[Samba] canonicalize_connect_path failed for service
rpenny at samba.org
Mon Apr 23 10:48:11 UTC 2018
On Mon, 23 Apr 2018 20:09:50 +1000
Rob Thoman <emailthomasrob at gmail.com> wrote:
> Hi Rowland,
> We did the classicupgrade. Post the classicupgrade, we added a Windows
> 2008R2 server and dcpomo'd it. The original Samba box (classic DC)
It is the 'classic DC' that is throwing me, do you mean the original
PDC, or are you referring to the Samba AD DC that .classicupgrade'
produces ? if it is a PDC, then yes, turn it off or turn it into a Unix
domain member. If it is a Samba AD DC, then please stop using the term
'classic DC' because it is confusing.
> was where we did the classicupgrade. Did you mean that we need to
> shut that box down? Leaving a Windows DC (FSMO?) and Samba member
> server? Sorry I was not aware of this step. What if we hadn't added
> a Windows 08 box?
A Samba AD DC is just an AD DC, just as a Windows AD DC is just an AD
I have reorganised the [global] part of your smb.conf and added
# Global parameters
netbios name = CDR-FS01
security = ADS
workgroup = CDR
realm = CDR.INTERNAL
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
You do not need the above two lines, they do two things:
They make 'getent passwd' & 'getent group' show all records, this isn't
They slow things down.
idmap config * : backend = tdb
idmap config * : range = 3000-7999
idmap config CDR:backend = ad
idmap config CDR:schema_mode = rfc2307
idmap config CDR:range = 5000-6000
The ranges cannot overlap.
Do your users & groups have uidNumber & gidNumber attributes
containing numbers inside the '3000-7999' or '5000-6000' ranges ?
Based on what the user & group numbers are, will give you what the
range for 'CDR' should be. The '*' domain is for the Well Known SIDS
and anything outside the 'CDR' domain.
Also the 'idmap config' lines for 'CDR' may be incorrect, depending on
what version of Samba you are using, can I suggest you read this wiki
log level = 2 auth:5
log file = /var/log/samba/sambalog.%m
logon script = %U.bat
You don't use 'logon script' with AD, you just put the script in
More information about the samba