[Samba] AD integration not working after move/version
Marc Muehlfeld
mmuehlfeld at samba.org
Sat Mar 18 16:26:11 UTC 2017
Hi Henrik,
Am 18.03.2017 um 16:06 schrieb Henrik Johansson via samba:
> Old version was 3.5.8 and the new version on the virtual host that does not work is 3.6.25.
That's not really a step forward to a supported Samba version. :-)
https://wiki.samba.org/index.php/Samba_Release_Planning
> # Global parameters
> [global]
> log file = /var/samba/log/clientlog.%m
> dns proxy = No
> acl check permissions = False
> netbios aliases = string1
> server string = string1
> name resolve order = hosts bcast
> realm = DOMAIN.NET
> password server = server3.string1.net sever4.string1.net
> # wins server = x.x.x.x
> local master = no
> workgroup = WGNAME
> os level = 0
> domain master = no
> encrypt passwords = yes
> security = DOMAIN
> unix charset = ISO8859-1
> max log size = 50
> # Fix for not to do lpstat since we don't use printers in Samba
> load printers = no
> printing = bsd
> printcap name = /dev/null
> disable spoolss = yes
First some nitpicks about your smb.conf:
* netbios aliases = string1
Makes no sense to set an alias to exactly the same name
as "server string" :-)
* password server: If there is not reason to only request some
specific servers, I would not limit this. If both are down,
Samba won't talk to other remaining DCs.
* encrypt passwords = yes
This is default since a longer time.
This are just some improvement suggestions, but not related to your problem.
Ok. And now the things that are incorrect for a Samba AD domain member:
* realm = DOMAIN.NET and workgroup = WGNAME
In this case, I would expect that "DOMAIN" is your NetBIOS domain
name ("workgroup" setting), not something different. If this
really matches your AD setup, it should work - but it's not
the recommended way how to set up an AD.
* security = DOMAIN
This setting is for an NT4 domain. Use "security = ADS"
* Your ID mapping configuration is missing completely.
See https://wiki.samba.org/index.php/Identity_Mapping_Back_Ends
No warranty that this works for 3.6. Our documentation only
covers supported Samba versions.
I recommend the following:
* Update Samba to a supported version (recommended: 4.6.0).
Samba 3.6 was released 2011. A lot of things regarding AD were
improved in later releases.
https://wiki.samba.org/index.php/Updating_Samba
* Read: https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
I recently rewrote the doc and it works for all supported versions.
Regards,
Marc
More information about the samba
mailing list