JB
2016-Aug-04 10:12 UTC
[Samba] Migration from samba3 to samba4 : PDC doesn't not appear in network
Hello,
I'm trying to migrate an old PDC controller running samba 3.0.4 to a
more decent server. Now, I use samba 4.2.10 (from debian/jessie).
My smb.conf is :
# Global parameters
[global]
workgroup = CABINET
realm = SYSTELLA.NET
netbios name = CERVANTES
server role = active directory domain controller
security = user
encrypt passwords = yes
dns forwarder = 192.168.4.254
idmap_ldb:use rfc2307 = yes
server string = %h server
domain master = yes
local master = yes
domain logons = yes
os level = 65
logon path = \\%N\home\profile
logon drive = Z:
logon home = \\%N\home
logon script = netlogon.cmd
interfaces = 192.168.0.0/24 lo
hosts allow = 192.168.0., 127.0.0.
bind interfaces only = yes
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
pam password change = yes
vfs objects = acl_xattr
map acl inherit = yes
store dos attributes = yes
winbind nss info = rfc2307
winbind trusted domains only = no
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
log file = /var/log/samba/log.%m
max log size = 50
[netlogon]
comment = Network Logon Service
guest ok = yes
path = /var/lib/samba/sysvol/systella.net/scripts
read only = yes
[sysvol]
path = /var/lib/samba/sysvol
read only = yes
[home]
comment = Répertoire privé
path = /home/%u
create mask = 0700
directory mask = 0700
browseable = yes
writeable = yes
[partage]
comment = Répertoire partagé
path = /home/partage
force create mode = 0666
force directory mode = 0777
writable = yes
browseable = yes
[visiodent]
comment = Visiodent
path = /home/visiodent
force create mode = 0666
force directory mode = 0777
writable = yes
browseable = yes
and samba seems to be a active directory server. I have added without
error a workstation in this new domain. But I don't see controller in
network windows (I have tried from Windows XP). If I mannually run
net use X: \\cervantes\visiodent
I can add X: disk and all files from X: are browsable.
As server is not browsable, netlogon doesn't work as expected (I can
manually launch netlogon.cmd after successfully login).
I suppose I have done a mistake...
Any idea ?
Best regards,
JB
Rowland Penny
2016-Aug-04 10:49 UTC
[Samba] Migration from samba3 to samba4 : PDC doesn't not appear in network
On Thu, 4 Aug 2016 12:12:42 +0200 JB <jb at eikeo.com> wrote:> Hello, > > I'm trying to migrate an old PDC controller running samba > 3.0.4 to a more decent server. Now, I use samba 4.2.10 (from > debian/jessie). > > My smb.conf is : > > # Global parameters > [global] > workgroup = CABINET > realm = SYSTELLA.NET > netbios name = CERVANTES > server role = active directory domain controller > security = user > encrypt passwords = yes > dns forwarder = 192.168.4.254 > idmap_ldb:use rfc2307 = yes > server string = %h server > domain master = yes > local master = yes > domain logons = yes > os level = 65 > logon path = \\%N\home\profile > logon drive = Z: > logon home = \\%N\home > logon script = netlogon.cmd > interfaces = 192.168.0.0/24 lo > hosts allow = 192.168.0., 127.0.0. > bind interfaces only = yes > unix password sync = yes > passwd program = /usr/bin/passwd %u > passwd chat = *Enter\snew\s*\spassword:* %n\n > *Retype\snew\s*\spassword:* %n\n > *password\supdated\ssuccessfully* . pam password change = yes > vfs objects = acl_xattr > map acl inherit = yes > store dos attributes = yes > winbind nss info = rfc2307 > winbind trusted domains only = no > winbind use default domain = yes > winbind enum users = yes > winbind enum groups = yes > log file = /var/log/samba/log.%m > max log size = 50 > > [netlogon] > comment = Network Logon Service > guest ok = yes > path = /var/lib/samba/sysvol/systella.net/scripts > read only = yes > > [sysvol] > path = /var/lib/samba/sysvol > read only = yes > > [home] > comment = Répertoire privé > path = /home/%u > create mask = 0700 > directory mask = 0700 > browseable = yes > writeable = yes > > [partage] > comment = Répertoire partagé > path = /home/partage > force create mode = 0666 > force directory mode = 0777 > writable = yes > browseable = yes > > [visiodent] > comment = Visiodent > path = /home/visiodent > force create mode = 0666 > force directory mode = 0777 > writable = yes > browseable = yes > > and samba seems to be a active directory server. I have added without > error a workstation in this new domain. But I don't see controller in > network windows (I have tried from Windows XP). If I mannually run > > net use X: \\cervantes\visiodent > > I can add X: disk and all files from X: are browsable. > > As server is not browsable, netlogon doesn't work as expected (I can > manually launch netlogon.cmd after successfully login). > > I suppose I have done a mistake... > > Any idea ? > > Best regards, > > JB >Hi You now have a DC, your old domain used a PDC, in AD all DCs are supposed to be equal and to refer to the first DC as a PDC is confusing. Can I suggest you remove most of the lines that you have added to the [global] section, they are not required on a DC or are even making things worse. I hope the test workstation is just that, because it will now never see the PDC again without re-installing the OS. Finally, there is no network browsing with a Samba AD DC, AD works differently to your old NT4-style domain. Can I suggest your go and browse the Samba wiki: https://wiki.samba.org/index.php/Main_Page Rowland
JB
2016-Aug-04 11:08 UTC
[Samba] Migration from samba3 to samba4 : PDC doesn't not appear in network
Rowland Penny a écrit :> On Thu, 4 Aug 2016 12:12:42 +0200 > JB <jb at eikeo.com> wrote: > >> Hello, >> >> I'm trying to migrate an old PDC controller running samba >> 3.0.4 to a more decent server. Now, I use samba 4.2.10 (from >> debian/jessie). >> >> My smb.conf is : >> >> # Global parameters >> [global] >> workgroup = CABINET >> realm = SYSTELLA.NET >> netbios name = CERVANTES >> server role = active directory domain controller >> security = user >> encrypt passwords = yes >> dns forwarder = 192.168.4.254 >> idmap_ldb:use rfc2307 = yes >> server string = %h server >> domain master = yes >> local master = yes >> domain logons = yes >> os level = 65 >> logon path = \\%N\home\profile >> logon drive = Z: >> logon home = \\%N\home >> logon script = netlogon.cmd >> interfaces = 192.168.0.0/24 lo >> hosts allow = 192.168.0., 127.0.0. >> bind interfaces only = yes >> unix password sync = yes >> passwd program = /usr/bin/passwd %u >> passwd chat = *Enter\snew\s*\spassword:* %n\n >> *Retype\snew\s*\spassword:* %n\n >> *password\supdated\ssuccessfully* . pam password change = yes >> vfs objects = acl_xattr >> map acl inherit = yes >> store dos attributes = yes >> winbind nss info = rfc2307 >> winbind trusted domains only = no >> winbind use default domain = yes >> winbind enum users = yes >> winbind enum groups = yes >> log file = /var/log/samba/log.%m >> max log size = 50 >> >> [netlogon] >> comment = Network Logon Service >> guest ok = yes >> path = /var/lib/samba/sysvol/systella.net/scripts >> read only = yes >> >> [sysvol] >> path = /var/lib/samba/sysvol >> read only = yes >> >> [home] >> comment = Répertoire privé >> path = /home/%u >> create mask = 0700 >> directory mask = 0700 >> browseable = yes >> writeable = yes >> >> [partage] >> comment = Répertoire partagé >> path = /home/partage >> force create mode = 0666 >> force directory mode = 0777 >> writable = yes >> browseable = yes >> >> [visiodent] >> comment = Visiodent >> path = /home/visiodent >> force create mode = 0666 >> force directory mode = 0777 >> writable = yes >> browseable = yes >> >> and samba seems to be a active directory server. I have added without >> error a workstation in this new domain. But I don't see controller in >> network windows (I have tried from Windows XP). If I mannually run >> >> net use X: \\cervantes\visiodent >> >> I can add X: disk and all files from X: are browsable. >> >> As server is not browsable, netlogon doesn't work as expected (I can >> manually launch netlogon.cmd after successfully login). >> >> I suppose I have done a mistake... >> >> Any idea ? >> >> Best regards, >> >> JB >> > > > Hi > > You now have a DC, your old domain used a PDC, in AD all DCs are > supposed to be equal and to refer to the first DC as a PDC is confusing. > > Can I suggest you remove most of the lines that you have added to the > [global] section, they are not required on a DC or are even making > things worse. > > I hope the test workstation is just that, because it will now never > see the PDC again without re-installing the OS. > > Finally, there is no network browsing with a Samba AD DC, AD works > differently to your old NT4-style domain. > > Can I suggest your go and browse the Samba wiki: > > https://wiki.samba.org/index.php/Main_Page >I have installed my DC with this wiki. But I don't see what lines I can remove from my global section. Of course, before posting here, I have read PDC to DC migration process. I would keep something like roaming profiles and execute netlogon.cmd. Best regards, JB