[Samba] classicupgrade

Rowland Penny rpenny at samba.org
Fri Oct 26 07:57:20 UTC 2018 

On Fri, 26 Oct 2018 08:27:10 +0200
Corrado Ravinetto via samba <samba at lists.samba.org> wrote:

> Hello
> I used 
> https://wiki.samba.org/index.php/Migrating_a_Samba_NT4_Domain_to_Samba_AD_(Classic_Upgrade)
> to migrated my old samba 3, i created a dc and a member file server,
> but on member i can't see id for usernames and groups.
> This is my smb.conf on dc
> 
> [global]
>          netbios name = DC1
>          realm = LXCERRUTI.COM
>          server role = active directory domain controller
>          workgroup = LXCERRUTI
>          idmap_ldb:use rfc2307 = yes
>          idmap config DOMAIN : unix_nss_info = yes
> 
>          ntlm auth = yes
>          winbind use default domain = yes
> 
> [netlogon]
>          path
> = /usr/local/samba/var/locks/sysvol/lxcerruti.com/scripts read only =
> No
> 
> and this is same file on member:
> 
> [global]
>         security = ADS
>         workgroup = LXCERRUTI
>         realm = LXCERRUTI.COM
> 
>          lanman auth = yes
>          ntlm auth = yes
> 
>         log file = /var/log/samba/%m.log
> 
>         idmap config * : range = 3000-7999
> 
>          idmap config LXCERRUTI : range = 9000-17999
>          idmap config LXCERRUTI : schema_mode = rfc2307
>          idmap config LXCERRUTI : unix_nss_info = yes
>          winbind use default domain = yes
>          winbind offline logon = yes
> 
> winbind is ok, on dc and member show correctly users and groups
> but my folders are without users and groups, only id
> 
> drwxrwx---.   3 3040 3290   150 23 mar  2017 vigna
> drwxrwx---.   2 3051 3238     6 20 mar  2014 zaia
> 
> what can i do ???

You have an 'idmap config' line missing.

There should be a line like this:
         idmap config LXCERRUTI : backend = <TYPE>

Where <TYPE> can be 'ad' or 'rid'.

As you have carried out a classicupgrade, you probably want 'ad', but
the 'range' must be appropriate to your user & group ID's in AD,
anything outside '9000-17999' will be ignored and if the gidNumber for
Domain Users isn't inside the range, all users will be ignored.

It might help if you read this:

https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member

Rowland

  
> 
> Thanks a lot
> 
> 
> 
> *Corrado Ravinetto *
> 
>

More information about the samba mailing list