[Samba] (no subject)

Dale samba at txschroeder.family
Thu Jul 2 21:14:25 UTC 2020

On 7/2/20 1:45 PM, Rowland penny via samba wrote:
> On 02/07/2020 18:27, jmpatagonia via samba wrote:
>> 1) Does 'getent passwd policia\gafranchello' produce output when run 
>> on a
>> Unix client ?
>> If try to logon on unis console
>> --> auth.log
>> Jul  2 14:13:59 samba-cliente sshd[11654]: Invalid user
>> POLICIA+gafranchello from
> Try adding these lines to all of your Unix machines:
> client max protocol = NT1
> server max protocol = NT1
> They will force your Samba machines to use SMBv1 and you need it for 
> an NT4-style domain (so yet another reason to upgrade)
> I take it that the machine is running headless, so can you log in via 
> ssh as a Unix user and run the getent command ?
> Until your users are known via 'getent' or 'id', then you will not get 
> Samba to work correctly.
>> The think is very complex because we have various products 
>> authenticating
>> whith ldap squid/git/syspass/moodle/openfire/zentyal/etc  and we are
>> modified and adapted the ldap schema with some ldap entries for this
>> products, the samba schema in the same schema (we have only one lsap
>> schema), and we interactive with this via a ad hoc developed interface.
>> Change or update samba to samba 4 AD implies that we have change the 
>> unis
>> schema, receding the interface, proves, etc it is to much time.
> Not half as much time as you will spend if your domain totally stops 
> working. Take smbldap-tools for instance, this isn't just EOL, it is 
> dead and disappeared, you cannot find the source code repository 
> anywhere on the internet, it is no longer maintained, so sooner or 
> later it will be removed by the distro's.
Oddly enough, after languishing untouched for nearly 8 years, Debian has 
had 3 smbldap-tools updates this year, although you will need to use 
Bullseye to get the updates.




>> We try once to implemente samba 4 AD and notice that the ldap schema are
>> very different that we have, so many changes, that implies to many
>> development on the interface.
> Yes AD uses its own schema and must be extended differently from 
> openldap etc, but it can be extended.
>> Know I thinking that is posible to make another ldap schema just for 
>> samba
>> 4 AD and continue using the other for rest of products, but this 
>> implies to
>> redising the interface to update users, groups on both schemas.
> That is the problem with trying to maintain two ldap versions
>> Another question: Thinking on samba 4 AD, when a user logon on desktop
>> client, it can map o access direct to resources shared on samba 
>> server or
>> need to authenticate almost at once ? Because actually on windows 
>> clients
>> this is not needed, when a user logon on domain can map or access shared
>> folders whitout authentication again.
> In this instance, a Samba AD client or server should work like a 
> Windows client or server.
> From the list of programs you listed above, I can not see one that 
> cannot be used with Samba AD, Zentyal (for instance) now uses Samba AD.
> If you require help in upgrading, we are here to help you.
> Rowland

More information about the samba mailing list