[Samba] Samba 3.6.23 (IBM version), Windows AD at the functional 2003 level

Rowland penny rpenny at samba.org
Wed Oct 30 18:54:12 UTC 2019 

On 30/10/2019 17:49, Bob Wyatt wrote:
> -----Original Message-----
> From: Rowland penny <rpenny at samba.org>
> Sent: Wednesday, October 30, 2019 4:06 AM
> To: samba at lists.samba.org
> Subject: Re: [Samba] Samba 3.6.23 (IBM version), Windows AD at the functional 2003 level
>
> On 29/10/2019 22:47, Bob Wyatt via samba wrote:
>> My apologies (again!) for asking about this old, venerable release.
>>
>> The client is upgrading to 4.10 or 4.11 in early December.
>>
>>    
>>
>> The AIX server was joined to a functional Windows 2000 domain in 2015.
>>
>> The AD server has since been upgraded to functional Windows Server 2003
>> sometime since.
>>
>>
>> Sorry, Rowland - I need to find a better E-mail client for this than Outlook (or change my settings)...
>>
>> Anyway, not knowing whether attachments are accepted, here is an anonymized and shortened (not showing all of the shares) smb.conf file...
>> I added a comment for Joe and Jane...
>>
>> # Samba config file created using SWAT
That is something else that is dead, it no longer exists in supported 
Samba versions.
>> # from UNKNOWN (172.16.XXX.yy)
>> # Date: 2015/02/05 11:39:52
>>
>> [global]
>>          interfaces = eth0 172.21.xx.yy/255.255.0.0
>>          workgroup = domainname
>>          security = domain
You really should be using 'security = ADS'
>>          encrypt passwords = yes
That is a default setting
>>         # Below changed to 172.16.aa.bb for Jane; is Joe's address
>>          password server = 172.16.xx.yy
You should remove that line and allow Samba to find the AD DC
>>          deadtime = 15
>>          load printers = No
>>          local master = No
>>          remote announce = 172.16.255.255/domainname 172.20.255.255/domainname
'remote announce' is really meant for an NT4-style domain
>>          case sensitive = Yes
>>          hide dot files = No
>>
>> [homes]
>>          path = /home/%u
>>          valid users = fjf,root
>>          admin users = fjf,root
>>          read only = No
>>          case sensitive = No
Have you only got two users (fjf & root) ? I ask this because they are 
the only users that will get a home dir
>>
>> [printers]
>>          comment = All Printers
>>          path = /tmp
>>          guest ok = Yes
>>          printable = Yes
>>          browseable = No
>>
>>
Now we come to the main problem, you do not seem to have any 
authentication lines.

Do you have your users in /etc/passwd and groups in /etc/group ?

Rowland

More information about the samba mailing list