Web lists-archives.com

Re: [Samba] Access to sharing by hostname but not by its IP




On Tue, 25 Jul 2017 14:52:37 +0200
Marc-Henri Pamiseux via samba <samba@xxxxxxxxxxxxxxx> wrote:

Just a few comments on your smb.conf:

> 
>         password server = hera.local.mydomain

You should remove the above line, Samba will find the best DC to use.

>         encrypt passwords = Yes

The above line is a default and as such could be removed.
 
> 
>         idmap config * : backend = tdb
>         idmap config * : range = 950-999

The '*' domain is for the Well Know SIDs and anything outside the
'MYDOMAIN' domain, there are 96 Well known SIDS, therefore your range
isn't big enough.

>         idmap config MYDOMAIN:backend  = ad
>         idmap config MYDOMAIN:range  = 1000-3000300

By using a 'domain range that starts at '1000' means that you cannot
have ANY local Unix users.

>         idmap config MYDOMAIN:unix_nss_info = yes
>         idmap config MYDOMAIN:schema_mode = rfc2307
>         idmap config MYDOMAIN:unix_primary_group = yes

Do the users groups exist with a gidNumber inside '1000-3000300' ?

>         vfs objects = acl_xattr dfs_samba4

Why are you using 'dfs_samba4' ?

As for the shares, you would be better setting the permissions from
windows, see here:

https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs

Rowland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba