[Samba] testparm comaprison
Trenta sis
trenta.sis at gmail.com
Mon Sep 23 12:42:36 UTC 2019
Thanks, ntlm auth is temporary until we have solved some issues
getent is needed by filesystem acl
thanks for all
Missatge de Trenta sis <trenta.sis at gmail.com> del dia dl., 23 de set.
2019 a les 12:37:
>
> Hi,
>
> Thanks, Well winbind enum is needed, and ntlm auth is required by some
> applications, seems that samba has disabled by default but windows has
> enabled, we have to migrate some old applications
>
> I understand taht is OK with yout comments
>
> thanks
>
> Missatge de Trenta sis <trenta.sis at gmail.com> del dia dl., 23 de set.
> 2019 a les 11:22:
> >
> > Hi,
> >
> > I have used testparm.
> >
> > smb.conf from dc1 4.4.5
> > # Global parameters
> > [global]
> >
> > bind interfaces only = Yes
> > interfaces = lo eth0 eth0:0
> > netbios name = server1
> > realm = DOMAIN.COM
> > server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
> > drepl, winbindd, ntp_signd, kcc, dnsupdate
> > workgroup = DOMAIN
> > server role = active directory domain controller
> > idmap_ldb:use rfc2307 = yes
> > comment =
> >
> > winbind enum users = yes
> > winbind enum groups = yes
> >
> > tls enabled = yes
> > tls keyfile = tls/server1.pem.key
> > tls certfile = tls/server1.pem.crt
> > tls cafile = tls/ca.pem.crt
> >
> >
> > tls verify peer = ca_and_name
> >
> > ldap server require strong auth = no
> >
> >
> > [netlogon]
> > path = /usr/local/samba/var/locks/sysvol/domain.com/scripts
> > read only = No
> >
> > [sysvol]
> > path = /usr/local/samba/var/locks/sysvol
> > read only = No
> >
> >
> > smb.conf dc2 4.10.7
> > # Global parameters
> > [global]
> > bind interfaces only = Yes
> > interfaces = lo eth0 eth0:0
> > netbios name = server2
> > realm = DOMAIN.COM
> > server role = active directory domain controller
> > server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
> > drepl, winbindd, ntp_signd, kcc, dnsupdate
> > workgroup = DOMAIN
> > idmap_ldb:use rfc2307 = yes
> >
> > winbind enum users = yes
> > winbind enum groups = yes
> >
> > tls enabled = yes
> > tls keyfile = tls/server2.pem.key
> > tls certfile = tls/server2.pem.crt
> > tls cafile = tls/ca.pem.crt
> >
> >
> > tls verify peer = ca_and_name
> >
> > ldap server require strong auth = no
> >
> > # tmp lan
> > ntlm auth = yes
> >
> >
> > [netlogon]
> > path = /usr/local/samba/var/locks/sysvol/domain.com/scripts
> > read only = No
> >
> > [sysvol]
> > path = /usr/local/samba/var/locks/sysvol
> > read only = No
> >
> > It seems that samba-tool testparm doesn't show
> > map readonly = no
> > store dos attributes = Yes
> >
> > Our actual config is good?
> > Next step is demote and rejoin 4.4.5, and then I'll suspect that this
> > attributes will be removed with 4.10.7, but not sure if this can have
> > any impact to our infraestructure
> >
> > thanks
> >
> >
> > Missatge de Trenta sis <trenta.sis at gmail.com> del dia dl., 23 de set.
> > 2019 a les 10:46:
> > >
> > > Hi,
> > >
> > > Recently we have added 4.10.7 as additional dc, to our existing 4.4.5
> > > samba AD DC, comparing output testparm I have detected that 4.4.5 has
> > > map readonly = no
> > > store dos attributes = Yes
> > >
> > > but 4.10.7 doesn't have
> > >
> > > Also compared smb.conf and both has the same configuration.
> > >
> > > Is this correct? Are required this configurations on 4.10.7?
> > > In a few day I want to upgrade this 4.4.5 with rejoin, but I'm not
> > > sure what I have to do with this two differences
> > >
> > > Thanks
More information about the samba
mailing list