Hello I used https://wiki.samba.org/index.php/Migrating_a_Samba_NT4_Domain_to_Samba_AD_(Classic_Upgrade) to migrated my old samba 3, i created a dc and a member file server, but on member i can't see id for usernames and groups. This is my smb.conf on dc [global] netbios name = DC1 realm = LXCERRUTI.COM server role = active directory domain controller workgroup = LXCERRUTI idmap_ldb:use rfc2307 = yes idmap config DOMAIN : unix_nss_info = yes ntlm auth = yes winbind use default domain = yes [netlogon] path = /usr/local/samba/var/locks/sysvol/lxcerruti.com/scripts read only = No and this is same file on member: [global] security = ADS workgroup = LXCERRUTI realm = LXCERRUTI.COM lanman auth = yes ntlm auth = yes log file = /var/log/samba/%m.log idmap config * : range = 3000-7999 idmap config LXCERRUTI : range = 9000-17999 idmap config LXCERRUTI : schema_mode = rfc2307 idmap config LXCERRUTI : unix_nss_info = yes winbind use default domain = yes winbind offline logon = yes winbind is ok, on dc and member show correctly users and groups but my folders are without users and groups, only id drwxrwx---. 3 3040 3290 150 23 mar 2017 vigna drwxrwx---. 2 3051 3238 6 20 mar 2014 zaia what can i do ??? Thanks a lot *Corrado Ravinetto *
I'm sorry, my samba version is 4.9.1 :-) Il 26/10/2018 08:27, Corrado Ravinetto ha scritto:> Hello > I used > https://wiki.samba.org/index.php/Migrating_a_Samba_NT4_Domain_to_Samba_AD_(Classic_Upgrade) > to migrated my old samba 3, i created a dc and a member file server, > but on member i can't see id for usernames and groups. > This is my smb.conf on dc > > [global] > netbios name = DC1 > realm = LXCERRUTI.COM > server role = active directory domain controller > workgroup = LXCERRUTI > idmap_ldb:use rfc2307 = yes > idmap config DOMAIN : unix_nss_info = yes > > ntlm auth = yes > winbind use default domain = yes > > [netlogon] > path = /usr/local/samba/var/locks/sysvol/lxcerruti.com/scripts > read only = No > > and this is same file on member: > > [global] > security = ADS > workgroup = LXCERRUTI > realm = LXCERRUTI.COM > > lanman auth = yes > ntlm auth = yes > > log file = /var/log/samba/%m.log > > idmap config * : range = 3000-7999 > > idmap config LXCERRUTI : range = 9000-17999 > idmap config LXCERRUTI : schema_mode = rfc2307 > idmap config LXCERRUTI : unix_nss_info = yes > winbind use default domain = yes > winbind offline logon = yes > > winbind is ok, on dc and member show correctly users and groups > but my folders are without users and groups, only id > > drwxrwx---. 3 3040 3290 150 23 mar 2017 vigna > drwxrwx---. 2 3051 3238 6 20 mar 2014 zaia > > what can i do ??? > > Thanks a lot > > > > *Corrado Ravinetto * >
On Fri, 26 Oct 2018 08:27:10 +0200 Corrado Ravinetto via samba <samba at lists.samba.org> wrote:> Hello > I used > https://wiki.samba.org/index.php/Migrating_a_Samba_NT4_Domain_to_Samba_AD_(Classic_Upgrade) > to migrated my old samba 3, i created a dc and a member file server, > but on member i can't see id for usernames and groups. > This is my smb.conf on dc > > [global] > netbios name = DC1 > realm = LXCERRUTI.COM > server role = active directory domain controller > workgroup = LXCERRUTI > idmap_ldb:use rfc2307 = yes > idmap config DOMAIN : unix_nss_info = yes > > ntlm auth = yes > winbind use default domain = yes > > [netlogon] > path > = /usr/local/samba/var/locks/sysvol/lxcerruti.com/scripts read only > No > > and this is same file on member: > > [global] > security = ADS > workgroup = LXCERRUTI > realm = LXCERRUTI.COM > > lanman auth = yes > ntlm auth = yes > > log file = /var/log/samba/%m.log > > idmap config * : range = 3000-7999 > > idmap config LXCERRUTI : range = 9000-17999 > idmap config LXCERRUTI : schema_mode = rfc2307 > idmap config LXCERRUTI : unix_nss_info = yes > winbind use default domain = yes > winbind offline logon = yes > > winbind is ok, on dc and member show correctly users and groups > but my folders are without users and groups, only id > > drwxrwx---. 3 3040 3290 150 23 mar 2017 vigna > drwxrwx---. 2 3051 3238 6 20 mar 2014 zaia > > what can i do ???You have an 'idmap config' line missing. There should be a line like this: idmap config LXCERRUTI : backend = <TYPE> Where <TYPE> can be 'ad' or 'rid'. As you have carried out a classicupgrade, you probably want 'ad', but the 'range' must be appropriate to your user & group ID's in AD, anything outside '9000-17999' will be ignored and if the gidNumber for Domain Users isn't inside the range, all users will be ignored. It might help if you read this: https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member Rowland> > Thanks a lot > > > > *Corrado Ravinetto * > >
Hello Rowland and thanks for fast answer according with your suggestion i modified my smb.conf like this: [global] lanman auth = Yes log file = /var/log/samba/%m.log ntlm auth = ntlmv1-permitted realm = LXCERRUTI.COM security = ADS winbind offline logon = Yes winbind use default domain = Yes workgroup = LXCERRUTI idmap config lxcerruti : unix_nss_info = yes idmap config lxcerruti : schema_mode = rfc2307 idmap config lxcerruti : range = 3000-7999 idmap config lxcerruti : backend = ad idmap config * : range = 9000-17999 idmap config * : backend = tdb i restarted my member but : drwxrwx---. 3 3040 3290 150 23 mar 2017 vigna drwxrwx---. 2 3051 3238 6 20 mar 2014 zaia ids are always ids :-( any check or suggestions are really appreciated Il 26/10/2018 09:57, Rowland Penny via samba ha scritto:> Where <TYPE> can be 'ad' or 'rid'. > > As you have carried out a classicupgrade, you probably want 'ad', but > the 'range' must be appropriate to your user & group ID's in AD, > anything outside '9000-17999' will be ignored and if the gidNumber for > Domain Users isn't inside the range, all users will be ignored.-- *Corrado Ravinetto * Sistemi informativi corrado.ravinetto at lanificiocerruti.com <mailto:corrado.ravinetto at lanificiocerruti.com> T: +39 015 3591283 Lanificio F.lli CERRUTI *Lanificio F.lli Cerruti S.p.A. * Via Cernaia 40, 13900 - Biella (BI) Italy www.lanificiocerruti.com <http://www.lanificiocerruti.com/> Twitter <https://twitter.com/Lan_Cerruti> Facebook <https://www.facebook.com/LanificioCerruti> Instagram <https://www.instagram.com/lanificiocerruti/> Rispetta l'ambiente, non stampare questa mail se non necessario Respect the environment, don't print unless necessary