[Samba] testparm comaprison

Trenta sis trenta.sis at gmail.com
Mon Sep 23 10:37:16 UTC 2019 

Hi,

Thanks, Well winbind enum is needed, and ntlm auth is required by some
applications, seems that samba has disabled by default but windows has
enabled, we have to migrate some old applications

I understand taht is OK with yout comments

thanks

Missatge de Trenta sis <trenta.sis at gmail.com> del dia dl., 23 de set.
2019 a les 11:22:
>
> Hi,
>
> I have used testparm.
>
> smb.conf from dc1 4.4.5
> # Global parameters
> [global]
>
>         bind interfaces only = Yes
>         interfaces = lo eth0 eth0:0
>         netbios name = server1
>         realm = DOMAIN.COM
>         server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
> drepl, winbindd, ntp_signd, kcc, dnsupdate
>         workgroup = DOMAIN
>         server role = active directory domain controller
>         idmap_ldb:use rfc2307 = yes
>         comment =
>
>         winbind enum users = yes
>         winbind enum groups = yes
>
>         tls enabled = yes
>         tls keyfile = tls/server1.pem.key
>         tls certfile = tls/server1.pem.crt
>         tls cafile = tls/ca.pem.crt
>
>
>         tls verify peer = ca_and_name
>
>         ldap server require strong auth = no
>
>
> [netlogon]
>         path = /usr/local/samba/var/locks/sysvol/domain.com/scripts
>         read only = No
>
> [sysvol]
>         path = /usr/local/samba/var/locks/sysvol
>         read only = No
>
>
> smb.conf dc2 4.10.7
> # Global parameters
> [global]
>         bind interfaces only = Yes
>         interfaces = lo eth0 eth0:0
>         netbios name = server2
>         realm = DOMAIN.COM
>         server role = active directory domain controller
>         server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
> drepl, winbindd, ntp_signd, kcc, dnsupdate
>         workgroup = DOMAIN
>         idmap_ldb:use rfc2307  = yes
>
>         winbind enum users = yes
>         winbind enum groups = yes
>
>         tls enabled = yes
>         tls keyfile = tls/server2.pem.key
>         tls certfile = tls/server2.pem.crt
>         tls cafile = tls/ca.pem.crt
>
>
>         tls verify peer = ca_and_name
>
>         ldap server require strong auth = no
>
>        # tmp lan
>        ntlm auth = yes
>
>
> [netlogon]
>         path = /usr/local/samba/var/locks/sysvol/domain.com/scripts
>         read only = No
>
> [sysvol]
>         path = /usr/local/samba/var/locks/sysvol
>         read only = No
>
> It seems that samba-tool testparm doesn't show
>         map readonly = no
>         store dos attributes = Yes
>
> Our actual config is good?
> Next step is demote and rejoin 4.4.5, and then I'll suspect that this
> attributes will be removed with 4.10.7, but not sure if this can have
> any impact to our infraestructure
>
> thanks
>
>
> Missatge de Trenta sis <trenta.sis at gmail.com> del dia dl., 23 de set.
> 2019 a les 10:46:
> >
> > Hi,
> >
> > Recently we have added 4.10.7 as additional dc, to our existing 4.4.5
> > samba AD DC, comparing output testparm I have detected that 4.4.5 has
> >         map readonly = no
> >         store dos attributes = Yes
> >
> > but 4.10.7 doesn't have
> >
> > Also compared smb.conf and both has the same configuration.
> >
> > Is this correct? Are required this configurations on 4.10.7?
> > In a few day I want to upgrade this 4.4.5 with rejoin, but I'm not
> > sure what I have to do with this two differences
> >
> > Thanks

More information about the samba mailing list