[Samba] Samba 4 users - UID/GID - or how to migrate
Anton Blau
tony.blue.mailinglist at gmx.de
Sun Jan 13 20:41:39 UTC 2019
Am 13.01.2019 um 20:41 schrieb Rowland Penny via samba:
> On Sun, 13 Jan 2019 20:22:22 +0100
> Anton Blau via samba <samba at lists.samba.org> wrote:
>
>> Hello,
>>
>> I try to migrate my old SAMBA Installation to a new Installation.
>> SAMBA is running. But my Windows users can see the shares but cannot
>> open Files.
>>
>> My old Installation /etc/samba/smb.con
>>
>> ...
>>
>>
>> workgroup = DUCK
>> server string = %h server (Samba, Ubuntu)
>> interfaces = eth0 192.168.1.200/255.255.255.0 localhost
>> bind interfaces only = Yes
>> security = USER
>> map to guest = Bad User
>> obey pam restrictions = Yes
>> pam password change = Yes
>> passwd program = /usr/bin/passwd %u
>> passwd chat = *Enter\snew\s*\spassword:* %n\n
>> *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
>> unix password sync = Yes
>> log file = /var/log/samba/log.%M
>> max log size = 1000
>> time server = Yes
>> unix extensions = No
>> printcap name = cups
>> logon script = %U\logon.bat
>> logon path = \\gustav\profiles\%U\winxpprofile
>> logon drive = z:
>> logon home = \\gustav\profiles\%U\w9xprofile
>> domain logons = Yes
>> os level = 255
>> preferred master = Yes
>> domain master = Yes
>> wins proxy = Yes
>> wins support = Yes
>> usershare allow guests = Yes
>>
>> New (Proxmox LXV) with: /etc/samba/smb.con
>>
>> -- snip because false file
>>
>> I think the problem is the mappig to the uid/gid of the new samba.
>>
>> The user "testuser" on the old System has uid 500 and gid 100. I
>> created my testuser - who can access on the old Installation on the
>> new Installation:
>>
>> samba-tool user create testuser --unix-home=/home/gerhard
>> --uid-number=501 --login-shell=/bin/bash --gid-number=100
>>
>>
>> What is to to to get full access?
>>
> Well, as you are using samba-tool to create users and your last post
> was about setting up an AD DC, you could try setting up your Unix
> domain member correctly and when you do, do not use such low ID numbers.
> I suggest you read this:
>
> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
>
> Your smb.conf above is for an NT4-style PDC.
>
> Rowland
>
>
Sorry,
I posted the wrong text. This is the /etc/samba/smb.conf (testparm) of
the new LXC SAMBA Server:
realm = SMBDOMAIN.DUCK
workgroup = SMBDOMAIN
dns forwarder = 192.168.1.254
disable spoolss = Yes
load printers = No
printcap name = /dev/null
passdb backend = samba_dsdb
server role = active directory domain controller
rpc_server:tcpip = no
rpc_daemon:spoolssd = embedded
rpc_server:spoolss = embedded
rpc_server:winreg = embedded
rpc_server:ntsvcs = embedded
rpc_server:eventlog = embedded
rpc_server:srvsvc = embedded
rpc_server:svcctl = embedded
rpc_server:default = external
winbindd:use external pipes = true
idmap_ldb:use rfc2307 = yes
idmap config * : backend = tdb
map archive = No
map readonly = no
store dos attributes = Yes
printing = bsd
vfs objects = dfs_samba4 acl_xattr
In future only the new Samba should run. So Samba is not a Domain
Member. I hope I understand you correct.
NT4-style PDC should be migrated to AD DC.
Tony
More information about the samba
mailing list