[Samba] Migrate and Update (Samba 4.1 ADDC to Samba Latest Version on different Server).
Rowland Penny
rpenny at samba.org
Thu Nov 24 17:38:52 UTC 2022
On 24/11/2022 17:25, Juan Ignacio wrote:
> What is a 'member dc' ??
>
>
> Sorry I must say a member of the DC or domain member as i said before.
> Language Troubles.
>
> If your 'member dc' is just another DC, then that smb.conf is not valid
> because you do not use the 'idmap config' lines in a DC smb.conf
>
>
> No its member is a Unix Domain Member to clarify, so the smb.conf seems OK.
Sorry, but no it doesn't.
>
> I didn't make any changes on it, I must know if maybe I need to check
> resolv.conf and hosts and other info before demoting the primary old
> ad-dc...
>
> If your 'member dc' is actually a Unix domain member, then that smb.conf
> is not valid because there are no 'DOMAIN' 'idmap config' lines.
>
>
> Yea but we put these lines a long time ago, this is the complete global
> of the member file server.
>
>
Lets walk through your smb.conf:
> [global]
> netbios name = FILESERVER
You do not need to set 'netbios name', Samba will fill it in for you.
> security = ADS
> workgroup = OURDOMAIN
> realm = OURDOMAIN.ORG <http://OURDOMAIN.ORG>
>
> log file = /var/log/samba/%m.log
> log level = 10
>
> vfs objects = acl_xattr
> map acl inherit = yes
> store dos attributes = yes
>
> #WINBIND
> winbind enum users = yes
> winbind enum groups = yes
You do not need the 'winbind enum' lines, they can just slow things
down, winbind has to enumerate all users and groups.
> winbind refresh tickets = yes
> winbind use default domain = yes
> winbind cache time = 60
>
>
> # Default ID mapping configuration for local BUILTIN accounts
> # and groups on a domain member. The default (*) domain:
> # - must not overlap with any domain ID mapping configuration!
> # - must use a read-write-enabled back end, such as tdb.
> # - Adding just this is not enough
> # - You must set a DOMAIN backend configuration, see below
> idmap config * : backend = tdb
> idmap config * : range = 3000-7999
Now we come to the 'biggy', did you actually read the line above 'You
must set a DOMAIN backend configuration' ?
Obviously not, because you do not appear to have done so, I would expect
as a minimum:
idmap config OURDOMAIN : backend = rid
idmap config OURDOMAIN : range = 10000-999999
There are other idmap backends and you could use a different range, but
the ranges must not overlap.
>
> username map = /usr/local/samba/etc/user.map
>
> The samba was built from sources.
Doesn't matter where Samba comes from, you set it up the same, just
different paths.
Rowland
More information about the samba
mailing list