Web lists-archives.com

Re: [Samba] Samba 4 users - UID/GID - or how to migrate




Am 13.01.2019 um 22:40 schrieb Rowland Penny via samba:
On Sun, 13 Jan 2019 21:41:39 +0100
Anton Blau via samba <samba@xxxxxxxxxxxxxxx> wrote:

Am 13.01.2019 um 20:41 schrieb Rowland Penny via samba:
On Sun, 13 Jan 2019 20:22:22 +0100
Anton Blau via samba <samba@xxxxxxxxxxxxxxx> wrote:


Rowland - thank you for your super help.
So, you only have the DC running in container but you do not want to run
another container with a Unix domain member in it. This does not make
sense, why not just run the DC on the computer without all the bother
of the container ?


The Server is a Proxmox/KVM- System. I thougt that is a good Idea to put the fileserver - like all another server daemons (Mail, ...) in a LXC.


Where did all those lines in your smb.conf come from ?

I posted the output of "testparm".

This is the /etc/samba/smb.conf

[global]
        netbios name = FILESERVER
        realm = SMBDOMAIN.DUCK
        workgroup = SMBDOMAIN
        dns forwarder = 192.168.1.254
        server role = active directory domain controller
        idmap_ldb:use rfc2307 = yes

  printing = bsd
  load printers = no
  printcap name = /dev/null
  disable spoolss = yes

[Allgemein]
   comment = Fuer jeden User zugreifbares Verzeichnis
   path = /srv/user
   public = yes
   browseable = yes
   writeable = yes
   read only = no
   create mode = 0777
   create mask = 0777
   directory mask = 0777

#[home]
# comment = Home Directories
#  path = /home/%D/%U
#  read only = no

[Daten]
  comment = Daten
  path = /srv
  read only = no

[netlogon]
        path = /var/lib/samba/sysvol/smbdomain.duck/scripts
        read only = No

[sysvol]
        path = /var/lib/samba/sysvol
        read only = No


By default, a Samba AD DC is only used for authentication and it isn't
set up to allow users to login or connect. To allow this on a Debian
computer, you need to install the libpam-winbind, libnss-winbind and
libpam-krb5 packages, you will also have to change /etc/nsswitch, so
that the passwd and group lines look like this:

passwd:         compat winbind
group:          compat winbind

I added this:

/etc/nsswitch.conf

passwd:         compat winbind
group:          compat winbind
shadow:         compat
gshadow:        files

hosts:          files dns
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis

(other lines unchanged).


You should then be able to run 'getent passwd AN_AD_USER' and get
something like this:

root@dc4:~# getent passwd rowland
SAMDOM\rowland:*:10000:10000:Rowland Penny:/home/rowland:/bin/bash

I get

root@fileserver:~# getent passwd testuser
SMBDOMAIN\testuser:*:501:100::/home/SMBDOMAIN/testuser:/bin/false


root@fileserver:~# ls /srv/user -la
total 2259116
drwxrwxrwx  6 SMBDOMAIN\testuser users         24 Jan 13 13:26 .
drwxr-xr-x 11 root              root          11 Jan 13 14:40 ..
drwx------  2 SMBDOMAIN\testuser users          7 Jan 13 13:26 .Papierkorb
-rw-r--r--  1              1000  1002    1327771 Nov 11 15:14 test.pdf
drwxr-xr-x  2 SMBDOMAIN\testuser users         18 Nov  4 15:44 Englisch Passiv ??bungen -rwxrwxr--  1              1012  1012      15593 Aug 12  2017 Checkliste.dotx

But if I try to connect from win 10 I get the Error-Message: Auf \\fileserver.duck\Allgemein kann nicht zugegriffen werden ...



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba