Web lists-archives.com

Re: [Samba] Fwd: Re: Ressources needed (cpus, ram, etc.) for a Samba server





Log level to 10 was for debug reasons, I can now surely set to 1 now.
Concerning idmap config IPGAD, I don't see why is the reason to start at 1...
I will set to 10000 as according to the documentation, thank you.

What do you mean by "
You are also using the winbind 'ad' backend, so have you added
anything to AD ?
" ?


Le 10/04/2019 à 12:38, Rowland Penny via samba a écrit :
On Wed, 10 Apr 2019 12:08:55 -0300
Edouard Guigné via samba <samba@xxxxxxxxxxxxxxx> wrote:

Hello Rowland,

Yes, this is an Unix Domain member.

Below, my smb.conf :

[global]
      security = ads
      realm = IPGAD.MYDOMAIN.FR
      workgroup = IPGAD
      kerberos method = secrets and keytab
      server signing = mandatory
      client signing = mandatory
      hosts allow = 127. 10.9.X. 10.9.X. 10.9.X. 10.9.4. 10.9.X.
      hosts deny = 10.9.X. 10.9.X.

      log file = /var/log/samba/%m.log
      max log size = 5000

      log level = 10
      local master = no
      domain master = no
      preferred master = no
      use sendfile = true
      load printers = no
      cups options = raw
      printcap name = /dev/null

     disable spoolss = yes

      vfs objects = acl_xattr
      map acl inherit = yes
      store dos attributes = yes

     idmap config * : backend = tdb
     idmap config * : range = 15000-99999

      winbind nss info = rfc2307
      idmap config IPGAD : backend = ad
      idmap config IPGAD : schema_mode = rfc2307
      idmap config IPGAD : range = 1-14999
      idmap config IPGAD : unix_nss_info = yes
      idmap config IPGAD : unix_primary_group = yes

      client min protocol = SMB2
I have removed all the default lines, but just a couple of questions
about [global]:

Why have you set the log level to 10 ? this will swamp your logfile.
Is there some reason why you have started the 'IPGAD' range at '1' ?
The normal practise is at '10000', also using '1' means that you
should move everything from /etc/passwd and /etc/group into AD, or to
put it another way, this is a stupid range.
You are also using the winbind 'ad' backend, so have you added
anything to AD ?
Have you read this:

https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member

and this:

https://wiki.samba.org/index.php/Idmap_config_ad

#[myshare]
[groups]
    comment = jaguar2
    path = /var/datashared
    public = no
    writable = yes
    guest ok = no
Interesting fact: 'public' is a synonym for 'guest ok', so you don't
need both and the default for 'guest ok' is 'no', so you don't really
need either.

Rowland



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba