[Samba] (no subject)
samba at txschroeder.family
Thu Jul 2 21:14:25 UTC 2020
On 7/2/20 1:45 PM, Rowland penny via samba wrote:
> On 02/07/2020 18:27, jmpatagonia via samba wrote:
>> 1) Does 'getent passwd policia\gafranchello' produce output when run
>> on a
>> Unix client ?
>> If try to logon on unis console
>> --> auth.log
>> Jul 2 14:13:59 samba-cliente sshd: Invalid user
>> POLICIA+gafranchello from 220.127.116.11
> Try adding these lines to all of your Unix machines:
> client max protocol = NT1
> server max protocol = NT1
> They will force your Samba machines to use SMBv1 and you need it for
> an NT4-style domain (so yet another reason to upgrade)
> I take it that the machine is running headless, so can you log in via
> ssh as a Unix user and run the getent command ?
> Until your users are known via 'getent' or 'id', then you will not get
> Samba to work correctly.
>> The think is very complex because we have various products
>> whith ldap squid/git/syspass/moodle/openfire/zentyal/etc and we are
>> modified and adapted the ldap schema with some ldap entries for this
>> products, the samba schema in the same schema (we have only one lsap
>> schema), and we interactive with this via a ad hoc developed interface.
>> Change or update samba to samba 4 AD implies that we have change the
>> schema, receding the interface, proves, etc it is to much time.
> Not half as much time as you will spend if your domain totally stops
> working. Take smbldap-tools for instance, this isn't just EOL, it is
> dead and disappeared, you cannot find the source code repository
> anywhere on the internet, it is no longer maintained, so sooner or
> later it will be removed by the distro's.
Oddly enough, after languishing untouched for nearly 8 years, Debian has
had 3 smbldap-tools updates this year, although you will need to use
Bullseye to get the updates.
>> We try once to implemente samba 4 AD and notice that the ldap schema are
>> very different that we have, so many changes, that implies to many
>> development on the interface.
> Yes AD uses its own schema and must be extended differently from
> openldap etc, but it can be extended.
>> Know I thinking that is posible to make another ldap schema just for
>> 4 AD and continue using the other for rest of products, but this
>> implies to
>> redising the interface to update users, groups on both schemas.
> That is the problem with trying to maintain two ldap versions
>> Another question: Thinking on samba 4 AD, when a user logon on desktop
>> client, it can map o access direct to resources shared on samba
>> server or
>> need to authenticate almost at once ? Because actually on windows
>> this is not needed, when a user logon on domain can map or access shared
>> folders whitout authentication again.
> In this instance, a Samba AD client or server should work like a
> Windows client or server.
> From the list of programs you listed above, I can not see one that
> cannot be used with Samba AD, Zentyal (for instance) now uses Samba AD.
> If you require help in upgrading, we are here to help you.
More information about the samba