Web lists-archives.com

Re: [Samba] sometimes users fails to login




On Mon, 18 Mar 2019 18:43:54 +0100
Andrea Cucciarre' <acucciarre@xxxxxxxxxxxx> wrote:

> Hello,
> 
> Still fighting on this issue, now sometimes I get the following (may
> be) relevant errors:
> 

I have shortened your smb.conf to just the problem areas ;-)

> Hereafter my smb.conf:
> 
> [global]

> idmap config * : backend = tdb
> idmap config * : range = 30000-40000
> idmap config * : schema_mode = rfc2307

You do not use the line above with the default '*' domain

> idmap config BITINTRA : backend = ad
> idmap config BITINTRA : range = 1000000-3000000
> idmap config BITINTRA : schema_mode = rfc2307

> idmap config BUILTIN : backend = ad
> idmap config BUILTIN : range = 10000001-11000000
> idmap config BUILTIN : schema_mode = rfc2307

The BUILTIN domain is covered by the default '*' domain, so shouldn't
be set in smb.conf

> winbind nss info = rfc2307

If I remember correctly, you are using Samba 4.6.x and the above line
has been replaced by:

idmap config DOMAIN : unix_nss_info = yes

Which needs setting on all the 'idmap config' blocks e.g.

idmap config BITINTRA : backend = ad
idmap config BITINTRA : range = 1000000-3000000
idmap config BITINTRA : schema_mode = rfc2307
idmap config BITINTRA : unix_nss_info = yes

Finally, do you have trusts setup to all the Domains ?

Rowland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba