[Samba] Difficulty with samba after updating from 3.6.6 to 4.9.0.0

Tue Jun 4 11:10:52 UTC 2019

On 03/06/2019 20:41, Rowland penny via samba wrote:
> On 03/06/2019 20:07, McGraw, Charles wrote:
>> The HP-UX Server is nothing more than a batch job server with file 
>> shares
>
> OK, I will try another tack, is the smb.conf from the HP-UX ?
>
> If not, where is it from ?
>
> Also, in a slightly different way, what does the authentication, an AD 
> DC or what ?
>
> If it is a an AD DC, is IDMU installed ?
>
> Rowland
>
>
>
>
OK, I will take a chance that the smb.conf is from the the HP (not that 
this really matters), that it is joined to an AD domain and IDMU is not 
installed.

These parameters no longer exist:

 Â Â Â Â Â Â Â  update encrypted = Yes
 Â Â Â Â Â Â Â  directory security mask = 0700
 Â Â Â Â Â Â Â  force directory security mode = 0700
 Â Â Â Â Â Â Â  unix ignore mask = No

You should allow Samba to find the best DC to use, so you don't need this:
 Â Â Â Â Â Â Â  password server = DomainController01

The passwords are stored in AD, so don't need these:
 Â Â Â Â Â Â Â  smb passwd file = /etc/opt/samba/private/smbpasswd
 Â Â Â Â Â Â Â  passwd program = /usr/bin/passwd %u

These only make sense on a PDC:
 Â Â Â Â Â Â Â  add user script = /opt/samba/bin/smbpasswd -%S -a -e -n
 Â Â Â Â Â Â Â  logon path = \\%L\profiles\.msprofile
 Â Â Â Â Â Â Â  logon drive = H:
 Â Â Â Â Â Â Â  logon home = \\%L\%U\.9xprofile
 Â Â Â Â Â Â Â  os level = 33

Finally, 'idmap uid/gid' has been replaced by 'idmap config' lines
 Â Â Â Â Â Â Â  idmap uid = 10000-20000
 Â Â Â Â Â Â Â  idmap gid = 10000-20000

Bearing the above in mind, I would try the following smb.conf:

global]
 Â Â Â Â Â Â Â  workgroup = BCACD001
 Â Â Â Â Â Â Â  realm = BCACD001.ATL.BLUECROSS.CA
 Â Â Â Â Â Â Â  server string = SERVER
 Â Â Â Â Â Â Â  security = ADS
 Â Â Â Â Â Â Â  log level = 3
 Â Â Â Â Â Â Â  log file = /var/adm/samba/samba-log.%m
 Â Â Â Â Â Â Â  domain master = No
 Â Â Â Â Â Â Â  lock directory = /etc/opt/samba/lock

 Â Â Â Â Â Â Â  ## map ids outside of domain to tdb files.
 Â Â Â Â Â Â Â  idmap config * : backend = tdb
 Â Â Â Â Â Â Â  idmap config * : range = 2000-9999
 Â Â Â Â Â Â Â  ## map ids from the domainÂ  the ranges may not overlap !
 Â Â Â Â Â Â Â  idmap config BCACD001 : backend = rid
 Â Â Â Â Â Â Â  idmap config BCACD001 : range = 10000-20000
 Â Â Â Â Â Â Â  winbind separator = /
 Â Â Â Â Â Â Â  print command = lp -c -d%p %s

There are other parameters that could be added, but one fence at a time ;-)

Rowland