Discussion:
[Samba] Migration from samba3 to samba4 : PDC doesn't not appear in network
JB
2016-08-04 10:12:42 UTC
Permalink
Hello,

I'm trying to migrate an old PDC controller running samba 3.0.4 to a
more decent server. Now, I use samba 4.2.10 (from debian/jessie).

My smb.conf is :

# Global parameters
[global]
workgroup = CABINET
realm = SYSTELLA.NET
netbios name = CERVANTES
server role = active directory domain controller
security = user
encrypt passwords = yes
dns forwarder = 192.168.4.254
idmap_ldb:use rfc2307 = yes
server string = %h server
domain master = yes
local master = yes
domain logons = yes
os level = 65
logon path = \\%N\home\profile
logon drive = Z:
logon home = \\%N\home
logon script = netlogon.cmd
interfaces = 192.168.0.0/24 lo
hosts allow = 192.168.0., 127.0.0.
bind interfaces only = yes
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
pam password change = yes
vfs objects = acl_xattr
map acl inherit = yes
store dos attributes = yes
winbind nss info = rfc2307
winbind trusted domains only = no
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
log file = /var/log/samba/log.%m
max log size = 50

[netlogon]
comment = Network Logon Service
guest ok = yes
path = /var/lib/samba/sysvol/systella.net/scripts
read only = yes

[sysvol]
path = /var/lib/samba/sysvol
read only = yes

[home]
comment = Répertoire privé
path = /home/%u
create mask = 0700
directory mask = 0700
browseable = yes
writeable = yes

[partage]
comment = Répertoire partagé
path = /home/partage
force create mode = 0666
force directory mode = 0777
writable = yes
browseable = yes

[visiodent]
comment = Visiodent
path = /home/visiodent
force create mode = 0666
force directory mode = 0777
writable = yes
browseable = yes

and samba seems to be a active directory server. I have added without
error a workstation in this new domain. But I don't see controller in
network windows (I have tried from Windows XP). If I mannually run

net use X: \\cervantes\visiodent

I can add X: disk and all files from X: are browsable.

As server is not browsable, netlogon doesn't work as expected (I can
manually launch netlogon.cmd after successfully login).

I suppose I have done a mistake...

Any idea ?

Best regards,

JB
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
JB
2016-08-04 11:08:30 UTC
Permalink
On Thu, 4 Aug 2016 12:12:42 +0200
Post by JB
Hello,
I'm trying to migrate an old PDC controller running samba
3.0.4 to a more decent server. Now, I use samba 4.2.10 (from
debian/jessie).
# Global parameters
[global]
workgroup = CABINET
realm = SYSTELLA.NET
netbios name = CERVANTES
server role = active directory domain controller
security = user
encrypt passwords = yes
dns forwarder = 192.168.4.254
idmap_ldb:use rfc2307 = yes
server string = %h server
domain master = yes
local master = yes
domain logons = yes
os level = 65
logon path = \\%N\home\profile
logon home = \\%N\home
logon script = netlogon.cmd
interfaces = 192.168.0.0/24 lo
hosts allow = 192.168.0., 127.0.0.
bind interfaces only = yes
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n
*Retype\snew\s*\spassword:* %n\n
*password\supdated\ssuccessfully* . pam password change = yes
vfs objects = acl_xattr
map acl inherit = yes
store dos attributes = yes
winbind nss info = rfc2307
winbind trusted domains only = no
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
log file = /var/log/samba/log.%m
max log size = 50
[netlogon]
comment = Network Logon Service
guest ok = yes
path = /var/lib/samba/sysvol/systella.net/scripts
read only = yes
[sysvol]
path = /var/lib/samba/sysvol
read only = yes
[home]
comment = Répertoire privé
path = /home/%u
create mask = 0700
directory mask = 0700
browseable = yes
writeable = yes
[partage]
comment = Répertoire partagé
path = /home/partage
force create mode = 0666
force directory mode = 0777
writable = yes
browseable = yes
[visiodent]
comment = Visiodent
path = /home/visiodent
force create mode = 0666
force directory mode = 0777
writable = yes
browseable = yes
and samba seems to be a active directory server. I have added without
error a workstation in this new domain. But I don't see controller in
network windows (I have tried from Windows XP). If I mannually run
net use X: \\cervantes\visiodent
I can add X: disk and all files from X: are browsable.
As server is not browsable, netlogon doesn't work as expected (I can
manually launch netlogon.cmd after successfully login).
I suppose I have done a mistake...
Any idea ?
Best regards,
JB
Hi
You now have a DC, your old domain used a PDC, in AD all DCs are
supposed to be equal and to refer to the first DC as a PDC is confusing.
Can I suggest you remove most of the lines that you have added to the
[global] section, they are not required on a DC or are even making
things worse.
I hope the test workstation is just that, because it will now never
see the PDC again without re-installing the OS.
Finally, there is no network browsing with a Samba AD DC, AD works
differently to your old NT4-style domain.
https://wiki.samba.org/index.php/Main_Page
I have installed my DC with this wiki. But I don't see what lines I can
remove from my global section. Of course, before posting here, I have
read PDC to DC migration process.

I would keep something like roaming profiles and execute netlogon.cmd.

Best regards,

JB
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
JB
2016-08-04 15:07:39 UTC
Permalink
On Thu, 4 Aug 2016 13:08:30 +0200
Post by JB
I have installed my DC with this wiki. But I don't see what
lines I can remove from my global section.
Try starting with the [global] section that the upgrade produced.
Post by JB
Of course, before posting
here, I have read PDC to DC migration process.
I would keep something like roaming profiles and execute
netlogon.cmd.
https://wiki.samba.org/index.php/Implementing_roaming_profiles
You will probably be better off using a GPO to set logon scripts, see
windows documentation for how to do this.
OK.

I have used dsa.msc to add roaming profiles but it doesn't work as
expected.

I have set :
Profile path : \\cervantes\home\profile
Netlogon : \\cervantes\netlogon\netlogon.cmd

Home folder :
Connect Z: \\cervantes\home

\\cervantes\home is now automatically mounted in Z: when user starts a
new connection. But netlogon is not executed and Windows says that it
cannot find roaming profile.

If I open a CMD window, I can launch \\cervantes\netlogon\netlogon.cmd
without any error. And \\cervantes\home\profile contains a valid roaming
profile.

Best regards,

JB
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Loading...