Web lists-archives.com

Re: [Samba] AD integration not working after move/version




Am 18.03.2017 um 18:27 schrieb Rowland Penny via samba:
First some nitpicks about your smb.conf:
* netbios aliases = string1
   Makes no sense to set an alias to exactly the same name
   as "server string" :-)

Why ?

Sorry, my fault. I mixed "server string", which is just a comment, with "netbios name".




* encrypt passwords = yes
   This is default since a longer time.

It doesn't matter if there or not.

Doesn't mean "this is default" exactly that it does not matter if it's there or not?




Ok. And now the things that are incorrect for a Samba AD domain
member:

* realm = DOMAIN.NET   and   workgroup = WGNAME
   In this case, I would expect that "DOMAIN" is your NetBIOS domain
   name ("workgroup" setting), not something different. If this
   really matches your AD setup, it should work - but it's not
   the recommended way how to set up an AD.

Well, Microsoft says you can use a netbios domain name that is
different from the left part of the DNS name, so I suppose Samba
should as well.

I just said that it's not recommended; neither that it's not allowed nor that it's not working.




* Your ID mapping configuration is missing completely.
   See https://wiki.samba.org/index.php/Identity_Mapping_Back_Ends
   No warranty that this works for 3.6. Our documentation only
   covers supported Samba versions.

I notice it was missing as well, but the OP could be using something
else instead of winbind. 'idmap config' existed on 3.6.0, so it should
work.

Samba does only support Winbind, and not not "something else". :-)

I know we had "idmap config" in 3.6, but it was still new that time. Mentioning that the Wiki docs for the the latest versions might not work for the 6 year old 3.6 series seems reasonable to me, because parameters might have been added/removed and defaults changed.




I recommend the following:

* Update Samba to a supported version (recommended: 4.6.0).
   Samba 3.6 was released 2011. A lot of things regarding AD were
   improved in later releases.

Why recommend something, that the OP might not be able to do, without
all the facts.

Based on the facts we have (he is running 3.6), I recommend updating. If he is not able to update, e. g. because Samba fails to built on his OS, he will tell us.


Regards,
Marc




--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba