[Samba] AD integration not working after move/version

Henrik Johansson henrikj at henkis.net
Sat Mar 18 16:53:41 UTC 2017 

Hi marc and thanks for your reply,


> On 18 Mar 2017, at 17:26, Marc Muehlfeld via samba <samba at lists.samba.org> wrote:
> 
> Hi Henrik,
> 
> Am 18.03.2017 um 16:06 schrieb Henrik Johansson via samba:
>> Old version was 3.5.8 and the new version on the virtual host that does not work is 3.6.25.
> 
> That's not really a step forward to a supported Samba version. :-)
> https://wiki.samba.org/index.php/Samba_Release_Planning
> 

I just replied the first answer I got, and wrote a bit about the background, it’s Solaris 10 with the provided samba. I will look trough your suggestion and try to create a new config, I wold however like just to get it working as it was before right now and then take care of improvements when it’s not a disturbance for customers ( and not after a long night working in the weekend ;) ). I’ll try to see if I can recreate the “unconfigured” behaviour with id-mapping for now. 

> 
> 
>> # Global parameters
>> [global]
>>        log file = /var/samba/log/clientlog.%m
>>        dns proxy = No
>>        acl check permissions = False
>>        netbios aliases = string1
>>        server string = string1
>>        name resolve order = hosts bcast
>>        realm = DOMAIN.NET
>>        password server = server3.string1.net sever4.string1.net
>> #       wins server = x.x.x.x
>>        local master = no
>>        workgroup = WGNAME
>>        os level = 0
>>        domain master = no
>>        encrypt passwords = yes
>>        security = DOMAIN
>>        unix charset = ISO8859-1
>>        max log size = 50
>>        # Fix for not to do lpstat since we don't use printers in Samba
>>        load printers = no
>>        printing = bsd
>>        printcap name = /dev/null
>>        disable spoolss = yes
> 
> 
> 
> First some nitpicks about your smb.conf:
> * netbios aliases = string1
>  Makes no sense to set an alias to exactly the same name
>  as "server string" :-)
> 
> * password server: If there is not reason to only request some
>  specific servers, I would not limit this. If both are down,
>  Samba won't talk to other remaining DCs.
> 
> * encrypt passwords = yes
>  This is default since a longer time.
> 
> This are just some improvement suggestions, but not related to your problem.
> 
> 
> 
> 
> Ok. And now the things that are incorrect for a Samba AD domain member:
> 
> * realm = DOMAIN.NET   and   workgroup = WGNAME
>  In this case, I would expect that "DOMAIN" is your NetBIOS domain
>  name ("workgroup" setting), not something different. If this
>  really matches your AD setup, it should work - but it's not
>  the recommended way how to set up an AD.
> 
> * security = DOMAIN
>  This setting is for an NT4 domain. Use "security = ADS"
> 
> * Your ID mapping configuration is missing completely.
>  See https://wiki.samba.org/index.php/Identity_Mapping_Back_Ends
>  No warranty that this works for 3.6. Our documentation only
>  covers supported Samba versions.
> 
> 
> 
> 
> I recommend the following:
> 
> * Update Samba to a supported version (recommended: 4.6.0).
>  Samba 3.6 was released 2011. A lot of things regarding AD were
>  improved in later releases.
>  https://wiki.samba.org/index.php/Updating_Samba
> 
> * Read: https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
>  I recently rewrote the doc and it works for all supported versions.
> 


Thank you, it looks like I have stumbled on a old configuration that has not been maintained, I’ll do my best to get up to speed on samba and see if I can get a working configuration and/or new versin and get it to work.

Regards
Henrik

More information about the samba mailing list