Re: [Samba] Samba 4 users - UID/GID - or how to migrate

[Anton Blau via samba <samba@xxxxxxxxxxxxxxx>]

Am 13.01.2019 um 20:41 schrieb Rowland Penny via samba:
> On Sun, 13 Jan 2019 20:22:22 +0100
> Anton Blau via samba <samba@xxxxxxxxxxxxxxx> wrote:
>
> > Hello,
> >
> > I try to migrate my old SAMBA Installation to a new Installation.
> > SAMBA is running. But my Windows users can see the shares but cannot
> > open Files.
> >
> > My old Installation /etc/samba/smb.con
> >
> > ...
> >
> >
> >          workgroup = DUCK
> >           server string = %h server (Samba, Ubuntu)
> >           interfaces = eth0 192.168.1.200/255.255.255.0 localhost
> >           bind interfaces only = Yes
> >           security = USER
> >           map to guest = Bad User
> >           obey pam restrictions = Yes
> >           pam password change = Yes
> >           passwd program = /usr/bin/passwd %u
> >           passwd chat = *Enter\snew\s*\spassword:* %n\n
> > *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
> >           unix password sync = Yes
> >           log file = /var/log/samba/log.%M
> >           max log size = 1000
> >           time server = Yes
> >           unix extensions = No
> >           printcap name = cups
> >           logon script = %U\logon.bat
> >           logon path = \\gustav\profiles\%U\winxpprofile
> >           logon drive = z:
> >           logon home = \\gustav\profiles\%U\w9xprofile
> >           domain logons = Yes
> >           os level = 255
> >           preferred master = Yes
> >           domain master = Yes
> >           wins proxy = Yes
> >           wins support = Yes
> >           usershare allow guests = Yes
> >
> > New (Proxmox LXV) with: /etc/samba/smb.con
> >
> >        -- snip because false file
> >
> > I think the problem is the mappig to the uid/gid of the new samba.
> >
> > The user "testuser" on the old System has uid 500 and gid 100. I
> > created my testuser - who can access on the old Installation on the
> > new Installation:
> >
> > samba-tool user create testuser --unix-home=/home/gerhard
> > --uid-number=501 --login-shell=/bin/bash --gid-number=100
> >
> >
> > What is to to to get full access?
> Well, as you are using samba-tool to create users and your last post
> was about setting up an AD DC, you could try setting up your Unix
> domain member correctly and when you do, do not use such low ID numbers.
> I suggest you read this:
>
> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
>
> Your smb.conf above is for an NT4-style PDC.
>
> Rowland
Sorry,

I posted the wrong text. This is the /etc/samba/smb.conf (testparm) of 
the new LXC SAMBA Server:


 realm = SMBDOMAIN.DUCK
        workgroup = SMBDOMAIN
        dns forwarder = 192.168.1.254
        disable spoolss = Yes
        load printers = No
        printcap name = /dev/null
        passdb backend = samba_dsdb
        server role = active directory domain controller
        rpc_server:tcpip = no
        rpc_daemon:spoolssd = embedded
        rpc_server:spoolss = embedded
        rpc_server:winreg = embedded
        rpc_server:ntsvcs = embedded
        rpc_server:eventlog = embedded
        rpc_server:srvsvc = embedded
        rpc_server:svcctl = embedded
        rpc_server:default = external
        winbindd:use external pipes = true
        idmap_ldb:use rfc2307 = yes
        idmap config * : backend = tdb
        map archive = No
        map readonly = no
        store dos attributes = Yes
        printing = bsd
        vfs objects = dfs_samba4 acl_xattr

In future only the new Samba should run. So Samba is not a Domain 
Member. I hope I understand you correct.

NT4-style PDC should be migrated to AD DC.

Tony




--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba