tbuchanan at vinu.edu
2020-Dec-18 17:53 UTC
[Samba] UNIX groups no longer recognized after SAMBA migration
I recently upgraded a CentOS 6 stand alone SAMBA server to CentOS 8 by
detaching the /home data partition, installing CentOS 8 and then
reattaching the /home data partition, copying the old /etc/samba/smb.conf
to the new server and then using Webmin to copy the users and groups from
the old server to the new one. I had performed this same migration in a
similar fashion successfully (except for having to re-add all users as
SAMBA users using smbpasswd -a ) earlier. However in this instance, I set
Webmin to synchronize SAMBA user accounts _and_ groups duing the batch
migration of UNIX users and groups. Now, SAMBA no longer seems to
recognize the UNIX groups. When I compared the 2 migrations, I realized
that the first migration did nothing with SAMBA groups so I deleted all
the SAMBA groups created for the 2nd migration but that makes no
difference -- UNIX groups are still no longer recognized. Can someone
explain why this might be? I migrated from samba4-4.2.10-15.el6.x86_64 on
CentOS 6 to samba-4.12.3-12.el8.3.x86_64 on CentOS 8. Below is the
smb.conf with a share that is giving problems. Before the migration, all
I had to do was to add a user to the UNIX group and proper access was
obtained. Now, it seems I have to chmod the shared folder to 777 and
individually add the UNIX user to users, valid users, and write list in
smb.conf. If I had copied /var/lib/samba/private/passdb.tdb from the old
server to the new one, would the SAMBA users have come across intact with
passwords? Anything else I should have copied? This is puzzling to me
since I did the same steps, with the exception of syncing UNIX groups to
SAMBA groups in Webmin, as the first migration which was successful. Thank
you.
[global]
use sendfile = Yes
min protocol = SMB2
deadtime = 460
local master = No
write raw = No
unix extensions = No
idmap config * : range =
ldap ssl = no
log file = /var/log/samba/log.%m
veto files =
/*.eml/*.nws/riched20.dll/*.{*}/autorun.inf/._*/.DS_Store/
printcap name = /dev/null
name resolve order = wins lmhosts host bcast
security = user
delete veto files = yes
lanman auth = Yes
server string = City
netbios name = CITY
map readonly = no
store dos attributes = Yes
show add printer wizard = no
ea support = Yes
load printers = no
auto services = global
disable spoolss = yes
workgroup = MIC
dns proxy = No
max log size = 50
os level = 20
map archive = No
idmap config * : backend = tdb
domain master = No
# posix locking = no
# veto oplock files =
/*.MDB/*.LDB/*.mdb/*.ldb/*.doc/*.xls/*.dbf/*.DBF/*.CDX/*.$
# kernel oplocks = yes
[homes]
recycle:noversions = *.doc|*.ppt|*.dat|*.ini
recycle:excludedir = /tmp|/temp|/cache
recycle:keeptree = Yes
# level2 oplocks = No
recycle:touch = Yes
vfs objects = recycle
# oplocks = No
browseable = No
writeable = yes
recycle:subdir_mode = 0770
recycle:exclude =
*.tmp|*.temp|*.o|*.obj|~$*|*.~??|*.log|*.trace|*.TMP
comment = Home Directories
recycle:versions = Yes
recycle:repository = .recycle
recycle:directory_mode = 0770
[Continuing_Education]
force directory mode = 06777
create mode = 775
directory mode = 775
create mask = 0771
strict locking = No
recycle:exclude =
*.tmp|*.temp|*.o|*.obj|~$*|*.~??|*.log|*.trace|*.TMP
inherit acls = Yes
force create mode = 0777
recycle:keeptree = Yes
recycle:directory_mode = 0777
user = debby,amy,ann, at continuing_ed
recycle:subdir_mode = 0777
path = /home/continuing_ed
recycle:excludedir = /tmp|/temp|/cache
vfs objects = recycle
recycle:versions = Yes
writeable = yes
inherit permissions = Yes
directory mask = 0771
recycle:touch = Yes
recycle:repository = .recycle
recycle:noversions = *.doc|*.ppt|*.dat|*.ini
valid users = debby,amy,ann, at continuing_ed
write list = debby,amy,ann, at continuing_ed
--
Ted Buchanan