[Samba] Migrating Samba NT4 Domain to Samba AD
Rowland penny
rpenny at samba.org
Thu Sep 19 18:49:21 UTC 2019
On 19/09/2019 19:33, Bartłomiej Solarz-Niesłuchowski via samba wrote:
> Dear List,
>
> After migration I have found some problems:
>
> 1.
>
> directives in /etc/samba/smb.conf
>
> force user
>
> force group
You shouldn't be using those anymore, you should use Windows ACLs
>
> I have found similar problems like here:
> https://bugzilla.samba.org/show_bug.cgi?id=11320
>
> if i have share:
>
> [global]
>
> workgroup = WSISIZ.EDU.PL
Is that really your workgroup name ?
I would have expected something like 'AD' based on your realm (which
incidentally should be in uppercase)
> realm = ad.wsisiz.edu.pl
> server role = member server
> security = ads
> ....
>
> winbind use default domain = Yes
>
> [admin]
>
> valid users = +laboratoria
> write list = +laboratoria
> force group = laboratoria
>
> i cannot connect:
>
> oceanic:~# smbclient \\oceanic\admins -U solarz
> Enter WSISIZ.EDU.PL\solarz's password:
> tree connect failed: NT_STATUS_NO_SUCH_GROUP
>
> BUT
>
> if i change "force group" to:
>
> force group = unix group\laboratoria
>
> it works! (prefix unix group is not documented?)
I think you had better post your full smb.conf from the Unix domain member.
>
> Samba is at version:
>
> Name : samba
> Epoch : 2
> Version : 4.10.7
> Release : 0.fc30
> Architecture: x86_64
>
>
> I have some strange problems with AD:
>
> at domain member:
>
> oceanic:~# wbinfo -n "WSISIZ.EDU.PL\\laboratoria"
> S-1-5-21-3156691614-3416019035-1284015310-3077 SID_DOM_GROUP (2)
> oceanic:~# wbinfo -Y S-1-5-21-3156691614-3416019035-1284015310-3077
> failed to call wbcSidToGid: WBC_ERR_DOMAIN_NOT_FOUND
> Could not convert sid S-1-5-21-3156691614-3416019035-1284015310-3077
> to gid
>
> oceanic:~# wbinfo --online-status
> BUILTIN : active connection
> OCEANIC : active connection
> WSISIZ.EDU.PL : active connection
>
> wbinfo -u and -g works as expected....
Bit meaningless on a Unix computer
>
> at DC AD server:
>
> root at themes:~# wbinfo -n "WSISIZ.EDU.PL\\laboratoria"
> S-1-5-21-3156691614-3416019035-1284015310-3077 SID_DOM_GROUP (2)
> root at themes:~# wbinfo -Y S-1-5-21-3156691614-3416019035-1284015310-3077
> 1038
> root at themes:~# wbinfo --online-status
> BUILTIN : active connection
> WSISIZ.EDU.PL : active connection
>
>
> It looks very strange ... Those conversion from sid to gid is an
> essential one?
>
As I said, post your smb.conf
Rowland
More information about the samba
mailing list