcorsi : schema_mode = rfc2307
	idmap config svcorsi : backend = ad
	idmap_ldb:use rfc2307 = yes
	dsdb:schema update allowed = true
	comment = 
	printing = cups

effectively it is simpler. I've added surely 'ldap server require strong auth =
allow_sasl_over_tls' to make exim work, and 'dsdb:schema update allowed =
true' to modify schema.
Clearly i've added 'logon *' options bacause i need it. ;)

Other things probably added to make windbind NSS and PAM providers
work, but finally i've switched to SSSD.


Thanks.

-- 
dott. Marco Gaiarin				        GNUPG Key ID: 240A3D66
  Associazione ``La Nostra Famiglia''          http://www.lanostrafamiglia.it/
  Polo FVG   -   Via della Bontà, 7 - 33078   -   San Vito al Tagliamento (PN)
  marco.gaiarin(at)lanostrafamiglia.it   t +39-0434-842711   f +39-0434-842797

		Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
      http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
	(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)

More information about the samba mailing list