Hello, I try to migrate my old SAMBA Installation to a new Installation. SAMBA is running. But my Windows users can see the shares but cannot open Files. My old Installation /etc/samba/smb.con ... workgroup = DUCK server string = %h server (Samba, Ubuntu) interfaces = eth0 192.168.1.200/255.255.255.0 localhost bind interfaces only = Yes security = USER map to guest = Bad User obey pam restrictions = Yes pam password change = Yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . unix password sync = Yes log file = /var/log/samba/log.%M max log size = 1000 time server = Yes unix extensions = No printcap name = cups logon script = %U\logon.bat logon path = \\gustav\profiles\%U\winxpprofile logon drive = z: logon home = \\gustav\profiles\%U\w9xprofile domain logons = Yes os level = 255 preferred master = Yes domain master = Yes wins proxy = Yes wins support = Yes usershare allow guests = Yes New (Proxmox LXV) with: /etc/samba/smb.con workgroup = DUCK server string = %h server (Samba, Ubuntu) interfaces = eth0 192.168.1.200/255.255.255.0 localhost bind interfaces only = Yes security = USER map to guest = Bad User obey pam restrictions = Yes pam password change = Yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . unix password sync = Yes log file = /var/log/samba/log.%M max log size = 1000 time server = Yes unix extensions = No printcap name = cups logon script = %U\logon.bat logon path = \\gustav\profiles\%U\winxpprofile logon drive = z: logon home = \\gustav\profiles\%U\w9xprofile domain logons = Yes os level = 255 preferred master = Yes domain master = Yes wins proxy = Yes wins support = Yes usershare allow guests = Yes I think the problem is the mappig to the uid/gid of the new samba. The user "testuser" on the old System has uid 500 and gid 100. I created my testuser - who can access on the old Installation on the new Installation: samba-tool user create testuser --unix-home=/home/gerhard --uid-number=501 --login-shell=/bin/bash --gid-number=100 What is to to to get full access? Thank you! Tony What is to do to get users with th
On Sun, 13 Jan 2019 20:22:22 +0100 Anton Blau via samba <samba at lists.samba.org> wrote:> Hello, > > I try to migrate my old SAMBA Installation to a new Installation. > SAMBA is running. But my Windows users can see the shares but cannot > open Files. > > My old Installation /etc/samba/smb.con > > ... > > > workgroup = DUCK > server string = %h server (Samba, Ubuntu) > interfaces = eth0 192.168.1.200/255.255.255.0 localhost > bind interfaces only = Yes > security = USER > map to guest = Bad User > obey pam restrictions = Yes > pam password change = Yes > passwd program = /usr/bin/passwd %u > passwd chat = *Enter\snew\s*\spassword:* %n\n > *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . > unix password sync = Yes > log file = /var/log/samba/log.%M > max log size = 1000 > time server = Yes > unix extensions = No > printcap name = cups > logon script = %U\logon.bat > logon path = \\gustav\profiles\%U\winxpprofile > logon drive = z: > logon home = \\gustav\profiles\%U\w9xprofile > domain logons = Yes > os level = 255 > preferred master = Yes > domain master = Yes > wins proxy = Yes > wins support = Yes > usershare allow guests = Yes > > New (Proxmox LXV) with: /etc/samba/smb.con > > workgroup = DUCK > server string = %h server (Samba, Ubuntu) > interfaces = eth0 192.168.1.200/255.255.255.0 localhost > bind interfaces only = Yes > security = USER > map to guest = Bad User > obey pam restrictions = Yes > pam password change = Yes > passwd program = /usr/bin/passwd %u > passwd chat = *Enter\snew\s*\spassword:* %n\n > *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . > unix password sync = Yes > log file = /var/log/samba/log.%M > max log size = 1000 > time server = Yes > unix extensions = No > printcap name = cups > logon script = %U\logon.bat > logon path = \\gustav\profiles\%U\winxpprofile > logon drive = z: > logon home = \\gustav\profiles\%U\w9xprofile > domain logons = Yes > os level = 255 > preferred master = Yes > domain master = Yes > wins proxy = Yes > wins support = Yes > usershare allow guests = Yes > > I think the problem is the mappig to the uid/gid of the new samba. > > The user "testuser" on the old System has uid 500 and gid 100. I > created my testuser - who can access on the old Installation on the > new Installation: > > samba-tool user create testuser --unix-home=/home/gerhard > --uid-number=501 --login-shell=/bin/bash --gid-number=100 > > > What is to to to get full access? >Well, as you are using samba-tool to create users and your last post was about setting up an AD DC, you could try setting up your Unix domain member correctly and when you do, do not use such low ID numbers. I suggest you read this: https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member Your smb.conf above is for an NT4-style PDC. Rowland
Am 13.01.2019 um 20:41 schrieb Rowland Penny via samba:> On Sun, 13 Jan 2019 20:22:22 +0100 > Anton Blau via samba <samba at lists.samba.org> wrote: > >> Hello, >> >> I try to migrate my old SAMBA Installation to a new Installation. >> SAMBA is running. But my Windows users can see the shares but cannot >> open Files. >> >> My old Installation /etc/samba/smb.con >> >> ... >> >> >> workgroup = DUCK >> server string = %h server (Samba, Ubuntu) >> interfaces = eth0 192.168.1.200/255.255.255.0 localhost >> bind interfaces only = Yes >> security = USER >> map to guest = Bad User >> obey pam restrictions = Yes >> pam password change = Yes >> passwd program = /usr/bin/passwd %u >> passwd chat = *Enter\snew\s*\spassword:* %n\n >> *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . >> unix password sync = Yes >> log file = /var/log/samba/log.%M >> max log size = 1000 >> time server = Yes >> unix extensions = No >> printcap name = cups >> logon script = %U\logon.bat >> logon path = \\gustav\profiles\%U\winxpprofile >> logon drive = z: >> logon home = \\gustav\profiles\%U\w9xprofile >> domain logons = Yes >> os level = 255 >> preferred master = Yes >> domain master = Yes >> wins proxy = Yes >> wins support = Yes >> usershare allow guests = Yes >> >> New (Proxmox LXV) with: /etc/samba/smb.con >> >> -- snip because false file >> >> I think the problem is the mappig to the uid/gid of the new samba. >> >> The user "testuser" on the old System has uid 500 and gid 100. I >> created my testuser - who can access on the old Installation on the >> new Installation: >> >> samba-tool user create testuser --unix-home=/home/gerhard >> --uid-number=501 --login-shell=/bin/bash --gid-number=100 >> >> >> What is to to to get full access? >> > Well, as you are using samba-tool to create users and your last post > was about setting up an AD DC, you could try setting up your Unix > domain member correctly and when you do, do not use such low ID numbers. > I suggest you read this: > > https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member > > Your smb.conf above is for an NT4-style PDC. > > Rowland > >Sorry, I posted the wrong text. This is the /etc/samba/smb.conf (testparm) of the new LXC SAMBA Server: realm = SMBDOMAIN.DUCK workgroup = SMBDOMAIN dns forwarder = 192.168.1.254 disable spoolss = Yes load printers = No printcap name = /dev/null passdb backend = samba_dsdb server role = active directory domain controller rpc_server:tcpip = no rpc_daemon:spoolssd = embedded rpc_server:spoolss = embedded rpc_server:winreg = embedded rpc_server:ntsvcs = embedded rpc_server:eventlog = embedded rpc_server:srvsvc = embedded rpc_server:svcctl = embedded rpc_server:default = external winbindd:use external pipes = true idmap_ldb:use rfc2307 = yes idmap config * : backend = tdb map archive = No map readonly = no store dos attributes = Yes printing = bsd vfs objects = dfs_samba4 acl_xattr In future only the new Samba should run. So Samba is not a Domain Member. I hope I understand you correct. NT4-style PDC should be migrated to AD DC. Tony