similar to: Update from Samba 3.6 to 4.1 on Debian

Hi, yes, there are some things. But I have not found a nice complete documentation. One main point is the domain name as prefix of the username of the parent domain, e.g. "DOM\user1", you have to use. I was not able to get rid of it, as the client is member of the subdomain which is the default. So you can't use the "default domain" option in smb.conf. The backslash

Hi, I'm migrating a domain from Samba3 to Samba4. I now about the possibility to transfer the domain (users and computers) during the provisioning (Upgrade from Samba3 to Samba4). Due to problems with the domain name (I have to change the domain name), SIDs a.s.o. I want to create a new domain during provisioning. Then I want to create/add all users with a script. Is there a way to

Hi, we did an update from samba 4.5.5 to 4.6.3. We are having a Linux-Home share for the windows users, but this is not working anymore. In the smb.conf we are having something like the following ... [%U_Home] comment = Home Directories path = %H ... It seems, that the "%H" is not replace correctly or at least as before. -- Regards Andreas Hauffe Leiter des Forschungsfeldes

Hi, a new hint. If I change the default_realm in krb5.conf to EXAMPLE.DE than the kerberized ssh is working for a user from example.de (user1 at EXAMPLE.DE) and not working for a user from subdom2.subdom1.example.de (testuser at SUBDOM2.SUBDOM1.EXAMPLE.DE) So with the actuall configuration I'm able to use kerberized ssh for users from example.de or users from subdom2.subdom1.example.de

Ok, you are completely right. Here are the real numbers with changed user names: drwx------ 43 DOM\user1        DOM\domain-user  4096 Jan 10 08:00 user1 drwx------   5 DOM\user2        DOM\domain-user  4096 Jan 11 08:13 user2 drwx------ 92 DOM\user3        DOM\domain-user   4096 Jan 16 08:39 user3 drwx------   3        133265        DOM\domain-user   4096 Sep  7 2015 user4 drwx------   7       

Hi, sorry for not reading the comment above idmap config. I uninstalled and reinstalled samba and configs to remove all old id mappings and so on. Then changed all configs as adviced. The id mapping is working correctly (wbinfo -i) for local and trusted domain. But I still cannot logon with wbinfo -K with a trusted domain account. Andreas Am 22.08.2017 um 12:59 schrieb Rowland Penny via

Hi Andreas, i'm sorry to jump on your thread as i can't really help you here. But as i have to setup an AD subdomain of a parent domain with the same requirements as yours apparently (aka parent domain managed by Windows server holds users/groups accounts on a distant location but the compute ressources and the GPO will be managed locally under a subdomain), i'm just wondering if you

Hi, no, that's my fault. I changed the UIDs and user names in my "ls -l" to unpersonalized/example data for my mail and didn't think about putting these values into the range. A better unpersonalized data example would look like: ---------- drwx------ 43 DOM\user1        DOM\group  4096 Jan 10 08:00 user1 drwx------   5 DOM\user2        DOM\group  4096 Jan 11 08:13 user2

Hi, we are running a file server as member server of a windows 2012 domain. Now we are facing the problem, that some UIDs are not mapped to the user names by the running winbindd process. This results in "nobody" usernames for nfs shares mounted by other clients. When doing an "ls -l" in the homes directory on the member server (file server), the list looks like:

Am 16.01.2018 um 17:26 schrieb Rowland Penny via samba: > On Tue, 16 Jan 2018 16:54:17 +0100 > Andreas Hauffe via samba <samba at lists.samba.org> wrote: > >> Ok, you are completely right. Here are the real numbers with changed >> user names: >> >> drwx------ 43 DOM\user1        DOM\domain-user  4096 Jan 10 08:00 >> user1 drwx------   5 DOM\user2       

Hi, hier are the file. I replaced the real domain/realm name by "search&replace", so there should not be a typping error in my file concernig the realm or domain names. Regards, Andreas client:~ # more /etc/hostname client.loc.example.de client:~ # more /etc/hosts # # hosts         This file describes a number of hostname-to-address #               mappings for the TCP/IP

Hello, I'm preparing a update from a heterogen environment with the services OpenLDAP, Kerberos, Bind9, Samba 3.6 (NT-Domain), NFS4 to a Samba4 AD. I'm setting up a test environment with a separate DC and a file server. There are some questions about the file server which is a debian file server with some TB of data right now. The first question is, what to do with the existing TB of

Am Montag, 2. Februar 2015, 17:44:53 schrieb Marc Muehlfeld: > Hello Andreas, > > Am 02.02.2015 um 13:00 schrieb Andreas Hauffe: > > I set up a new AD with the Sernet Samba 4.1 packages. I did the > > provisioning with "samba-tool domain provision --use-rfc2307 > > --interactive". I checked the dc, ldap, kerberos and dns services under > > linux.

Am 21.08.2017 um 15:55 schrieb Rowland Penny via samba: > On Mon, 21 Aug 2017 15:43:00 +0200 > Andreas Hauffe via samba <samba at lists.samba.org> wrote: > >> Am 21.08.2017 um 15:22 schrieb Rowland Penny via samba: >>> On Mon, 21 Aug 2017 14:56:50 +0200 >>> Andreas Hauffe via samba <samba at lists.samba.org> wrote: >>> >>>> Hi,

Am 21.08.2017 um 15:22 schrieb Rowland Penny via samba: > On Mon, 21 Aug 2017 14:56:50 +0200 > Andreas Hauffe via samba <samba at lists.samba.org> wrote: > >> Hi, >> >> is there any idmap backend, beside idmap_ad, where the home directory >> is taken from the backend and not from the template homedir option? >> >> >> Regards, >>

Hi Peter, thanks for your hints. The point is, that no /etc/krb5.conf was generated automatically when joining the domain (told in the wiki). Now I generated one manually and now it works. I'm not frustrated at all. I see a lot of advantages for me, even if it doesn't work. Right now we have a system with Bind9, OpenLDAP, Kerberos, NFS4, Samba3 on the server side. I had to configere

Hi, if you use the UNIX attributes the primary group is ignored if you use winbind and the primary group of the AD attributes is used. So every user has the "Domain Users" group as primary group. I also read that you are not supposed to change the AD primary group to another than "Domain Users". Is there a way to set the UNIX primary group to another group without causing

Hello, I set up a new AD with the Sernet Samba 4.1 packages. I did the provisioning with "samba-tool domain provision --use-rfc2307 --interactive". I checked the dc, ldap, kerberos and dns services under linux. Everything seems to work fine. Then I join a Windows 8.1 Enterprise running in as VM to the domain and login as administrator of the domain. When I install the RSAT and try

Hi, the external trust, we have, is a one directional external trust. So users of the trusted dom can logon on local dom clients, but not the other way around. In case of "wbinfo -a" all communication is between the client and the domain controller of the local domain, which is the proxy for the auth process. In case of "wbinfo -K" all communication is between the client

Hi, I'm using the smb.conf from https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server to add a member server as file server to the domain. If I'm using the original smb.conf with "kerberos method = secrets and keytab", I'm not able to see any share on a Windows Client in the domain. If I use the default "kerberos method = secrets" everything works.