Web lists-archives.com

Re: [Samba] Advice on Winbindd and NTLM Auth Performance




On Fri, 1 Sep 2017 23:30:53 +0100
Arnab Roy <arniekol@xxxxxxxxx> wrote:

> Hello Everyone,
> 
> Thanks for your inputs I have followed whats here
> https://wiki.freeradius.org/guide/Active-Directory-direct-via-winbind
> Apart from the different location for the directories. I have added
> the recommended options in samba.

That howto seems to have been dated even when it was written and you
haven't added all the 'recommended options'.
The howto tells you to add these lines:

 idmap uid = 16777216-33554431
 idmap gid = 16777216-33554431

These were marked as deprecated on 3.6 and you should be using lines
like these:

    idmap config *:backend = tdb
    idmap config *:range = 2000-9999
    idmap config SAMDOM : backend = rid
    idmap config SAMDOM : range = 10000-999999

Without these lines, winbind doesn't know who your users & groups are.

Or are you using sssd ?
If so, then Samba isn't doing authentication.

Rowland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba