Re: [Samba] Samba 4 users - UID/GID - or how to migrate
- Date: Sun, 13 Jan 2019 21:41:39 +0100
- From: Anton Blau via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] Samba 4 users - UID/GID - or how to migrate
Am 13.01.2019 um 20:41 schrieb Rowland Penny via samba:
On Sun, 13 Jan 2019 20:22:22 +0100
Anton Blau via samba <samba@xxxxxxxxxxxxxxx> wrote:
Hello,
I try to migrate my old SAMBA Installation to a new Installation.
SAMBA is running. But my Windows users can see the shares but cannot
open Files.
My old Installation /etc/samba/smb.con
...
workgroup = DUCK
server string = %h server (Samba, Ubuntu)
interfaces = eth0 192.168.1.200/255.255.255.0 localhost
bind interfaces only = Yes
security = USER
map to guest = Bad User
obey pam restrictions = Yes
pam password change = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
unix password sync = Yes
log file = /var/log/samba/log.%M
max log size = 1000
time server = Yes
unix extensions = No
printcap name = cups
logon script = %U\logon.bat
logon path = \\gustav\profiles\%U\winxpprofile
logon drive = z:
logon home = \\gustav\profiles\%U\w9xprofile
domain logons = Yes
os level = 255
preferred master = Yes
domain master = Yes
wins proxy = Yes
wins support = Yes
usershare allow guests = Yes
New (Proxmox LXV) with: /etc/samba/smb.con
-- snip because false file
I think the problem is the mappig to the uid/gid of the new samba.
The user "testuser" on the old System has uid 500 and gid 100. I
created my testuser - who can access on the old Installation on the
new Installation:
samba-tool user create testuser --unix-home=/home/gerhard
--uid-number=501 --login-shell=/bin/bash --gid-number=100
What is to to to get full access?
Well, as you are using samba-tool to create users and your last post
was about setting up an AD DC, you could try setting up your Unix
domain member correctly and when you do, do not use such low ID numbers.
I suggest you read this:
https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
Your smb.conf above is for an NT4-style PDC.
Rowland
Sorry,
I posted the wrong text. This is the /etc/samba/smb.conf (testparm) of
the new LXC SAMBA Server:
realm = SMBDOMAIN.DUCK
workgroup = SMBDOMAIN
dns forwarder = 192.168.1.254
disable spoolss = Yes
load printers = No
printcap name = /dev/null
passdb backend = samba_dsdb
server role = active directory domain controller
rpc_server:tcpip = no
rpc_daemon:spoolssd = embedded
rpc_server:spoolss = embedded
rpc_server:winreg = embedded
rpc_server:ntsvcs = embedded
rpc_server:eventlog = embedded
rpc_server:srvsvc = embedded
rpc_server:svcctl = embedded
rpc_server:default = external
winbindd:use external pipes = true
idmap_ldb:use rfc2307 = yes
idmap config * : backend = tdb
map archive = No
map readonly = no
store dos attributes = Yes
printing = bsd
vfs objects = dfs_samba4 acl_xattr
In future only the new Samba should run. So Samba is not a Domain
Member. I hope I understand you correct.
NT4-style PDC should be migrated to AD DC.
Tony
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba