SAMBA4 DC configuration problem
Published: November 30, 2018 - 10:04 AM
Good morning,
I could really use some help. I installed Ubuntu Server 18.04.1 LTS on a Dell PowerEdge R330 with a 10TB RAID 5 disk for a small startup. The goal is to have centralized authentication and storage. Their network is mixed (2 Windows PCs, 3 Linux Mint 19 PCs)
I'm desperately trying to configure a Samba4 DC.
The company's priority is to get a working setup for the Linux machines (Mint 19). I'm struggling a bit with the architecture choice. I've tried SMB mounts on the home directories (pam_mkmount) but it's not working very well. There are quite a few issues and crashes (probably due to the mapping between Unix and Windows permissions, or unsupported filenames...)
If I switch to NFS (3 or 4), I need identical UID/GIDs on all machines in the domain. I can't get a working configuration using RIDs... (I have a huge number of UID/GIDs...)
Ideally, I would have liked to be able to set them directly when the user is created (on the DC) and have them be the same everywhere. In the "backend ad" section, it doesn't work either... I get strange errors.
The worst part is that I can't even get a configuration that allows me to see my AD users on the Ubuntu server (whether I use winbind or sssd).
wbinfo -u does list my users correctly. /etc/nsswitch.conf is correct... but no users are present!
testparm gives me an incomprehensible error:
Here is my Samba configuration:
root@adserver:~# cat /etc/samba/smb.conf
Thank you so much for your help...
A+
I could really use some help. I installed Ubuntu Server 18.04.1 LTS on a Dell PowerEdge R330 with a 10TB RAID 5 disk for a small startup. The goal is to have centralized authentication and storage. Their network is mixed (2 Windows PCs, 3 Linux Mint 19 PCs)
I'm desperately trying to configure a Samba4 DC.
The company's priority is to get a working setup for the Linux machines (Mint 19). I'm struggling a bit with the architecture choice. I've tried SMB mounts on the home directories (pam_mkmount) but it's not working very well. There are quite a few issues and crashes (probably due to the mapping between Unix and Windows permissions, or unsupported filenames...)
If I switch to NFS (3 or 4), I need identical UID/GIDs on all machines in the domain. I can't get a working configuration using RIDs... (I have a huge number of UID/GIDs...)
Ideally, I would have liked to be able to set them directly when the user is created (on the DC) and have them be the same everywhere. In the "backend ad" section, it doesn't work either... I get strange errors.
The worst part is that I can't even get a configuration that allows me to see my AD users on the Ubuntu server (whether I use winbind or sssd).
wbinfo -u does list my users correctly. /etc/nsswitch.conf is correct... but no users are present!
testparm gives me an incomprehensible error:
Code: Select all
ERROR: The idmap range for the domain * (tdb) overlaps with the range of XD (ad)!root@adserver:~# cat /etc/samba/smb.conf
Code: Select all
# Global parameters
[global]
dns forwarder = 8.8.8.8
netbios name = ADSERVER
realm = XD.LAN
server role = active directory domain controller
idmap_ldb:use rfc2307 = yes
workgroup = XD
client signing = yes
client use spnego = yes
ntp signd socket directory = /var/lib/samba/ntp_signd
time server = yes
wins support = yes
printing = CUPS
kerberos method = secrets and keytab
vfs object = acl_xattr
map acl inherit = yes
store dos attributes = yes
dead time = 0
lock directory = /var/cache/samba
registry shares = yes
idmap config * : backend = tdb
idmap config * : range = 3000-7999
idmap config XD : unix_nss_info = yes
idmap config XD:backend = ad
idmap config XD:schema_mode = rfc2307
idmap config XD:range = 10000-999999
template shell = /bin/bash
template homedir = /home/%D/%U
[netlogon]
path = /home/samba_sysvol/xd.lan/scripts
read only = No
[sysvol]
path = /home/samba_sysvol
read only = No
[users]
path = /home/samba_users
read only = No
force create mode = 0600
force directory mode = 0700
[print$]
path = /home/samba_printer_drivers
read only = no
[printers]
path = /var/spool/samba
printable = yes
Thank you so much for your help...
A+