Web lists-archives.com

Re: [Samba] Samba 4.3.13 logon oddity on Solaris 10




On Mon, 02 Jul 2018 12:04:10 +0200
Bernd Markgraf <bernd.markgraf@xxxxxxxxxxx> wrote:

> Do you agree that this is a valid smb.conf that should work:
> [global]
>        security = ADS
>        encrypt passwords = yes
>        workgroup = MD-DZNE
>        realm = MAGDEBURG.DZNE.DS
> 
>        log file = /opt/samba4/var/log/%m.log
>        log level = 1 
> 
>        idmap config *:backend = tdb
>        idmap config *:range = 3000-7999
>        idmap config MD-DZNE:backend = ad
>        idmap config MD-DZNE:schema_mode = rfc2307
>        idmap config MD-DZNE:range = 10000-999999
> 
>        winbind nss info = rfc2307
>        winbind use default domain = yes
>        winbind enum users = Yes
>        winbind enum groups = Yes
>        kerberos method = system keytab
> 

Provided that your users have a uidNumber attribute containing a unique
number inside the '10000-999999' range AND Domain Users has a gidNumber
attribute containing a number inside the same range, then, yes it is a
valid smb.conf. These attributes are not added automatically, you must
add them manually.

There are lines I would remove though:

encrypt passwords = yes # This a default setting

winbind enum users = Yes
winbind enum groups = Yes # These are not required and can slow things
down.
 
kerberos method = system keytab # you shouldn't really have this.

Rowland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba