[Samba] Difficulty with samba after updating from 3.6.6 to

Rowland penny rpenny at samba.org
Tue Jun 4 11:10:52 UTC 2019

On 03/06/2019 20:41, Rowland penny via samba wrote:
> On 03/06/2019 20:07, McGraw, Charles wrote:
>> The HP-UX Server is nothing more than a batch job server with file 
>> shares
> OK, I will try another tack, is the smb.conf from the HP-UX ?
> If not, where is it from ?
> Also, in a slightly different way, what does the authentication, an AD 
> DC or what ?
> If it is a an AD DC, is IDMU installed ?
> Rowland
OK, I will take a chance that the smb.conf is from the the HP (not that 
this really matters), that it is joined to an AD domain and IDMU is not 

These parameters no longer exist:

         update encrypted = Yes
         directory security mask = 0700
         force directory security mode = 0700
         unix ignore mask = No

You should allow Samba to find the best DC to use, so you don't need this:
         password server = DomainController01

The passwords are stored in AD, so don't need these:
         smb passwd file = /etc/opt/samba/private/smbpasswd
         passwd program = /usr/bin/passwd %u

These only make sense on a PDC:
         add user script = /opt/samba/bin/smbpasswd -%S -a -e -n
         logon path = \\%L\profiles\.msprofile
         logon drive = H:
         logon home = \\%L\%U\.9xprofile
         os level = 33

Finally, 'idmap uid/gid' has been replaced by 'idmap config' lines
         idmap uid = 10000-20000
         idmap gid = 10000-20000

Bearing the above in mind, I would try the following smb.conf:

         workgroup = BCACD001
         realm = BCACD001.ATL.BLUECROSS.CA
         server string = SERVER
         security = ADS
         log level = 3
         log file = /var/adm/samba/samba-log.%m
         domain master = No
         lock directory = /etc/opt/samba/lock

         ## map ids outside of domain to tdb files.
         idmap config * : backend = tdb
         idmap config * : range = 2000-9999
         ## map ids from the domain  the ranges may not overlap !
         idmap config BCACD001 : backend = rid
         idmap config BCACD001 : range = 10000-20000
         winbind separator = /
         print command = lp -c -d%p %s

There are other parameters that could be added, but one fence at a time ;-)


More information about the samba mailing list