[Samba] moved DM config to new server : gids different etc
Stefan G. Weichinger
lists at xunil.at
Tue Nov 26 16:00:34 UTC 2019
Last week the mobo in a DM server died, so we had to set up a fallback
machine and reinstall Debian 10.2 including Samba
I had smb.conf but not /var/lib/samba in backups.
Restored krb5.conf and smb.conf, rejoined.
Things work mostly ...
but for example I get gid 10006 for "domain users" instead of 10513 before.
and getent group doesn't show the AD groups, btw
-
I have:
# /etc/nsswitch.conf
passwd: compat winbind
group: compat winbind
shadow: compat
gshadow: files
hosts: files dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
---
# cat /etc/samba/smb.conf
# Samba config file
# from sgw 2018/jun/15
# with help from Rowland
[global]
unix charset = iso8859-15
security = ads
realm = XYZ.INTRA
workgroup = XYZ
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
netbios aliases = u1XYZ
server string = U1XYZ
winbind cache time = 10
winbind use default domain = yes
winbind refresh tickets = Yes
template homedir = /mnt/MSA2040/smb/Homes/%D/%U
restrict anonymous = 2
domain master = no
local master = no
preferred master = no
invalid users = root bin daemon adm sync shutdown halt mail news \
uucp
obey pam restrictions = yes
interfaces = 192.168.100.4/24 127.0.0.1
bind interfaces only = Yes
idmap config * : range = 3000-7999
idmap config * : backend = tdb
idmap config XYZ : range = 10000-20000
idmap config XYZ : backend = rid
# For ACL support on domain member
vfs objects = acl_xattr full_audit
map acl inherit = Yes
store dos attributes = Yes
inherit acls = yes
unix extensions = no
follow symlinks= yes
wide links= yes
load printers = no
printcap name = /dev/null
acl allow execute always = True
# Audit settings
full_audit:prefix = %u|%I|%m|%S
full_audit:failure = connect
full_audit:success = mkdir rmdir read pread write pwrite rename unlink
full_audit:facility = local5
full_audit:priority = notice
---
wbinfo -u and -g work afaik
But permissions and ACLs are screwed up.
I might be missing some package to install ... or what ever ...
pls advise, Stefan
More information about the samba
mailing list