On 15/12/2020 19:43, Alex Orlov via samba wrote:>> In which case, it would seem you are testing Samba, so stop everything,
>> upgrade your distro to Debian 10 and then use Samba from Louis's
repo;
>> http://apt.van-belle.nl/
>> This will get everything up to date, Samba 4.2.14 is just too old, the
>> latest version is 4.13.3 (released today)
>> Once you have done that, provision Samba again
>
> That is absolutely impossible, because there are a lot of things running on
this server
> and I don?t want to spend weeks trying to make them work in new distro.
Look, here
> I have a problem with one program that none can solve and there I have
dozens of
> programs.
>
>
No, you cannot make it work, I could probably make it work very quickly,
but I am not there, so I can only make suggestions.
It doesn't help that you seem to keep changing the dns domain, so lets
set this straight:
The computer that you want to use as a DC must have a dns domain name
and this dns domain must be used for the AD dns domain and the kerberos
realm is the dns domain name in uppercase.
BAD:
dns domain: example.com
AD dns domain: samdom.example.com
AD realm: SAMDOM.EXAMPLE.COM
GOOD:
dns domain: samdom.example.com
AD dns domain: samdom.example.com
AD realm: SAMDOM.EXAMPLE.COM
It is your choice to remain with Samba 4.2.14, it is however extremely
EOL and insecure, I certainly would not use it in production. We also do
not recommend using a Samba AD DC as a fileserver, you seem to have
taken this to extremes. In your case, I would create a new DC, transfer
all the FSMO roles to this and then turn your existing DC into a Unix
domain member.
Rowland