Re: [Samba] Fwd: Re: Ressources needed (cpus, ram, etc.) for a Samba server
- Date: Wed, 10 Apr 2019 16:38:12 +0100
- From: Rowland Penny via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] Fwd: Re: Ressources needed (cpus, ram, etc.) for a Samba server
On Wed, 10 Apr 2019 12:08:55 -0300
Edouard Guigné via samba <samba@xxxxxxxxxxxxxxx> wrote:
> Hello Rowland,
> Yes, this is an Unix Domain member.
> Below, my smb.conf :
> security = ads
> realm = IPGAD.MYDOMAIN.FR
> workgroup = IPGAD
> kerberos method = secrets and keytab
> server signing = mandatory
> client signing = mandatory
> hosts allow = 127. 10.9.X. 10.9.X. 10.9.X. 10.9.4. 10.9.X.
> hosts deny = 10.9.X. 10.9.X.
> log file = /var/log/samba/%m.log
> max log size = 5000
> log level = 10
> local master = no
> domain master = no
> preferred master = no
> use sendfile = true
> load printers = no
> cups options = raw
> printcap name = /dev/null
> disable spoolss = yes
> vfs objects = acl_xattr
> map acl inherit = yes
> store dos attributes = yes
> idmap config * : backend = tdb
> idmap config * : range = 15000-99999
> winbind nss info = rfc2307
> idmap config IPGAD : backend = ad
> idmap config IPGAD : schema_mode = rfc2307
> idmap config IPGAD : range = 1-14999
> idmap config IPGAD : unix_nss_info = yes
> idmap config IPGAD : unix_primary_group = yes
> client min protocol = SMB2
I have removed all the default lines, but just a couple of questions
Why have you set the log level to 10 ? this will swamp your logfile.
Is there some reason why you have started the 'IPGAD' range at '1' ?
The normal practise is at '10000', also using '1' means that you
should move everything from /etc/passwd and /etc/group into AD, or to
put it another way, this is a stupid range.
You are also using the winbind 'ad' backend, so have you added
anything to AD ?
Have you read this:
> comment = jaguar2
> path = /var/datashared
> public = no
> writable = yes
> guest ok = no
Interesting fact: 'public' is a synonym for 'guest ok', so you don't
need both and the default for 'guest ok' is 'no', so you don't really
To unsubscribe from this list go to the following URL and read the