Web lists-archives.com

Re: [Samba] Fwd: Re: Ressources needed (cpus, ram, etc.) for a Samba server




On Wed, 10 Apr 2019 12:08:55 -0300
Edouard Guigné via samba <samba@xxxxxxxxxxxxxxx> wrote:

> Hello Rowland,
> 
> Yes, this is an Unix Domain member.
> 
> Below, my smb.conf :
> 
> [global]
>      security = ads
>      realm = IPGAD.MYDOMAIN.FR
>      workgroup = IPGAD
>      kerberos method = secrets and keytab
>      server signing = mandatory
>      client signing = mandatory
>      hosts allow = 127. 10.9.X. 10.9.X. 10.9.X. 10.9.4. 10.9.X.
>      hosts deny = 10.9.X. 10.9.X.
> 
>      log file = /var/log/samba/%m.log
>      max log size = 5000
> 
>      log level = 10
>      local master = no
>      domain master = no
>      preferred master = no
>      use sendfile = true
>      load printers = no
>      cups options = raw
>      printcap name = /dev/null
> 
>     disable spoolss = yes
> 
>      vfs objects = acl_xattr
>      map acl inherit = yes
>      store dos attributes = yes
> 
>     idmap config * : backend = tdb
>     idmap config * : range = 15000-99999
> 
>      winbind nss info = rfc2307
>      idmap config IPGAD : backend = ad
>      idmap config IPGAD : schema_mode = rfc2307
>      idmap config IPGAD : range = 1-14999
>      idmap config IPGAD : unix_nss_info = yes
>      idmap config IPGAD : unix_primary_group = yes
> 
>      client min protocol = SMB2

I have removed all the default lines, but just a couple of questions
about [global]:

Why have you set the log level to 10 ? this will swamp your logfile.
Is there some reason why you have started the 'IPGAD' range at '1' ?
The normal practise is at '10000', also using '1' means that you
should move everything from /etc/passwd and /etc/group into AD, or to
put it another way, this is a stupid range.
You are also using the winbind 'ad' backend, so have you added
anything to AD ?
Have you read this:

https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member

and this:

https://wiki.samba.org/index.php/Idmap_config_ad

> 
> #[myshare]
> [groups]
>    comment = jaguar2
>    path = /var/datashared
>    public = no
>    writable = yes
>    guest ok = no

Interesting fact: 'public' is a synonym for 'guest ok', so you don't
need both and the default for 'guest ok' is 'no', so you don't really
need either.

Rowland


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba