Stefan G. Weichinger
2019-Nov-26 17:06 UTC
[Samba] moved DM config to new server : gids different etc
Am 26.11.19 um 17:19 schrieb L.P.H. van Belle:> Hai Stefan, > > Remove the netbios alias and then put that as CNAME in the DNS > Verify if the server its PTR is set also. > > And yeah, your totaly correct that your ACL is messed up.. > Because your using backend RID. > > The "advantage" of backend AD. > Consistent IDs on all Samba clients and servers using the ad back end. > > Which is also the DISAVANTAGE of RID. > IN-Consistent IDs on all Samba clients and servers with RID. > > > Maybe im bit wrong here, with recent updates, .. Then Rowland will correct me.. ;-) > But this is exactly why i ONLY use AD backends. > > I suggest, setup a folder, correct the rights, and use get-set facl to apply them again on the filesystem/folders/files.Not now, not today. That server will be replaced in the next days, and today is a stressful and long day already. Things *worked* fine with this smb.conf for quite some time, so even when I understand the better approach you recommend, I won't do these changes right now. Maybe on the new hardware ... right now I am longing for a break here. Or some drinks.
Stefan G. Weichinger
2019-Nov-27 09:52 UTC
[Samba] moved DM config to new server : gids different etc
Am 26.11.19 um 18:06 schrieb Stefan G. Weichinger via samba:> Am 26.11.19 um 17:19 schrieb L.P.H. van Belle: >> Hai Stefan, >> >> Remove the netbios alias and then put that as CNAME in the DNS >> Verify if the server its PTR is set also. >> >> And yeah, your totaly correct that your ACL is messed up.. >> Because your using backend RID. >> >> The "advantage" of backend AD. >> Consistent IDs on all Samba clients and servers using the ad back end. >> >> Which is also the DISAVANTAGE of RID. >> IN-Consistent IDs on all Samba clients and servers with RID. >> >> >> Maybe im bit wrong here, with recent updates, .. Then Rowland will correct me.. ;-) >> But this is exactly why i ONLY use AD backends. >> >> I suggest, setup a folder, correct the rights, and use get-set facl to apply them again on the filesystem/folders/files. > > Not now, not today. > > That server will be replaced in the next days, and today is a stressful > and long day already. > > Things *worked* fine with this smb.conf for quite some time, so even > when I understand the better approach you recommend, I won't do these > changes right now.OK; new server comes today, I get access to it in the next hours and will start installing Debian Buster and run my provisioning on it first. I now have the name of the domain and the IPs of the DCs etc ... so I could theoretically start from scratch more or less and *maybe* switch to backend AD here.
Rowland penny
2019-Nov-27 10:02 UTC
[Samba] moved DM config to new server : gids different etc
On 27/11/2019 09:52, Stefan G. Weichinger via samba wrote:> Am 26.11.19 um 18:06 schrieb Stefan G. Weichinger via samba: >> Am 26.11.19 um 17:19 schrieb L.P.H. van Belle: >>> Hai Stefan, >>> >>> Remove the netbios alias and then put that as CNAME in the DNS >>> Verify if the server its PTR is set also. >>> >>> And yeah, your totaly correct that your ACL is messed up.. >>> Because your using backend RID. >>> >>> The "advantage" of backend AD. >>> Consistent IDs on all Samba clients and servers using the ad back end. >>> >>> Which is also the DISAVANTAGE of RID. >>> IN-Consistent IDs on all Samba clients and servers with RID. >>> >>> >>> Maybe im bit wrong here, with recent updates, .. Then Rowland will correct me.. ;-) >>> But this is exactly why i ONLY use AD backends. >>> >>> I suggest, setup a folder, correct the rights, and use get-set facl to apply them again on the filesystem/folders/files. >> Not now, not today. >> >> That server will be replaced in the next days, and today is a stressful >> and long day already. >> >> Things *worked* fine with this smb.conf for quite some time, so even >> when I understand the better approach you recommend, I won't do these >> changes right now. > OK; new server comes today, I get access to it in the next hours and > will start installing Debian Buster and run my provisioning on it first. > > I now have the name of the domain and the IPs of the DCs etc ... so I > could theoretically start from scratch more or less and *maybe* switch > to backend AD here. >Do you use the AD DCs for anything other than authentication and GPOs ? If you do, then the 'ad' backend is the way to go, if you don't, then stick to the 'rid' backend, it is a lot less work, you do not need to add anything to AD, the only real downside is that all users get the same home directory path and login shell on each Unix domain member. Rowland