Web lists-archives.com

Re: [Samba] Samba 4 users - UID/GID - or how to migrate




Am 13.01.2019 um 20:41 schrieb Rowland Penny via samba:
On Sun, 13 Jan 2019 20:22:22 +0100
Anton Blau via samba <samba@xxxxxxxxxxxxxxx> wrote:

Hello,

I try to migrate my old SAMBA Installation to a new Installation.
SAMBA is running. But my Windows users can see the shares but cannot
open Files.

My old Installation /etc/samba/smb.con

...


         workgroup = DUCK
          server string = %h server (Samba, Ubuntu)
          interfaces = eth0 192.168.1.200/255.255.255.0 localhost
          bind interfaces only = Yes
          security = USER
          map to guest = Bad User
          obey pam restrictions = Yes
          pam password change = Yes
          passwd program = /usr/bin/passwd %u
          passwd chat = *Enter\snew\s*\spassword:* %n\n
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
          unix password sync = Yes
          log file = /var/log/samba/log.%M
          max log size = 1000
          time server = Yes
          unix extensions = No
          printcap name = cups
          logon script = %U\logon.bat
          logon path = \\gustav\profiles\%U\winxpprofile
          logon drive = z:
          logon home = \\gustav\profiles\%U\w9xprofile
          domain logons = Yes
          os level = 255
          preferred master = Yes
          domain master = Yes
          wins proxy = Yes
          wins support = Yes
          usershare allow guests = Yes

New (Proxmox LXV) with: /etc/samba/smb.con

       -- snip because false file

I think the problem is the mappig to the uid/gid of the new samba.

The user "testuser" on the old System has uid 500 and gid 100. I
created my testuser - who can access on the old Installation on the
new Installation:

samba-tool user create testuser --unix-home=/home/gerhard
--uid-number=501 --login-shell=/bin/bash --gid-number=100


What is to to to get full access?

Well, as you are using samba-tool to create users and your last post
was about setting up an AD DC, you could try setting up your Unix
domain member correctly and when you do, do not use such low ID numbers.
I suggest you read this:

https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member

Your smb.conf above is for an NT4-style PDC.

Rowland


Sorry,

I posted the wrong text. This is the /etc/samba/smb.conf (testparm) of the new LXC SAMBA Server:


 realm = SMBDOMAIN.DUCK
        workgroup = SMBDOMAIN
        dns forwarder = 192.168.1.254
        disable spoolss = Yes
        load printers = No
        printcap name = /dev/null
        passdb backend = samba_dsdb
        server role = active directory domain controller
        rpc_server:tcpip = no
        rpc_daemon:spoolssd = embedded
        rpc_server:spoolss = embedded
        rpc_server:winreg = embedded
        rpc_server:ntsvcs = embedded
        rpc_server:eventlog = embedded
        rpc_server:srvsvc = embedded
        rpc_server:svcctl = embedded
        rpc_server:default = external
        winbindd:use external pipes = true
        idmap_ldb:use rfc2307 = yes
        idmap config * : backend = tdb
        map archive = No
        map readonly = no
        store dos attributes = Yes
        printing = bsd
        vfs objects = dfs_samba4 acl_xattr

In future only the new Samba should run. So Samba is not a Domain Member. I hope I understand you correct.

NT4-style PDC should be migrated to AD DC.

Tony




--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba