[Samba] Samba 4 users - UID/GID - or how to migrate
Anton Blau
tony.blue.mailinglist at gmx.de
Sun Jan 13 22:11:53 UTC 2019
Am 13.01.2019 um 22:40 schrieb Rowland Penny via samba:
> On Sun, 13 Jan 2019 21:41:39 +0100
> Anton Blau via samba <samba at lists.samba.org> wrote:
>
>> Am 13.01.2019 um 20:41 schrieb Rowland Penny via samba:
>>> On Sun, 13 Jan 2019 20:22:22 +0100
>>> Anton Blau via samba <samba at lists.samba.org> wrote:
>>>
>>>
Rowland - thank you for your super help.
> So, you only have the DC running in container but you do not want to run
> another container with a Unix domain member in it. This does not make
> sense, why not just run the DC on the computer without all the bother
> of the container ?
The Server is a Proxmox/KVM- System. I thougt that is a good Idea to put
the fileserver - like all another server daemons (Mail, ...) in a LXC.
> Where did all those lines in your smb.conf come from ?
I posted the output of "testparm".
This is the /etc/samba/smb.conf
[global]
netbios name = FILESERVER
realm = SMBDOMAIN.DUCK
workgroup = SMBDOMAIN
dns forwarder = 192.168.1.254
server role = active directory domain controller
idmap_ldb:use rfc2307 = yes
printing = bsd
load printers = no
printcap name = /dev/null
disable spoolss = yes
[Allgemein]
comment = Fuer jeden User zugreifbares Verzeichnis
path = /srv/user
public = yes
browseable = yes
writeable = yes
read only = no
create mode = 0777
create mask = 0777
directory mask = 0777
#[home]
# comment = Home Directories
# path = /home/%D/%U
# read only = no
[Daten]
comment = Daten
path = /srv
read only = no
[netlogon]
path = /var/lib/samba/sysvol/smbdomain.duck/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
> By default, a Samba AD DC is only used for authentication and it isn't
> set up to allow users to login or connect. To allow this on a Debian
> computer, you need to install the libpam-winbind, libnss-winbind and
> libpam-krb5 packages, you will also have to change /etc/nsswitch, so
> that the passwd and group lines look like this:
>
> passwd: compat winbind
> group: compat winbind
>
I added this:
/etc/nsswitch.conf
passwd: compat winbind
group: compat winbind
shadow: compat
gshadow: files
hosts: files dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
(other lines unchanged).
> You should then be able to run 'getent passwd AN_AD_USER' and get
> something like this:
>
> root at dc4:~# getent passwd rowland
> SAMDOM\rowland:*:10000:10000:Rowland Penny:/home/rowland:/bin/bash
I get
root at fileserver:~# getent passwd testuser
SMBDOMAIN\testuser:*:501:100::/home/SMBDOMAIN/testuser:/bin/false
root at fileserver:~# ls /srv/user -la
total 2259116
drwxrwxrwx 6 SMBDOMAIN\testuser users 24 Jan 13 13:26 .
drwxr-xr-x 11 root root 11 Jan 13 14:40 ..
drwx------ 2 SMBDOMAIN\testuser users 7 Jan 13 13:26 .Papierkorb
-rw-r--r-- 1 1000 1002 1327771 Nov 11 15:14 test.pdf
drwxr-xr-x 2 SMBDOMAIN\testuser users 18 Nov 4 15:44 Englisch
Passiv ??bungen
-rwxrwxr-- 1 1012 1012 15593 Aug 12 2017
Checkliste.dotx
But if I try to connect from win 10 I get the Error-Message: Auf
\\fileserver.duck\Allgemein kann nicht zugegriffen werden ...
More information about the samba
mailing list