On Thu, 18 Dec 2014 17:57:55 +0000 Rowland Penny <rowlandpenny at googlemail.com> wrote:> Hi, After sorting out your smb.conf, it would seem that you are > running samba4 as an AD DC and then trying to add parts to it that > are either the defaults or are not required. I would suggest that you > reinstate the original smb.conf (you did keep a copy, didn't you ?), > delete most of, if not all, the Unix users you have added, then add > them again, but this time to your AD. Unlike samba 2, when running > samba 4 in AD mode, you cannot have Unix users that are also AD > users, you store everything in AD. >The FreeBSD Ports system for reasons unknown to me does not install ANY smb4.conf file and provides no example. The one I have came from someplace on the internet in the last couple of weeks. A pointer to a good minimal smb4.conf file would be appreciated. I have existing Unix users with many GB of files that I need to keep the UID the same for because of interactions with other systems and mounts via NFS. Is there any way to force user smith to have uid=50 for example, or am I stuck with the auto-assigned UIDs that end up in AD?> I would suggest that you have a read here: > https://wiki.samba.org/index.php/Main_PageI have poked about the wiki a bit, but could not sort this without resorting to the list, but I will again RTFM. Always good advice. Thanks.> > I know that you are testing here, but it would seem that samba 4.2 > will support OSX clients better, this version seems to be delayed due > to problems, but I am sure that the wait will be worth it. > > RowlandThat sounds good, but I will probably be deploying with 4.1.13 unless 4.2 makes it out before my testing is over. I have an immediate need that just cropped up because all of the sudden I have to bring some MS-Windows boxes into the mix here. For years the site has been running using just NFS. Thanks! -Brett -- wynkoop at wynn.com http://prd4.wynn.com/wynkoop/pgp-keys.txt 917-642-6925 929-272-0000 A free people ought to be armed. - George Washington
On 18/12/14 18:27, Brett Wynkoop wrote:> On Thu, 18 Dec 2014 17:57:55 +0000 > Rowland Penny <rowlandpenny at googlemail.com> wrote: > >> Hi, After sorting out your smb.conf, it would seem that you are >> running samba4 as an AD DC and then trying to add parts to it that >> are either the defaults or are not required. I would suggest that you >> reinstate the original smb.conf (you did keep a copy, didn't you ?), >> delete most of, if not all, the Unix users you have added, then add >> them again, but this time to your AD. Unlike samba 2, when running >> samba 4 in AD mode, you cannot have Unix users that are also AD >> users, you store everything in AD. >> > The FreeBSD Ports system for reasons unknown to me does not install ANY > smb4.conf file and provides no example. The one I have came from > someplace on the internet in the last couple of weeks. A pointer to a > good minimal smb4.conf file would be appreciated.I cannot speak about freeBSD as I do not use it, but as I said samba4 can be run in two modes, it can be run just like samba 3 in classic mode. In this mode, you need to supply the smb.conf and samba will run as a PDC/BDC, member server or client, you will need to start the smbd & nmbd deamons and optionally the winbindd deamon. You can also run samba4 as an Active Directory Domain Controller, in this mode, the smb.conf file will be created for you when you provision the domain with samba-tool. If you do run samba4 as an AD DC, you can use the id numbers you require by creating the users in AD and giving them a 'uidNumber' containing the id number. As I said, read the wiki and then decide which way you want to go, 'classic' or 'AD DC' Once you done this, come back with your new questions :-) Rowland> > I have existing Unix users with many GB of files that I need to keep > the UID the same for because of interactions with other systems and > mounts via NFS. Is there any way to force user smith to have uid=50 > for example, or am I stuck with the auto-assigned UIDs that end up in > AD? > >> I would suggest that you have a read here: >> https://wiki.samba.org/index.php/Main_Page > I have poked about the wiki a bit, but could not sort this without > resorting to the list, but I will again RTFM. Always good advice. > Thanks. > >> I know that you are testing here, but it would seem that samba 4.2 >> will support OSX clients better, this version seems to be delayed due >> to problems, but I am sure that the wait will be worth it. >> >> Rowland > > That sounds good, but I will probably be deploying with 4.1.13 unless > 4.2 makes it out before my testing is over. I have an immediate need > that just cropped up because all of the sudden I have to bring some > MS-Windows boxes into the mix here. For years the site has been > running using just NFS. > > Thanks! > > -Brett > > >
Rowland- Thanks so much for the info. I expect some of my confusion was the lack of initial smb4.conf. I will look at all you have told me to examine and come back with new questions, or a report that all is well in the land of Samba. -Brett -- wynkoop at wynn.com http://prd4.wynn.com/wynkoop/pgp-keys.txt 917-642-6925 929-272-0000 A free people ought to be armed. - George Washington
Greeting- Ok I went back and re-read the page on the AD DC HowTo, and now I remember that it was the first way I tried to set up the server two weeks ago. When I tried to start the server it failed to start, which is why I went searching out an smb4.conf online. I can go through the setup from the start again, but I am still at a loss as to how to match the UID numbers in the Samba AD to the historical UID numbers that all the existing unix users have. The situation is that historically everything here was Unix of some sort, but we are adding a small flock of windows boxes, which is why I am looking at trying to bring Samba 4 on line. If someone can point me to a clear simple explanation on how to force particular UIDs in Samba I would appreciate that. I will tackle the lack of encryption once I get the UID situation solved. Here is a partial output of pdbedit -Lv for my account: Unix username: wynkoop NT username: Account Flags: [U ] User SID: S-1-5-21-3503051414-2097048719-4239445089-1105 Primary Group SID: S-1-5-21-3503051414-2097048719-4239445089-513 Full Name: Home Directory: HomeDir Drive: (null) Logon Script: Profile Path: Domain: Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: 0 Kickoff time: never Password last set: Mon, 15 Dec 2014 15:17:39 EST Password can change: Mon, 15 Dec 2014 15:17:39 EST Password must change: never Last bad password : 0 Bad password count : 0 Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF I am not sure what Rowland meant when he said give them a UIDnumber containing the numbers I need. I do not see any field marked as UID above. Do I need to extend the database with the addition of another field? Thanks so much everyone. It has been years since I needed to use samba, so I am climbing the learning curve on this new version. -Brett -- wynkoop at wynn.com http://prd4.wynn.com/wynkoop/pgp-keys.txt 917-642-6925 929-272-0000 A free people ought to be armed. - George Washington