Re: [Samba] Setup a new samba AD DC
- Date: Tue, 25 Apr 2017 17:53:41 +0100
- From: Rowland Penny via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] Setup a new samba AD DC
On Tue, 25 Apr 2017 18:29:47 +0200
Dario Lesca via samba <samba@xxxxxxxxxxxxxxx> wrote:
> Another questions:
> Where is the better place to set:
> - logon script = netlogon.bat
> and other logon options
Actually the best place to set them is per user in AD.
> - wins support = yes
No where, AD uses DNS instead
> - load printers = yes
On the computer that you want to be a print server, in your case
probably the member server.
> I have join a samba server to AD with success.
> This is my member server smb.conf
> password server = fedora-addc.solinos.loc
Can I suggest you remove the above line, the domain member should find
it via dns
> winbind enum users = yes
> winbind enum groups = yes
You should remove the 'winbind enum' lines, you do not need them
> store dos attributes = yes
You should also add:
vfs objects = acl_xattr
map acl inherit = Yes
> this my /etc/krb5.conf
You only actually need:
> > [libdefaults]
> > default_realm = SOLINOS.LOC
> > dns_lookup_realm = false
> > dns_lookup_kdc = true
> I have start with "idmap config * : range = 16777216-33554431" (now
> commented) then I have change it to new per domain value.
> I must to reset some cache? How to reset the local ID?
> If I check the user still have the old id mapping (I believe)
Run 'net cache flush'
To unsubscribe from this list go to the following URL and read the