[Samba] AD integration not working after move/version
Henrik Johansson
henrikj at henkis.net
Sat Mar 18 16:53:41 UTC 2017
Hi marc and thanks for your reply,
> On 18 Mar 2017, at 17:26, Marc Muehlfeld via samba <samba at lists.samba.org> wrote:
>
> Hi Henrik,
>
> Am 18.03.2017 um 16:06 schrieb Henrik Johansson via samba:
>> Old version was 3.5.8 and the new version on the virtual host that does not work is 3.6.25.
>
> That's not really a step forward to a supported Samba version. :-)
> https://wiki.samba.org/index.php/Samba_Release_Planning
>
I just replied the first answer I got, and wrote a bit about the background, it’s Solaris 10 with the provided samba. I will look trough your suggestion and try to create a new config, I wold however like just to get it working as it was before right now and then take care of improvements when it’s not a disturbance for customers ( and not after a long night working in the weekend ;) ). I’ll try to see if I can recreate the “unconfigured” behaviour with id-mapping for now.
>
>
>> # Global parameters
>> [global]
>> log file = /var/samba/log/clientlog.%m
>> dns proxy = No
>> acl check permissions = False
>> netbios aliases = string1
>> server string = string1
>> name resolve order = hosts bcast
>> realm = DOMAIN.NET
>> password server = server3.string1.net sever4.string1.net
>> # wins server = x.x.x.x
>> local master = no
>> workgroup = WGNAME
>> os level = 0
>> domain master = no
>> encrypt passwords = yes
>> security = DOMAIN
>> unix charset = ISO8859-1
>> max log size = 50
>> # Fix for not to do lpstat since we don't use printers in Samba
>> load printers = no
>> printing = bsd
>> printcap name = /dev/null
>> disable spoolss = yes
>
>
>
> First some nitpicks about your smb.conf:
> * netbios aliases = string1
> Makes no sense to set an alias to exactly the same name
> as "server string" :-)
>
> * password server: If there is not reason to only request some
> specific servers, I would not limit this. If both are down,
> Samba won't talk to other remaining DCs.
>
> * encrypt passwords = yes
> This is default since a longer time.
>
> This are just some improvement suggestions, but not related to your problem.
>
>
>
>
> Ok. And now the things that are incorrect for a Samba AD domain member:
>
> * realm = DOMAIN.NET and workgroup = WGNAME
> In this case, I would expect that "DOMAIN" is your NetBIOS domain
> name ("workgroup" setting), not something different. If this
> really matches your AD setup, it should work - but it's not
> the recommended way how to set up an AD.
>
> * security = DOMAIN
> This setting is for an NT4 domain. Use "security = ADS"
>
> * Your ID mapping configuration is missing completely.
> See https://wiki.samba.org/index.php/Identity_Mapping_Back_Ends
> No warranty that this works for 3.6. Our documentation only
> covers supported Samba versions.
>
>
>
>
> I recommend the following:
>
> * Update Samba to a supported version (recommended: 4.6.0).
> Samba 3.6 was released 2011. A lot of things regarding AD were
> improved in later releases.
> https://wiki.samba.org/index.php/Updating_Samba
>
> * Read: https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
> I recently rewrote the doc and it works for all supported versions.
>
Thank you, it looks like I have stumbled on a old configuration that has not been maintained, I’ll do my best to get up to speed on samba and see if I can get a working configuration and/or new versin and get it to work.
Regards
Henrik
More information about the samba
mailing list