On Wed, 2 May 2018 21:46:52 +0100
Rowland Penny via samba <samba at lists.samba.org> wrote:
> On Wed, 2 May 2018 17:12:30 -0300
> "Ethy H. Brito via samba" <samba at lists.samba.org> wrote:
>
> >
> > Hi all
> >
> > Background: I am not a samba expert, not even close!
> >
> > I have a ancient samba 3 (Server role: ROLE_DOMAIN_PDC) and I intend
> > to migrate all files to a samba 4 (Server role: ROLE_DOMAIN_MEMBER)
> >
> > Users will stay in S3 for now.
> >
> > Samba 4 joined samba 3 with no problems.
> > I rsync'ed all files and its permissions (rsync -a ...).
> >
> > But...
> > I cannot find a way that makes S4 sees S3 users and groups in a
> > "ordered" manner.
> >
> > "id some_user" returns "almost" valid data for
some users and
> > "id: ‘some_user’: no such user" for others.
> > I say "almost" because not all groups for all users are
returned.
> >
> > Example:
> > S4# id jgarcia
> > uid=10000(jgarcia) gid=100513(none) \
> > groups=100513(none),101094(5p6l3d1$),101119(jgomes-pc$),
> > 10001(BUILTIN\users)
> >
> > jgarcia id should be 101016 (100000 + 1016), and there are missing
> > groups
> >
> > S3# id jgarcia
> > uid=1016(jgarcia) gid=1094(jgarcia)\
> > groups=1094(jgarcia),1000(G00),2009(G01),3011(G02),1119(G03)
> >
> >
> > For groups is about the same.
> > for instance:
> > S4# wbinfo --gid-info 100513
> > none:x:100513:
> > S4# wbinfo -G 100513
> > S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-513
> >
> > Where did this group "513" come from ?? "Domain
Users" ??
> > If so, why the group name does not come along ??
> >
> > What smb.conf options should I care so that S4 sees S3 users and
> > groups like S4[ug]id=S3[ug]id+100000 ??
> > "idmap config" seams not to be effective.
> >
> > Is there any options in S3 that I should also change??
> >
> > How do I make S4 "forget" everything it learned so far about
uids and
> > gids from S3 so I can start fresh??
> >
> >
> > Cheers
> >
> > Ethy
> >
>
> I think you are going to have to give us a bit more info, smb.conf from
> the S3 PDC and the S4 machine, for a start.
As requested, those files follows.
Samba 3 config file
S3# grep -v -e ^# -e '^;' /etc/samba/smb.conf | uniq | less -S
[global]
workgroup = PEGASE
server string = RedePEGASE
netbios name = PegaseSRV
hosts allow = 192.168.0. 192.168.1. 127.0.0.1
hosts deny = ALL EXCEPT 192.168.0. 127.0.0.1 192.168.1.
#unix charset = iso8859-1
wins support = yes
dns proxy = yes
name resolve order = bcast host lmhosts wins
interfaces = lo,eth0
bind interfaces only = yes
log file = /var/log/samba/%U.%m.log
max log size = 1000
syslog = 0
panic action = /usr/share/samba/panic-action %d
security = user
encrypt passwords = true
passdb backend = tdbsam
obey pam restrictions = yes
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:*
%n\n *password\supdated\ssuccessfully* .
pam password change = yes
map to guest = Bad User
domain logons = yes
logon drive =
logon home =
add user script = /usr/sbin/adduser --quiet --disabled-password --shell
/bin/false --gecos "Added by Samba" %u
add machine script = /usr/sbin/useradd -c "%u machine account" -g
machines --home /var/lib/samba -s /bin/false %u
add group script = /usr/sbin/addgroup --force-badname %g
load printers = no
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192
domain master = yes
admin users = root jgarcia sysadm
domain logons = yes
local master = yes
os level = 64
preferred master = yes
wins proxy = no
Level2 oplocks = no
ntlm auth = Yes
lanman auth = Yes
client ntlmv2 auth = Yes
use client driver = Yes
client lanman auth = Yes
guest account = nobody
time server = yes
directory mask = 0771
create mask = 0655
force create mode = 0664
force directory mode = 0771
map archive = yes
map system = yes
map hidden = no
hide dot files = yes
mangled names = yes
default case = lower
preserve case = yes
max xmit = 65535
locking = yes
oplocks = yes
level2 oplocks = no
lock directory = /var/state/samba
cache directory = /var/state/samba
state directory = /var/state/samba
veto oplock files = /prf*.tmp/
oplocks = false
kernel oplocks = false
level2 oplocks = false
template shell = /bin/false
usershare allow guests = yes
inherit permissions = no
inherit owner = No
... SHARES FOLLOWS ...
SAMBA 4 config file
S4# grep -v -e ^# -e '^;' /etc/samba/smb.conf | uniq | less -S
[global]
workgroup = PEGASE
netbios name = pegasus
netbios aliases = safebits
security = DOMAIN
server role = member server
encrypt passwords = yes
client ipc signing = auto
server string = %h server (Safe.bitS)
dns proxy = no
log file = /var/log/samba/log.%m
max log size = 1000
panic action = /usr/share/samba/panic-action %d
passdb backend = tdbsam
obey pam restrictions = yes
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:*
%n\n *password\supdated\ssuccessfully* .
pam password change = yes
map to guest = bad user
idmap uid = 100000-200000
idmap gid = 100000-200000
idmap cache time = 60
idmap config *:range = 100000-200000
idmap config *:backend = rid
winbind use default domain = yes
usershare allow guests = yes
... SHARES FOLLOWS ...
Cheers
Ethy