[Samba] DM 3.6.25 -> 4.x
Stefan G. Weichinger
lists at xunil.at
Wed May 30 12:17:19 UTC 2018
Am 2018-05-30 um 10:08 schrieb Rowland Penny via samba:
>> We have backups on tapes everyday, that is part of my job as well.
> Make sure the backups contain everything but the OS, from my
> experience, tape backups only contain some of the data. Whilst we are
> talking about tape backups, hasn't anybody realised that tape backups
> are so last century and from my experience very unreliable.
Not from my experience.
Tapes have less moving parts and a way longer lifetime than (rotating)
disks (spinning rust). OK, ymmv but LTO works reliably here.
And yes, we have / on tape. I am the amanda backup admin there as well
so we have that ;-) thanks for the pointer, though
>>> The config below is really outdated yes. This is what i would start
>>> netbios name = U1SECRETCUSTOMER
>>> netbios aliases = samba
>>> server string = U1SECRETCUSTOMER
>>> security = ads
>>> workgroup = SECRETCUSTOMER
>>> realm = SECRETCUSTOMER.INTRA
>>> domain master = no
>>> local master = no
>>> preferred master = no
>>> interfaces = 192.168.100.4/24
>>> bind interfaces only = Yes
>>> idmap config * : backend = tdb
>>> idmap config * : range = 2000-9999
>>> idmap config SECRETCUSTOMER : backend = rid
>>> idmap config SECRETCUSTOMER : range = 10000-20000
>>> # depending on the samba version. You might need these.
> You missed a line Louis ;-)
> # but only if you use the 'ad' backend
>>> #idmap config SECRETCUSTOMER : unix_nss_info = yes
>>> #idmap config SECRETCUSTOMER : unix_primary_group = yes
>>> winbind use default domain = yes
>>> winbind nss info = template
>>> template homedir = /mnt/MSA2040/smb/Homes/%D/%U
>>> template shell = /bin/false
> Two out of the three lines above are defaults
>>> vfs objects = acl_xattr
>>> map acl inherit = Yes
>>> store dos attributes = Yes
>>> unix extensions = no
>>> follow symlinks= yes
>>> wide links= yes
>>> unix charset = iso8859-15
>>> force unknown acl user = Yes
>>> load printers = no
>>> printcap name = /dev/null
>>> disable spoolss = yes
>>> # Audit settings
>>> vfs objects = full_audit
>>> full_audit:prefix = %u|%I|%S
>>> full_audit:failure = connect
>>> full_audit:success = mkdir rmdir write pwrite rename unlink
>>> chmod fchmod chown fchown ftruncate full_audit:facility = local5
>>> full_audit:priority = notice
>> Yes, thanks.
>> The idmap stuff scares me the most ;-)
> Why ? Once you get your head around it, you will probably wonder why
> yourself ;-)
Why? because I had to readjust that >3 times at another site, every time
was like "this is correct" and after a while something else popped up.
>> I will see when to start that, I have to keep the downtime at minimum
>> Would it make sense to do some intermediate step to a lower 4.x
>> version or go straight from 3.6.25 to 4.8.2 ?
> On a Unix domain member it won't make any difference, just go direct to
I asked them for a maintenance slot, we will see.
Holiday tmrw, I am injured from sports ... so I have time for that ;-)
More information about the samba