Web lists-archives.com

Re: [Samba] Samba 4.3.13 logon oddity on Solaris 10




On Mon, 02 Jul 2018 12:38:54 +0200
Bernd Markgraf <bernd.markgraf@xxxxxxxxxxx> wrote:

> On Mon, 2018-07-02 at 11:30 +0100, Rowland Penny via samba wrote:
> 
> > Provided that your users have a uidNumber attribute containing a
> > unique number inside the '10000-999999' range AND Domain Users has a
> > gidNumber attribute containing a number inside the same range, then,
> > yes it is a valid smb.conf. These attributes are not added
> > automatically, you must add them manually.
> Yes all UID/GID numbers stored in the AD user objects are unique and
> start at 10000. Both attributes are set for all users.
> 
> > There are lines I would remove though:
> > 
> > encrypt passwords = yes # This a default setting
> > 
> > winbind enum users = Yes
> > winbind enum groups = Yes # These are not required and can slow
> > things
> > down.
> Thanks, I removed them now.
> 
> > kerberos method = system keytab # you shouldn't really have this.
> Removed too. What's wrong with that line? My understanding was that it
> tells samba to use the system's global keytab. I don't see much harm
> in that?

Because you should be using the default 'secrets.tdb', your setting had
turned this off. You only need a separate keytab if there is something
that needs it and, if so, you should use 'kerberos method = secrets and
keytab'

> 
> So now that I have a valid smb.conf - the initial problem persists.
> How do I proceed to resolve this issue?

Is there a firewall or similar getting in the way ?
Is the output of 'net ads testjoin' 'Join is OK' ?
 
Rowland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba