[Samba] (no subject)
Rowland penny
rpenny at samba.org
Thu Jul 2 18:45:49 UTC 2020
On 02/07/2020 18:27, jmpatagonia via samba wrote:
> 1) Does 'getent passwd policia\gafranchello' produce output when run on a
> Unix client ?
> If try to logon on unis console
>
> --> auth.log
> Jul 2 14:13:59 samba-cliente sshd[11654]: Invalid user
> POLICIA+gafranchello from 172.33.10.1
Try adding these lines to all of your Unix machines:
client max protocol = NT1
server max protocol = NT1
They will force your Samba machines to use SMBv1 and you need it for an
NT4-style domain (so yet another reason to upgrade)
I take it that the machine is running headless, so can you log in via
ssh as a Unix user and run the getent command ?
Until your users are known via 'getent' or 'id', then you will not get
Samba to work correctly.
> The think is very complex because we have various products authenticating
> whith ldap squid/git/syspass/moodle/openfire/zentyal/etc and we are
> modified and adapted the ldap schema with some ldap entries for this
> products, the samba schema in the same schema (we have only one lsap
> schema), and we interactive with this via a ad hoc developed interface.
> Change or update samba to samba 4 AD implies that we have change the unis
> schema, receding the interface, proves, etc it is to much time.
Not half as much time as you will spend if your domain totally stops
working. Take smbldap-tools for instance, this isn't just EOL, it is
dead and disappeared, you cannot find the source code repository
anywhere on the internet, it is no longer maintained, so sooner or later
it will be removed by the distro's.
> We try once to implemente samba 4 AD and notice that the ldap schema are
> very different that we have, so many changes, that implies to many
> development on the interface.
Yes AD uses its own schema and must be extended differently from
openldap etc, but it can be extended.
> Know I thinking that is posible to make another ldap schema just for samba
> 4 AD and continue using the other for rest of products, but this implies to
> redising the interface to update users, groups on both schemas.
That is the problem with trying to maintain two ldap versions
> Another question: Thinking on samba 4 AD, when a user logon on desktop
> client, it can map o access direct to resources shared on samba server or
> need to authenticate almost at once ? Because actually on windows clients
> this is not needed, when a user logon on domain can map or access shared
> folders whitout authentication again.
In this instance, a Samba AD client or server should work like a Windows
client or server.
From the list of programs you listed above, I can not see one that
cannot be used with Samba AD, Zentyal (for instance) now uses Samba AD.
If you require help in upgrading, we are here to help you.
Rowland
More information about the samba
mailing list