[Samba] Migrate and Update (Samba 4.1 ADDC to Samba Latest Version on different Server).
Juan Ignacio
juan.ignacio.pazos at gmail.com
Thu Nov 24 17:25:45 UTC 2022
>
> What is a 'member dc' ??
Sorry I must say a member of the DC or domain member as i said before.
Language Troubles.
If your 'member dc' is just another DC, then that smb.conf is not valid
> because you do not use the 'idmap config' lines in a DC smb.conf
>
No its member is a Unix Domain Member to clarify, so the smb.conf seems OK.
I didn't make any changes on it, I must know if maybe I need to check
resolv.conf and hosts and other info before demoting the primary old
ad-dc...
If your 'member dc' is actually a Unix domain member, then that smb.conf
> is not valid because there are no 'DOMAIN' 'idmap config' lines.
>
Yea but we put these lines a long time ago, this is the complete global of
the member file server.
[global]
netbios name = FILESERVER
security = ADS
workgroup = OURDOMAIN
realm = OURDOMAIN.ORG
log file = /var/log/samba/%m.log
log level = 10
vfs objects = acl_xattr
map acl inherit = yes
store dos attributes = yes
#WINBIND
winbind enum users = yes
winbind enum groups = yes
winbind refresh tickets = yes
winbind use default domain = yes
winbind cache time = 60
# Default ID mapping configuration for local BUILTIN accounts
# and groups on a domain member. The default (*) domain:
# - must not overlap with any domain ID mapping configuration!
# - must use a read-write-enabled back end, such as tdb.
# - Adding just this is not enough
# - You must set a DOMAIN backend configuration, see below
idmap config * : backend = tdb
idmap config * : range = 3000-7999
username map = /usr/local/samba/etc/user.map
The samba was built from sources.
El jue, 24 nov 2022 a las 13:59, Rowland Penny via samba (<
samba at lists.samba.org>) escribió:
>
>
> On 24/11/2022 15:54, Juan Ignacio wrote:
> >
> > Are you sure that there aren't any other 'idmap config' lines ?
> >
> > I would have expected lines for your DOMAIN
> >
> >
> > All the lines on the member file server are these.
> >
> > vfs objects = acl_xattr map acl inherit = yes store dos attributes =
> > yes
> >
> > #WINBIND winbind enum users = yes winbind enum groups = yes winbind
> > refresh tickets = yes winbind use default domain = yes winbind cache
> > time = 60
> >
> >
> > # Default ID mapping configuration for local BUILTIN accounts # and
> > groups on a domain member. The default (*) domain: # - must not
> > overlap with any domain ID mapping configuration! # - must use a
> > read-write-enabled back end, such as tdb. # - Adding just this is not
> > enough # - You must set a DOMAIN backend configuration, see below
> > idmap config * : backend = tdb idmap config * : range = 3000-7999
> >
> > username map = /usr/local/samba/etc/user.map
> >
> > The whole idea behind syncing idmap.ldb between DC's is to ensure
> > that they all use the ID's.
> >
> >
> > Yea but i have some differences between the ad-dc and member dc,
>
>
> What is a 'member dc' ??
>
> In Samba AD, you have DC's (which are all equal except for the FSMO
> roles, this include RODC's) and Unix & Windows domain members.
>
> The domain members get their ID's from the DC's, Windows uses the RID
> and Unix uses whatever winbind idmap backend that is chosen.
>
> If your 'member dc' is just another DC, then that smb.conf is not valid
> because you do not use the 'idmap config' lines in a DC smb.conf
>
> If your 'member dc' is actually a Unix domain member, then that smb.conf
> is not valid because there are no 'DOMAIN' 'idmap config' lines.
>
> Rowland
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list