On Wed, 25 Feb 2015 19:48:07 +0000 Rowland Penny <rowlandpenny at googlemail.com> wrote:> OK, you would appear to be running samba4 in AD mode, i.e. you > provisioned it. > > You have now tried to add things to your smb.conf to make it work > like samba3, this will not work! Put your smb.conf back to what it > was like just after the provision and then go and read the samba > wiki : https://wiki.samba.org/index.php/Main_Page and search the > internet on how to run an Active Directory domain. This will probably > entail adding 'uidNumber' attributes to your AD users and 'gidNumber' > attributes to some of your AD groups. > > As for creating users & groups, samba 4 comes with 'samba-tool' for > more info on this, run 'samba-tool --help' or 'samba-tool user add > --help', you can also run 'man samba-tool' > > Rowland >The config file produced by samba-tool produced a server that would allow no connections. Here is the samba-tool produced config: root at prd2:/usr/local/etc # cat smb4.conf.initial # Global parameters [global] workgroup = WYNN realm = WYNN.COM netbios name = PRD2 server role = active directory domain controller dns forwarder = 199.89.147.1 idmap_ldb:use rfc2307 = yes [netlogon] path = /var/db/samba4/sysvol/wynn.com/scripts read only = No [sysvol] path = /var/db/samba4/sysvol read only = No This is not the first time you have said "read the documentation". I have 30 years as a Unix admin and have been reading and writing documentation for as long. I will point out that the first time I came to this group with this issue I had spent 3 weeks reading everything I could find on the web to find a solution. This included the official docs as well as any other source that seemed to have any information. Now after a couple of months away from the project because of other matters that were more pressing at the time I have returned to the problem. I did the same due diligence before I made my most recent request for help. It is most refreshing to get the answer RTFM yet again. Thank you for all your help. -Brett -- wynkoop at wynn.com http://prd4.wynn.com/wynkoop/pgp-keys.txt 917-642-6925 929-272-0000 Amendment III No soldier shall, in time of peace be quartered in any house, without the consent of the owner, nor in time of war, but in a manner to be prescribed by law.
On 26/02/15 22:24, Brett Wynkoop wrote:> On Wed, 25 Feb 2015 19:48:07 +0000 > Rowland Penny <rowlandpenny at googlemail.com> wrote: > >> OK, you would appear to be running samba4 in AD mode, i.e. you >> provisioned it. >> >> You have now tried to add things to your smb.conf to make it work >> like samba3, this will not work! Put your smb.conf back to what it >> was like just after the provision and then go and read the samba >> wiki : https://wiki.samba.org/index.php/Main_Page and search the >> internet on how to run an Active Directory domain. This will probably >> entail adding 'uidNumber' attributes to your AD users and 'gidNumber' >> attributes to some of your AD groups. >> >> As for creating users & groups, samba 4 comes with 'samba-tool' for >> more info on this, run 'samba-tool --help' or 'samba-tool user add >> --help', you can also run 'man samba-tool' >> >> Rowland >> > The config file produced by samba-tool produced a server that would > allow no connections. Here is the samba-tool produced config: > > root at prd2:/usr/local/etc # cat smb4.conf.initial > # Global parameters > [global] > workgroup = WYNN > realm = WYNN.COM > netbios name = PRD2 > server role = active directory domain controller > dns forwarder = 199.89.147.1 > idmap_ldb:use rfc2307 = yes > > [netlogon] > path = /var/db/samba4/sysvol/wynn.com/scripts > read only = No > > [sysvol] > path = /var/db/samba4/sysvol > read only = No > > > This is not the first time you have said "read the documentation". I > have 30 years as a Unix admin and have been reading and writing > documentation for as long. I will point out that the first time I came > to this group with this issue I had spent 3 weeks reading everything I > could find on the web to find a solution. This included the official > docs as well as any other source that seemed to have any information. > > Now after a couple of months away from the project because of other > matters that were more pressing at the time I have returned to the > problem. I did the same due diligence before I made my most recent > request for help. It is most refreshing to get the answer RTFM yet > again. Thank you for all your help. > > -Brett > >Just what do you mean by 'allow no connections' ?? where from ? how? Give us a bit more info and we may be able to help you. Rowland
On Thu, 26 Feb 2015 22:45:02 +0000 Rowland Penny <rowlandpenny at googlemail.com> wrote:> > Just what do you mean by 'allow no connections' ?? where from ? how?ivory:~ wynkoop$ smbclient -L prd2 Receiving SMB: Server stopped responding protocol negotiation failed ivory:~ wynkoop$ and on the server with the samba-tool built config I have these samba related processes: root at prd2:/usr/local/etc # ps ax | grep samba 962 - I 0:00.01 samba: task[s3fs_parent] (samba) 49471 2 S+ 0:00.02 grep samba root at prd2:/usr/local/etc # With the hand made config there were many more samba related processes and I could connect. Observe: root at prd2:/usr/local/etc # service samba_server start Performing sanity check on Samba configuration: OK Starting samba. Processing section "[netlogon]" Processing section "[sysvol]" Processing section "[archive]" pm_process() returned Yes root at prd2:/usr/local/etc # ps ax | grep samba 49729 - Ss 0:00.57 /usr/local/sbin/samba --daemon --configfile=/usr/loc 49730 - S 0:00.01 samba: task[dcesrv] (samba) 49731 - S 0:00.02 samba: task[nbtd] (samba) 49732 - S 0:00.00 samba: task[wreplsrv] (samba) 49733 - S 0:00.35 samba: task[ldapsrv] (samba) 49734 - S 0:00.00 samba: task[cldapd] (samba) 49735 - S 0:00.01 samba: task[kdc] (samba) 49736 - S 0:00.01 samba: task[dreplsrv] (samba) 49737 - S 0:00.00 samba: task[winbind] (samba) 49738 - S 0:00.00 samba: task[ntp_signd] (samba) 49739 - S 0:00.00 samba: task[kccsrv] (samba) 49740 - S 0:00.00 samba: task[smbsrv] (samba) 49742 2 S+ 0:00.01 grep samba root at prd2:/usr/local/etc # ivory:~ wynkoop$ smbclient -L prd2 Password: Anonymous login successful Domain=[WYNN] OS=[Unix] Server=[Samba 4.1.17] Sharename Type Comment --------- ---- ------- netlogon Disk sysvol Disk archive Disk /archive IPC$ IPC IPC Service Anonymous login successful Domain=[WYNN] OS=[Unix] Server=[Samba 4.1.17] Server Comment --------- ------- Workgroup Master --------- ------- ivory:~ wynkoop$ As you can see from the above the samba-tool created config was a non-starter and the hand tooled config seems to not allow me to set the UID to match our legacy UIDs which is needed because NFS is not going away! prd2 is FreeBSD 10.1 Samba 4.1.17 built fresh yesterday. ivory is a Mac OS X 10.6 using either the Apple provided smbclient or Finder. -Brett -- wynkoop at wynn.com http://prd4.wynn.com/wynkoop/pgp-keys.txt 917-642-6925 929-272-0000 Amendment I Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the government for a redress of grievances.