Web lists-archives.com

Re: [Samba] AD integration not working after move/version

On Sat, 18 Mar 2017 17:26:11 +0100
Marc Muehlfeld via samba <samba@xxxxxxxxxxxxxxx> wrote:

> Hi Henrik,
> Am 18.03.2017 um 16:06 schrieb Henrik Johansson via samba:
> > Old version was 3.5.8 and the new version on the virtual host that
> > does not work is 3.6.25.
> That's not really a step forward to a supported Samba version. :-)
> https://wiki.samba.org/index.php/Samba_Release_Planning

Some people cannot upgrade, so they have to use what they have, but
without knowing what OS the OP is using, we don't know if they can
upgrade easily.

> First some nitpicks about your smb.conf:
> * netbios aliases = string1
>    Makes no sense to set an alias to exactly the same name
>    as "server string" :-)

Why ? 

> * password server: If there is not reason to only request some
>    specific servers, I would not limit this. If both are down,
>    Samba won't talk to other remaining DCs.

That is correct and 'man smb.conf' tells you not to do it this way, but
who reads manpages ;-)

> * encrypt passwords = yes
>    This is default since a longer time.

It doesn't matter if there or not.

> Ok. And now the things that are incorrect for a Samba AD domain
> member:
> * realm = DOMAIN.NET   and   workgroup = WGNAME
>    In this case, I would expect that "DOMAIN" is your NetBIOS domain
>    name ("workgroup" setting), not something different. If this
>    really matches your AD setup, it should work - but it's not
>    the recommended way how to set up an AD.

Well, Microsoft says you can use a netbios domain name that is
different from the left part of the DNS name, so I suppose Samba
should as well.
> * Your ID mapping configuration is missing completely.
>    See https://wiki.samba.org/index.php/Identity_Mapping_Back_Ends
>    No warranty that this works for 3.6. Our documentation only
>    covers supported Samba versions.

I notice it was missing as well, but the OP could be using something
else instead of winbind. 'idmap config' existed on 3.6.0, so it should

> I recommend the following:
> * Update Samba to a supported version (recommended: 4.6.0).
>    Samba 3.6 was released 2011. A lot of things regarding AD were
>    improved in later releases.

Why recommend something, that the OP might not be able to do, without
all the facts.


To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba