[Samba] AD integration not working after move/version

Marc Muehlfeld mmuehlfeld at samba.org
Sat Mar 18 18:28:45 UTC 2017 

Am 18.03.2017 um 18:27 schrieb Rowland Penny via samba:
>> First some nitpicks about your smb.conf:
>> * netbios aliases = string1
>>    Makes no sense to set an alias to exactly the same name
>>    as "server string" :-)
>
> Why ?

Sorry, my fault. I mixed "server string", which is just a comment, with 
"netbios name".




>> * encrypt passwords = yes
>>    This is default since a longer time.
>
> It doesn't matter if there or not.

Doesn't mean "this is default" exactly that it does not matter if it's 
there or not?




>> Ok. And now the things that are incorrect for a Samba AD domain
>> member:
>>
>> * realm = DOMAIN.NET   and   workgroup = WGNAME
>>    In this case, I would expect that "DOMAIN" is your NetBIOS domain
>>    name ("workgroup" setting), not something different. If this
>>    really matches your AD setup, it should work - but it's not
>>    the recommended way how to set up an AD.
>
> Well, Microsoft says you can use a netbios domain name that is
> different from the left part of the DNS name, so I suppose Samba
> should as well.

I just said that it's not recommended; neither that it's not allowed nor 
that it's not working.




>> * Your ID mapping configuration is missing completely.
>>    See https://wiki.samba.org/index.php/Identity_Mapping_Back_Ends
>>    No warranty that this works for 3.6. Our documentation only
>>    covers supported Samba versions.
>
> I notice it was missing as well, but the OP could be using something
> else instead of winbind. 'idmap config' existed on 3.6.0, so it should
> work.

Samba does only support Winbind, and not not "something else". :-)

I know we had "idmap config" in 3.6, but it was still new that time. 
Mentioning that the Wiki docs for the the latest versions might not work 
for the 6 year old 3.6 series seems reasonable to me, because parameters 
might have been added/removed and defaults changed.




>> I recommend the following:
>>
>> * Update Samba to a supported version (recommended: 4.6.0).
>>    Samba 3.6 was released 2011. A lot of things regarding AD were
>>    improved in later releases.
>
> Why recommend something, that the OP might not be able to do, without
> all the facts.

Based on the facts we have (he is running 3.6), I recommend updating. If 
he is not able to update, e. g. because Samba fails to built on his OS, 
he will tell us.


Regards,
Marc

More information about the samba mailing list