[Samba] Migrating Samba NT4 Domain to Samba AD

Bartłomiej Solarz-Niesłuchowski Bartlomiej.Solarz-Niesluchowski at wit.edu.pl
Thu Sep 19 18:33:56 UTC 2019


Dear List,

After migration I have found some problems:

1.

directives in /etc/samba/smb.conf

force user

force group

I have found similar problems like here: 
https://bugzilla.samba.org/show_bug.cgi?id=11320

if i have share:

[global]

         workgroup = WSISIZ.EDU.PL
         realm = ad.wsisiz.edu.pl
         server role = member server
         security = ads
  ....

         winbind use default domain = Yes

[admin]

  valid users = +laboratoria
  write list = +laboratoria
  force group = laboratoria

i cannot connect:

oceanic:~# smbclient \\oceanic\admins -U solarz
Enter WSISIZ.EDU.PL\solarz's password:
tree connect failed: NT_STATUS_NO_SUCH_GROUP

BUT

if i change "force group" to:

  force group = unix group\laboratoria

it works! (prefix unix group is not documented?)

Samba is at version:

Name        : samba
Epoch       : 2
Version     : 4.10.7
Release     : 0.fc30
Architecture: x86_64


I have some strange problems with AD:

at domain member:

oceanic:~# wbinfo -n "WSISIZ.EDU.PL\\laboratoria"
S-1-5-21-3156691614-3416019035-1284015310-3077 SID_DOM_GROUP (2)
oceanic:~# wbinfo -Y S-1-5-21-3156691614-3416019035-1284015310-3077
failed to call wbcSidToGid: WBC_ERR_DOMAIN_NOT_FOUND
Could not convert sid S-1-5-21-3156691614-3416019035-1284015310-3077 to gid

oceanic:~# wbinfo  --online-status
BUILTIN : active connection
OCEANIC : active connection
WSISIZ.EDU.PL : active connection

wbinfo -u and -g works as expected....

at DC AD server:

root at themes:~# wbinfo -n "WSISIZ.EDU.PL\\laboratoria"
S-1-5-21-3156691614-3416019035-1284015310-3077 SID_DOM_GROUP (2)
root at themes:~# wbinfo -Y S-1-5-21-3156691614-3416019035-1284015310-3077
1038
root at themes:~# wbinfo  --online-status
BUILTIN : active connection
WSISIZ.EDU.PL : active connection


It looks very strange ... Those conversion from sid to gid is an 
essential one?


Any help will be welcome.


Best Regards

-- 
Bartłomiej Solarz-Niesłuchowski, Administrator WSISiZ
e-mail: Bartlomiej.Solarz-Niesluchowski at wit.edu.pl
tel. 223486547, fax 223486501
JID: solarz at jabber.wit.edu.pl
01-447 Warszawa, ul. Newelska 6, pokój 421, pon.-pt. 8-16
Motto - Jak sobie pościelisz tak sie wyśpisz




More information about the samba mailing list