Re: [Samba] Upgrading samba from jessie (4.2) to stretch (4.5) in AD mode...
- Date: Wed, 21 Jun 2017 18:06:45 +0200
- From: Marco Gaiarin via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] Upgrading samba from jessie (4.2) to stretch (4.5) in AD mode...
Mandi! L.P.H. van Belle via samba
In chel di` si favelave...
> He did not post smb.conf ;-)
It is full of comment, now, because i'm moving some settings from my
old 'NT' domain...
[From other thread...]
> If he has added 'security = user' to his smb.conf, he needs to remove
> it, you do not use this on a DC.
Clearly, i've removed that; i've added exclusively to finish the
post-installation task of debian package.
Sorry if iwas not clear.
> It looks like he got hit by the 'winbind package not installed on
> debian unless you ask for it' error.
> The rest is shown because he used testparm not samba-tool testparm
I don't know about that. ;-)
root@lupus:~# samba-tool testparm
Press enter to see a dump of your service definitions
# Global parameters
bind interfaces only = Yes
interfaces = lo eth0.17
netbios aliases = CUPS FILE MEDIA TIME
netbios name = LUPUS
realm = AD.CORSI.SV.LNF.IT
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate
workgroup = SVCORSI
ldap server require strong auth = allow_sasl_over_tls
logon drive = p:
logon home = \\LUPUS\%U
logon path = \\LUPUS\profiles\%U
logon script = startup.bat
load printers = Yes
printcap name = cups
server role = active directory domain controller
winbind enum groups = Yes
winbind enum users = Yes
winbind nss info = rfc2307
idmap config svcorsi : schema_mode = rfc2307
idmap config svcorsi : backend = ad
idmap_ldb:use rfc2307 = yes
dsdb:schema update allowed = true
printing = cups
effectively it is simpler. I've added surely 'ldap server require strong auth =
allow_sasl_over_tls' to make exim work, and 'dsdb:schema update allowed =
true' to modify schema.
Clearly i've added 'logon *' options bacause i need it. ;)
Other things probably added to make windbind NSS and PAM providers
work, but finally i've switched to SSSD.
dott. Marco Gaiarin GNUPG Key ID: 240A3D66
Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/
Polo FVG - Via della Bontà, 7 - 33078 - San Vito al Tagliamento (PN)
marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797
Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
To unsubscribe from this list go to the following URL and read the