Web lists-archives.com

Re: [Samba] 4.4.14 on solaris, using ads, can't read/write as user

On Thu, Jun 29, 2017 at 2:36 PM, Rowland Penny via samba <
samba@xxxxxxxxxxxxxxx> wrote:

> Your problems lie here:
>    idmap config * : range = 16777216-33554431
>    idmap config * : backend = rid
> Why use the range '16777216-33554431' ?

On a working Debian system with Samba 4.1, we have things
working OK with:

idmap config MYDOM : range = 70000-9999999999

I started with something like that yesterday, so what you saw today
was leftover guesses on something that might help.

> You cannot use 'rid' with the BUILTIN (*) domain, you should use 'tdb'

OK, I've switched it like the tdb example in your link.  Auth and
connection still working.

> And the main reason why it isn't working, you need a block for the
> 'MYDOM' domain, see here for more info:
> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
"Block" meaning something like:
in smb.conf?

I am not seeing it at the link.  I have not spotted anything on that page
we are missing other
than mapping the root user, which I'm assuming is optional.

I'm not getting the meaning of "need a block for the MYDOM domain".

Mind blown on the minimal krb5.conf example.  I've never seen one like it
before, but apparently it is enough.

I removed all of the lockdir, statedir and cachedir content and restarted
winbind and samba.

The "main reason" is really what I need to address, if I understood.
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba