[Samba] Samba AD 4.8.3 Windows Server 2016 Active Directory Users and Computers: The procedure number is out of range
Thomas Glanzmann
thomas at glanzmann.de
Wed Jul 18 16:18:46 UTC 2018
Hello Rowland,
> These shouldn't be set or are defaults:
> name resolve order = host
> passdb backend = tdbsam
> security = user
> domain logons = yes
> log level = 3
> os level = 64
> preferred master = yes
> local master = yes
> domain master = yes
> tls keyfile = key.pem
> tls certfile = cert.pem
> tls cafile = ca.pem
I kicked these out. I found the config somewhere on the Internet and
left the stuff I did not understand as provided.
> time server = yes
I have ntpd configured on the ip address which serves time. So I leave
it in.
> This is definitely wrong:
> dns forwarder = 127.0.0.1
> You do not forward to itself.
Acutally, I do. I have a recursive bind listening on 127.0.0.1 and
recursive name lookup works also via the SAMBA internal DNS
implementation. So I'm happy with it.
> This is all 'netlogon' needs:
> [netlogon]
> comment = Domain Logon Service
> path = /local/samba-config/v101/netlogon
> read only = no
fixed.
> 'sysvol' is okay except it needs to be writeable.
fixed as well.
> You also do not set the maximum password age with pdbedit.
I do, but you're saying I should not? I do in the shell script:
/local/samba/bin/samba-tool user setexpiry Administrator --noexpiry -s ${SAMBACONFIG}
/local/samba/bin/pdbedit -s ${SAMBACONFIG} -P "maximum password age" -C -1
While my active directories do not survive one week, I thought just to be on
the safe side, I disable password aging. Is there a better way?
> Yes try reading up on Samba AD more before trying to train others on
> how to use it. ;-)
Rest assured, I'm training no one on samba, I just need an active directory to
be able show a domain join with VMware products. That's all. However I was
quiet impressed how far samba has become. And how good it works. Can you
recommend a book or a documentation to get more familiar with SAMBA AD?
Thanks a lot. After your cleanup, I can now use Active Directory Users
and Computers. My new Samba Config is here:
https://thomas.glanzmann.de/static/63a3e0ba-8a9d-11e8-891f-f3ff022aacb0/smb-v101.conf.cleanedup
Cheers,
Thomas
More information about the samba
mailing list