Web lists-archives.com

Re: [Samba] Fwd: Re: Ressources needed (cpus, ram, etc.) for a Samba server

Log level to 10 was for debug reasons, I can now surely set to 1 now.
Concerning idmap config IPGAD, I don't see why is the reason to start at 1...
I will set to 10000 as according to the documentation, thank you.

What do you mean by "
You are also using the winbind 'ad' backend, so have you added
anything to AD ?
" ?

Le 10/04/2019 à 12:38, Rowland Penny via samba a écrit :
On Wed, 10 Apr 2019 12:08:55 -0300
Edouard Guigné via samba <samba@xxxxxxxxxxxxxxx> wrote:

Hello Rowland,

Yes, this is an Unix Domain member.

Below, my smb.conf :

      security = ads
      realm = IPGAD.MYDOMAIN.FR
      workgroup = IPGAD
      kerberos method = secrets and keytab
      server signing = mandatory
      client signing = mandatory
      hosts allow = 127. 10.9.X. 10.9.X. 10.9.X. 10.9.4. 10.9.X.
      hosts deny = 10.9.X. 10.9.X.

      log file = /var/log/samba/%m.log
      max log size = 5000

      log level = 10
      local master = no
      domain master = no
      preferred master = no
      use sendfile = true
      load printers = no
      cups options = raw
      printcap name = /dev/null

     disable spoolss = yes

      vfs objects = acl_xattr
      map acl inherit = yes
      store dos attributes = yes

     idmap config * : backend = tdb
     idmap config * : range = 15000-99999

      winbind nss info = rfc2307
      idmap config IPGAD : backend = ad
      idmap config IPGAD : schema_mode = rfc2307
      idmap config IPGAD : range = 1-14999
      idmap config IPGAD : unix_nss_info = yes
      idmap config IPGAD : unix_primary_group = yes

      client min protocol = SMB2
I have removed all the default lines, but just a couple of questions
about [global]:

Why have you set the log level to 10 ? this will swamp your logfile.
Is there some reason why you have started the 'IPGAD' range at '1' ?
The normal practise is at '10000', also using '1' means that you
should move everything from /etc/passwd and /etc/group into AD, or to
put it another way, this is a stupid range.
You are also using the winbind 'ad' backend, so have you added
anything to AD ?
Have you read this:


and this:


    comment = jaguar2
    path = /var/datashared
    public = no
    writable = yes
    guest ok = no
Interesting fact: 'public' is a synonym for 'guest ok', so you don't
need both and the default for 'guest ok' is 'no', so you don't really
need either.


To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba