Re: [Samba] AD integration not working after move/version
- Date: Sat, 18 Mar 2017 19:28:45 +0100
- From: Marc Muehlfeld via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] AD integration not working after move/version
Am 18.03.2017 um 18:27 schrieb Rowland Penny via samba:
First some nitpicks about your smb.conf:
* netbios aliases = string1
Makes no sense to set an alias to exactly the same name
as "server string" :-)
Sorry, my fault. I mixed "server string", which is just a comment, with
* encrypt passwords = yes
This is default since a longer time.
It doesn't matter if there or not.
Doesn't mean "this is default" exactly that it does not matter if it's
there or not?
Ok. And now the things that are incorrect for a Samba AD domain
* realm = DOMAIN.NET and workgroup = WGNAME
In this case, I would expect that "DOMAIN" is your NetBIOS domain
name ("workgroup" setting), not something different. If this
really matches your AD setup, it should work - but it's not
the recommended way how to set up an AD.
Well, Microsoft says you can use a netbios domain name that is
different from the left part of the DNS name, so I suppose Samba
should as well.
I just said that it's not recommended; neither that it's not allowed nor
that it's not working.
* Your ID mapping configuration is missing completely.
No warranty that this works for 3.6. Our documentation only
covers supported Samba versions.
I notice it was missing as well, but the OP could be using something
else instead of winbind. 'idmap config' existed on 3.6.0, so it should
Samba does only support Winbind, and not not "something else". :-)
I know we had "idmap config" in 3.6, but it was still new that time.
Mentioning that the Wiki docs for the the latest versions might not work
for the 6 year old 3.6 series seems reasonable to me, because parameters
might have been added/removed and defaults changed.
I recommend the following:
* Update Samba to a supported version (recommended: 4.6.0).
Samba 3.6 was released 2011. A lot of things regarding AD were
improved in later releases.
Why recommend something, that the OP might not be able to do, without
all the facts.
Based on the facts we have (he is running 3.6), I recommend updating. If
he is not able to update, e. g. because Samba fails to built on his OS,
he will tell us.
To unsubscribe from this list go to the following URL and read the