[Samba] Migration from 3.6.25-0ubuntu0.12.04.10 to 4.x with passdb backend = ldapsam

Vladimir Skubriev skubriev at cvisionlab.com
Wed Feb 21 12:26:26 UTC 2018


You a sure. I have already configured openldap, which is workd as expected
with old smb server.

net getlocalsid & net getdomainsid returns the same SID.
LDAP sambaDomainName=EXAMPLE has the same SID in attribute sambaSID.

Also DIT has windows groups like Domain Users' etc ...

Unfortunately I can not find the reason for the unexpected exit of child
smbd process.

Do your mean that I must remove all samba's data from ldap except dn:
sambaDomainName=FILESERVER,dc=domain,dc=ltd (as described to tune in
article)

2018-02-20 14:25 GMT+03:00 Rowland Penny via samba <samba at lists.samba.org>:

> On Tue, 20 Feb 2018 13:29:56 +0300
> Vladimir Skubriev via samba <samba at lists.samba.org> wrote:
>
> > > ```
> > > [global]
> > >
> > >    workgroup = EXAMPLE
> > >    server string =
> > >    dns proxy = no
> > >
> > >    interfaces = eth0
> > >    bind interfaces only = yes
> > >
> > >    log file = /var/log/samba/log.%m
> > >    max log size = 1000
> > >
> > > # new options
> > >    log level = 5
> > >    netbios name = FILES
> > >    #panic action = /usr/share/samba/panic-action %d
> > >    server role = STANDALONE SERVER
> > >
> > >    local master = no
> > >
> > >    security = user
> > >    encrypt passwords = true
> > >
> > >    #passdb backend = tdbsam
> > >    #obey pam restrictions = yes
> > >    passdb backend = ldapsam:"ldap://ldap/"
> > >    ldapsam:trusted=yes
> > >    ldapsam:editposix=yes
> > >
>
> OK, took a bit of time, but I think I understand what your problem is,
> you want a standalone server with an ldap backend, BUT you have these
> lines in smb.conf:
>
>   ldapsam:editposix = yes
>   ldapsam:trusted = yes
>
> These lines make Samba expect ldap to be set up as a PDC, it expects
> 'Domain Users' etc to exist, which they wont be on a standalone server.
>
> see here for an ldap/standalone server:
> http://lapsz.eu/blog/2013/09/04/standalone-samba-server-
> with-ldap-authentication/
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>



-- 
Faithfully yours,

CVision Lab System Administrator
Vladimir Skubriev


More information about the samba mailing list