Hi Rowland,
We did the classicupgrade. Post the classicupgrade, we added a Windows
2008R2 server and dcpomo'd it. The original Samba box (classic DC) was
where we did the classicupgrade. Did you mean that we need to shut that
box down? Leaving a Windows DC (FSMO?) and Samba member server? Sorry I
was not aware of this step. What if we hadn't added a Windows 08 box?
Here is the smb.conf
# Global parameters
[global]
netbios name = CDR-FS01
security = ADS
workgroup = CDR
realm = CDR.INTERNAL
idmap config * : backend = tdb
idmap config * : range = 3000-7999
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
idmap config CDR:backend = ad
idmap config CDR:schema_mode = rfc2307
idmap config CDR:range = 5000-6000
log level = 2 auth:5
log file = /var/log/samba/sambalog.%m
logon script = %U.bat
[homes]
comment = Home Directories
create mask = 0700
directory mask = 0700
browseable = No
read only = No
path = %H/samba
follow symlinks = yes
wide links = yes
I've tried both files winbind and the reverse. Same results.
On Mon, Apr 23, 2018 at 6:22 PM, Rowland Penny via samba <
samba at lists.samba.org> wrote:
> On Mon, 23 Apr 2018 16:48:15 +1000
> Rob Thoman via samba <samba at lists.samba.org> wrote:
>
> > Hi,
> >
> > Our setup:
> >
> > Samba (classic) DC: cdr-dc01
> > Samba (classic) member server: cdr-fs01. This is also a file server
> > AD realm: CDR.internal
> >
> > We migrated to AD and came across an issue with accessing shares. The
> > shares in question worked pre-migrated. i.e using a windows machine a
> > user was able to access that share. The share in question was locked
> > down to just that user
> >
> > Post migration, we are able to access any shares which are not locked
> > down to users i.e shares which are accessible to groups.
> >
> > For the particular share in question, we get
> >
> > canonicalize_connect_path failed for service user01, path
> > /home/CDR/user01/samba
> >
> > There is no /home/CDR .
>
> Oh yes there is ;-)
>
> > Where is this coming from?
>
> From 'template homedir', it is the default setting.
>
> > The curios thing getent passwd gives the following
> > user01:*:3029:3000:user01:/home/CDR/user01:/bin/false
> >
> > The user is not in the local /etc/passwd
>
> As it it shouldn't be
>
> >
> >
> > The cdr-fs01 has been joined to the AD domain, and we have the
> > following in /etc/nsswitch.conf
> >
> > shadow: files
> > passwd: winbind files
> > group: winbind files
>
> It should be 'files winbind'
>
> What is the AD DC ?
>
> Can you please post the smb.conf from 'cdr-fs01'
>
> How did you migrate ? did you use 'samba-tool domain
classicupgrade' ?
> If you did is the original PDC still running as a PDC ? if so, turn it
> off.
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>