Re: [Samba] Upgrading samba from jessie (4.2) to stretch (4.5) in AD mode...

Mandi! L.P.H. van Belle via samba
  In chel di` si favelave...

> He did not post smb.conf ;-) 

It is full of comment, now, because i'm moving some settings from my
old 'NT' domain...

[From other thread...]

> If he has added 'security = user' to his smb.conf, he needs to remove
> it, you do not use this on a DC.

Clearly, i've removed that; i've added exclusively to finish the
post-installation task of debian package.
Sorry if iwas not clear.

> It looks like he got hit by the 'winbind package not installed on
> debian unless you ask for it' error.


> The rest is shown because he used testparm not samba-tool testparm 

I don't know about that. ;-)

 root@lupus:~# samba-tool testparm 
 Press enter to see a dump of your service definitions
 # Global parameters
	bind interfaces only = Yes
	interfaces = lo eth0.17
	netbios aliases = CUPS FILE MEDIA TIME
	netbios name = LUPUS
	server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate
	workgroup = SVCORSI
	ldap server require strong auth = allow_sasl_over_tls
	logon drive = p:
	logon home = \\LUPUS\%U
	logon path = \\LUPUS\profiles\%U
	logon script = startup.bat
	load printers = Yes
	printcap name = cups
	server role = active directory domain controller
	winbind enum groups = Yes
	winbind enum users = Yes
	winbind nss info = rfc2307
	idmap config svcorsi : schema_mode = rfc2307
	idmap config svcorsi : backend = ad
	idmap_ldb:use rfc2307 = yes
	dsdb:schema update allowed = true
	comment = 
	printing = cups

effectively it is simpler. I've added surely 'ldap server require strong auth =
allow_sasl_over_tls' to make exim work, and 'dsdb:schema update allowed =
true' to modify schema.
Clearly i've added 'logon *' options bacause i need it. ;)

Other things probably added to make windbind NSS and PAM providers
work, but finally i've switched to SSSD.


