On Mon, 5 Nov 2018 11:11:59 +0100 Corrado Ravinetto via samba <samba at lists.samba.org> wrote:> > > Il 05/11/2018 10:54, Rowland Penny via samba ha scritto: > > OK, you classicupgraded 3.6.x to 4.9.1, by this I take it you mean > > you have upgraded a PDC to an AD DC, is this correct ? > yes, is correct > > > > What OS are you using ? > centos 7.5 x86_64 > > What Samba packages are you using, or have you compiled Samba > > yourself ? > compiled from source from samba.org, 4.9.1 stable > > If you are using Samba Packages, which ones did you install ? > > If you compiled Samba yourself, did you create the libnss_winbind > > links ? > yes i have created link, > my smb.conf from testparm : > > [global] > passdb backend = samba_dsdb > realm = LXCERRUTI.COM > server role = active directory domain controller > winbind use default domain = Yes > workgroup = LXCERRUTI > rpc_server:tcpip = no > rpc_daemon:spoolssd = embedded > rpc_server:spoolss = embedded > rpc_server:winreg = embedded > rpc_server:ntsvcs = embedded > rpc_server:eventlog = embedded > rpc_server:srvsvc = embedded > rpc_server:svcctl = embedded > rpc_server:default = external > winbindd:use external pipes = true > idmap config * : backend = tdb > map archive = No > vfs objects = dfs_samba4 acl_xattr > >You might as well remove the line 'winbind use default domain = Yes', it does nothing on a DC. I would also add 'idmap_ldb:use rfc2307 = yes' When you run 'getent passwd username' does it produce output ? If so, does it produce the output you expect ? How are you starting Samba ? Rowland
Il 05/11/2018 11:41, Rowland Penny via samba ha scritto:> You might as well remove the line 'winbind use default domain = Yes', > it does nothing on a DC. > I would also add 'idmap_ldb:use rfc2307 = yes'ok, i did it> When you run 'getent passwd username' does it produce output ?[root at dc1 etc]# getent passwd massaro LXCERRUTI\massaro:*:3000027:513::/home/LXCERRUTI/massaro:/bin/false> If so, does it produce the output you expect ?yes> How are you starting Samba ?at this moment, in test environment, by hand with samba -- *Corrado Ravinetto *
On Mon, 5 Nov 2018 11:51:00 +0100 Corrado Ravinetto via samba <samba at lists.samba.org> wrote:> > > Il 05/11/2018 11:41, Rowland Penny via samba ha scritto: > > You might as well remove the line 'winbind use default domain > > Yes', it does nothing on a DC. > > I would also add 'idmap_ldb:use rfc2307 = yes' > ok, i did it > > When you run 'getent passwd username' does it produce output ? > [root at dc1 etc]# getent passwd massaro > LXCERRUTI\massaro:*:3000027:513::/home/LXCERRUTI/massaro:/bin/false > > > If so, does it produce the output you expect ? > yesIs 'massaro' one of your existing users carried over by the classicupgrade ? If it is, then you are not getting the expected output. The number '3000027' comes from 'idmap.ldb' and not from AD. If it isn't, try again with a user carried over by the classicupgrade. It also shows two potential problems that come from using a DC as a fileserver, any Unix home dirs & login shells stored in AD are not used. All users get the home dir '/home/DOMAIN/username' and the login shell '/bin/false' i.e. they cannot log into the DC.> > How are you starting Samba ? > at this moment, in test environment, by hand with sambaGood, just checking that you were not starting all the Samba deamons. Rowland