Re: [Samba] AD integration not working after move/version
- Date: Sat, 18 Mar 2017 17:26:11 +0100
- From: Marc Muehlfeld via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] AD integration not working after move/version
Am 18.03.2017 um 16:06 schrieb Henrik Johansson via samba:
Old version was 3.5.8 and the new version on the virtual host that does not work is 3.6.25.
That's not really a step forward to a supported Samba version. :-)
# Global parameters
log file = /var/samba/log/clientlog.%m
dns proxy = No
acl check permissions = False
netbios aliases = string1
server string = string1
name resolve order = hosts bcast
realm = DOMAIN.NET
password server = server3.string1.net sever4.string1.net
# wins server = x.x.x.x
local master = no
workgroup = WGNAME
os level = 0
domain master = no
encrypt passwords = yes
security = DOMAIN
unix charset = ISO8859-1
max log size = 50
# Fix for not to do lpstat since we don't use printers in Samba
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
First some nitpicks about your smb.conf:
* netbios aliases = string1
Makes no sense to set an alias to exactly the same name
as "server string" :-)
* password server: If there is not reason to only request some
specific servers, I would not limit this. If both are down,
Samba won't talk to other remaining DCs.
* encrypt passwords = yes
This is default since a longer time.
This are just some improvement suggestions, but not related to your problem.
Ok. And now the things that are incorrect for a Samba AD domain member:
* realm = DOMAIN.NET and workgroup = WGNAME
In this case, I would expect that "DOMAIN" is your NetBIOS domain
name ("workgroup" setting), not something different. If this
really matches your AD setup, it should work - but it's not
the recommended way how to set up an AD.
* security = DOMAIN
This setting is for an NT4 domain. Use "security = ADS"
* Your ID mapping configuration is missing completely.
No warranty that this works for 3.6. Our documentation only
covers supported Samba versions.
I recommend the following:
* Update Samba to a supported version (recommended: 4.6.0).
Samba 3.6 was released 2011. A lot of things regarding AD were
improved in later releases.
* Read: https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
I recently rewrote the doc and it works for all supported versions.
To unsubscribe from this list go to the following URL and read the