Web lists-archives.com

[Samba] testparm 4.6.0rc2




using testparm of 4.6.0rc2 against the smb.conf of a production server (the production server is not using rc2, dont worry) produces the error:

[root@fwborda1 samba-460rc2]# testparm /root/smb.conf
Load smb config files from /root/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[netlogon]"
Processing section "[sysvol]"
Loaded services file OK.
idmap range not specified for domain '*'
ERROR: Invalid idmap range for domain *!

Server role: ROLE_ACTIVE_DIRECTORY_DC

Press enter to see a dump of your service definitions

# Global parameters
[global]
        bind interfaces only = Yes
        interfaces = 127.0.0.1 172.22.2.27
        netbios name = paladine
        realm = dragonlance.org
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate
        workgroup = E-TRUST
        allow dns updates = nonsecure and secure
        log file = /var/log/samba/%M.log
        disable spoolss = Yes
        load printers = No
        printcap name = /dev/null
        passdb backend = samba_dsdb
        restrict anonymous = 2
        server role = active directory domain controller
        template homedir = /home/%U
        template shell = /bin/bash
        winbind enum groups = Yes
        winbind enum users = Yes
        winbind nss info = rfc2307
        winbind use default domain = Yes
        rpc_server:tcpip = no
        rpc_daemon:spoolssd = embedded
        rpc_server:spoolss = embedded
        rpc_server:winreg = embedded
        rpc_server:ntsvcs = embedded
        rpc_server:eventlog = embedded
        rpc_server:srvsvc = embedded
        rpc_server:svcctl = embedded
        rpc_server:default = external
        winbindd:use external pipes = true
        idmap_ldb:use rfc2307 = yes
        idmap config * : backend = tdb
        map archive = No
        map readonly = no
        store dos attributes = Yes
        printing = bsd
        vfs objects = dfs_samba4 acl_xattr


[netlogon]
        path = /var/lib/samba/sysvol/dragonlance.org/scripts
        browseable = No
        read only = No


[sysvol]
        path = /var/lib/samba/sysvol
        browseable = No
        read only = No

The original smb.conf does not have idmap set up. Is it supposed to? Here's the original file (yes, I'm omiting domain name and ip addresses):

# Global parameters
[global]
        netbios name = paladine
        realm = dragonlance.org
        workgroup = dragonlance
        #dns forwarder = 172.22.2.12
        server role = active directory domain controller
        interfaces = 127.0.0.1 172.22.2.27
        bind interfaces only = yes
        server services = -dns

        #Use settings from AD for login shell and home directory
        idmap_ldb:use rfc2307 = yes

        #Winbind Configuration
        winbind enum groups = yes
        winbind enum users = yes
        winbind use default domain = yes
        winbind nss info = rfc2307
        template shell = /bin/bash
        template homedir = /home/%U

        #Disable CUPS
        load printers = no
        printing = bsd
        printcap name = /dev/null
        disable spoolss = yes

        #remove vulnerability
        #"26920 - Microsoft Windows SMB NULL Session Authentication"
        restrict anonymous = 2

        allow dns updates = nonsecure
        #allow dns updates = nonsecure and secure
        #allow dns updates = secure only
        nsupdate command =  /usr/bin/nsupdate -g

        #idmap config *:backend = ad
        #idmap config *:range = 2000-9999
        #idmap config for domain E-TRUST
        #idmap config DRAGONLANCE:backend = ad
        #idmap config DRAGONLANCE:schema_mode = rfc2307
        #idmap config DRAGONLANCE:range = 10000-40000
        #idmap cache time = 1
        #idmap negative cache time = 1
        #winbind cache time = 1

        #log level=3
        #log level = 1 auth:3
        log file=/var/log/samba/%M.log

[netlogon]
        path = /var/lib/samba/sysvol/dragonlance.org/scripts
        read only = No
        browseable = No

[sysvol]
        path = /var/lib/samba/sysvol
        read only = No
        browseable = No




--

	
Vinicius Silva
SOC


BRA: + 55 51 2117.1000 | 55 11 5521.2021
USA: + 1 888 259.5801
vbs@xxxxxxxxxxxxxx
skype: vinicius.bones.silva

	







	Smiley face

www.e-trust.com.br <http://www.e-trust.com.br/>


Esta mensagem pode conter informações confidenciais ou privilegiadas. Se você recebeu esta mensagem por engano, você não deve usar, copiar, divulgar ou tomar qualquer atitude com base nestas informações. Solicitamos que você apague a mensagem imediatamente e avise a E-TRUST, enviando um e-mail para suporte@xxxxxxxxxxxxxx. Opiniões, conclusões ou informações contidas nesta mensagem não necessariamente refletem a posição oficial da E-TRUST. Caso assinada digitalmente, a autenticidade desta mensagem pode ser confirmada pela Autoridade Certificadora Privada E-TRUST, disponível em www.e-trust.com.br.

This message may contain privileged and confidential information for the use of the intended recipients only. If you are not an intended recipient then you should not disseminate, copy, or take any action based on its contents. If you have received this message in error then please notify E-TRUST by sending an e-mail message to suporte@xxxxxxxxxxxxxx immediately. Views and opinions expressed in this message do not necessarily reflect the position of E-TRUST. If this message is digitally signed, its authenticity can be confirmed by E-TRUST Private Certificate Authority, available at www.e-trust.com.br.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba