[Samba] Member Server Setup Assistance
Rowland Penny
rowlandpenny at googlemail.com
Fri Jan 2 11:14:48 MST 2015
On 02/01/15 18:01, James wrote:
> Rowland,
>
> That did it! Thank you so much. I do have a question regarding the
> 'getent' command before setting up file shares. When I run 'getent
> group Domain\ Users' I get
>
> domain_users:x:10000:user1,user2,user3,user4,user5,user6,user7,user8
>
> Why does it show these specific users? I would assume it would only
> show my 'tuser'. I don't have uid's set for anyone else.
When you run 'getent group Domain\ Users' it gets the groups gidNumber
(10000 in your case) and the contents any 'member' attributes, so I
presume if you examine the groups AD object, you would find 8 'member'
attribute lines.
But if you were to run 'getent passwd user5', you would only get a
response if 'user5' has a 'uidNumber'.
Rowland
>
> On 1/2/2015 12:38 PM, Rowland Penny wrote:
>> On 02/01/15 17:26, James wrote:
>>> Rowland,
>>>
>>> I did forget to change it. Is it as simple as renaming now or
>>> did I screw up?
>>>
>>> On 1/2/2015 12:18 PM, Rowland Penny wrote:
>>>> On 02/01/15 17:07, James wrote:
>>>>> Rowland,
>>>>>
>>>>> I had a typo in my hosts file which is the reason my initial
>>>>> DNS update failed. Corrected and joined again. Successfully joined
>>>>> and updated DNS A record. I then made sure to give 'Domain users'
>>>>> a id of 10000. I am now able to run' getent passwd' and see all my
>>>>> domain users! YES! However I still see something that confuses me.
>>>>> When I run 'id tuser' I get the following.
>>>>>
>>>>> uid=2155(tuser) gid=2002(domain_users)
>>>>> groups=2002(domain_users),2004(remote_desktop_users_group),2001(BUILTIN\users)
>>>>>
>>>>> Why is the uid 2155 and not 10001?
>>>>>
>>>>>
>>>>>
>>>>> On 1/2/2015 12:00 PM, Rowland Penny wrote:
>>>>>> On 02/01/15 16:57, James wrote:
>>>>>>> Rowland,
>>>>>>>
>>>>>>> I've gotten a bit further. It appears my use of '.local' is
>>>>>>> causing the issue from what I've researched. I ran
>>>>>>> '|/etc/init.d/avahi-daemon stop'. |This allowed me to
>>>>>>> successfully join the domain.
>>>>>>>
>>>>>>> Enter administrator at DOMAIN.LOCAL's password:
>>>>>>> Using short domain name -- DOMAIN
>>>>>>> Joined 'PFMEMBER1' to dns domain 'domain.local'
>>>>>>> DNS Update for pfmember1.local failed: ERROR_DNS_UPDATE_FAILED
>>>>>>> DNS update failed: NT_STATUS_UNSUCCESSFUL
>>>>>>> ||
>>>>>>> On 1/2/2015 8:55 AM, Rowland Penny wrote:
>>>>>>>> On 02/01/15 13:41, James wrote:
>>>>>>>>> Hi Rowland,
>>>>>>>>>
>>>>>>>>> If you don't mind I like to post my member server
>>>>>>>>> configuration as I attempt again. This is how my member
>>>>>>>>> server(Ubuntu 12.04) is configured after fresh install and
>>>>>>>>> prior to Samba build. Anything I'm missing that could cause my
>>>>>>>>> issue as I proceed? I assume no other prerequisites must be
>>>>>>>>> done on the other DC's either? Thanks.
>>>>>>>>>
>>>>>>>>> /*# From Wiki for DC build*/
>>>>>>>>> apt-get install build-essential libacl1-dev libattr1-dev
>>>>>>>>> libblkid-dev libgnutls-dev libreadline-dev python-dev
>>>>>>>>> libpam0g-dev python-dnspython gdb pkg-config libpopt-dev
>>>>>>>>> libldap2-dev dnsutils libbsd-dev attr krb5-user docbook-xsl
>>>>>>>>> libcups2-dev acl
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> /*# Fstab file*/
>>>>>>>>> ext4 errors=remount-ro,user_xattr,acl,barrier=1 1 1
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> */# Hosts File/*
>>>>>>>>> 127.0.0.1 localhost
>>>>>>>>> 172.16.232.25 pfmember1.domain.local pfmember1
>>>>>>>>>
>>>>>>>>> # The following lines are desirable for IPv6 capable hosts
>>>>>>>>> ::1 ip6-localhost ip6-loopback
>>>>>>>>> fe00::0 ip6-localnet
>>>>>>>>> ff00::0 ip6-mcastprefix
>>>>>>>>> ff02::1 ip6-allnodes
>>>>>>>>> ff02::2 ip6-allrouters
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> */# Hostname/* */File/*
>>>>>>>>> pfmember1.domain.local
>>>>>>>>
>>>>>>>> if you are referring to /etc/hostname, then it should just
>>>>>>>> contain 'pfmember1'.
>>>>>>>>
>>>>>>>> Also, are you fixed on using Ubuntu 12.04, if you were to use
>>>>>>>> Debian Wheezy and backports, you wouldn't have to compile samba4.
>>>>>>>>
>>>>>>>> Rowland
>>>>>>>>
>>>>>>>>>
>>>>>>>>> */#/network/interfaces/*
>>>>>>>>> # This file describes the network interfaces available on your
>>>>>>>>> system
>>>>>>>>> # and how to activate them. For more information, see
>>>>>>>>> interfaces(5).
>>>>>>>>>
>>>>>>>>> # The loopback network interface
>>>>>>>>> auto lo
>>>>>>>>> iface lo inet loopback
>>>>>>>>>
>>>>>>>>> # The primary network interface
>>>>>>>>> auto eth0
>>>>>>>>> iface eth0 inet static
>>>>>>>>> address 172.16.232.25
>>>>>>>>> netmask 255.255.255.0
>>>>>>>>> gateway 172.16.232.201
>>>>>>>>> network 172.16.232.0
>>>>>>>>> broadcast 172.16.232.255
>>>>>>>>> dns-search domain.local
>>>>>>>>> dns-nameservers 172.16.232.29
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On 1/1/2015 4:34 AM, Rowland Penny wrote:
>>>>>>>>>> On 01/01/15 00:07, James wrote:
>>>>>>>>>>> Hi Rowland,
>>>>>>>>>>>
>>>>>>>>>>> I forgot to tell you the results were from my Domain
>>>>>>>>>>> Controller and not the member server. Member server returned
>>>>>>>>>>> something to the effect of 'user not found'. I am only
>>>>>>>>>>> starting the 3 services(smbd,nmbd and windbindd) listed in
>>>>>>>>>>> the wiki. Should I be starting Samba with command line
>>>>>>>>>>> switches to start as a member server? Is that even possible?
>>>>>>>>>>
>>>>>>>>>> Hi, there are two ways of running samba4, the classic or
>>>>>>>>>> original way that samba3 was used, or as an AD DC. If you run
>>>>>>>>>> samba4 in the classic way, you need to start the smbd & nmbd
>>>>>>>>>> deamons and optionally the winbind daemon. If you use samba4
>>>>>>>>>> as an AD DC, then you only start the samba daemon, this will
>>>>>>>>>> start any other required deamons, you only start the samba
>>>>>>>>>> daemon on an AD DC.
>>>>>>>>>>
>>>>>>>>>> As you are trying to set up a member server, you must carry
>>>>>>>>>> out the tests on the member server.
>>>>>>>>>>
>>>>>>>>>> Rowland
>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> Thanks for you smb.conf. I will attempt again using your
>>>>>>>>>>> smb.conf as a template and try again.
>>>>>>>>>>>
>>>>>>>>>>> On 12/31/2014 2:20 PM, Rowland Penny wrote:
>>>>>>>>>>>> On 31/12/14 19:07, James wrote:
>>>>>>>>>>>>> Rowland,
>>>>>>>>>>>>>
>>>>>>>>>>>>> I decided to start over with a fresh install and
>>>>>>>>>>>>> attempted again. Only change I made was to start my
>>>>>>>>>>>>> mappings at 10000. I gave 'Domain Users' group gid 10000
>>>>>>>>>>>>> and 'tuser' has uid 10001. Still didn't work btw.
>>>>>>>>>>>>>
>>>>>>>>>>>>> dn: CN=Test User,CN=Users,DC=domain,DC=local
>>>>>>>>>>>>> objectClass: top
>>>>>>>>>>>>> objectClass: person
>>>>>>>>>>>>> objectClass: organizationalPerson
>>>>>>>>>>>>> objectClass: user
>>>>>>>>>>>>> cn: Test User
>>>>>>>>>>>>> sn: User
>>>>>>>>>>>>> givenName: Test
>>>>>>>>>>>>> instanceType: 4
>>>>>>>>>>>>> whenCreated: 20141231172021.0Z
>>>>>>>>>>>>> displayName: Test User
>>>>>>>>>>>>> uSNCreated: 477557
>>>>>>>>>>>>> name: Test User
>>>>>>>>>>>>> objectGUID: 90f95763-fe52-42b9-af86-8a84a4d5dd78
>>>>>>>>>>>>> userAccountControl: 66048
>>>>>>>>>>>>> codePage: 0
>>>>>>>>>>>>> countryCode: 0
>>>>>>>>>>>>> pwdLastSet: 130645200220000000
>>>>>>>>>>>>> primaryGroupID: 513
>>>>>>>>>>>>> objectSid: S-1-5-21-940051827-2291820289-3341758437-3126
>>>>>>>>>>>>> accountExpires: 9223372036854775807
>>>>>>>>>>>>> sAMAccountName: tuser
>>>>>>>>>>>>> sAMAccountType: 805306368
>>>>>>>>>>>>> userPrincipalName: tuser at domain.local
>>>>>>>>>>>>> objectCategory:
>>>>>>>>>>>>> CN=Person,CN=Schema,CN=Configuration,DC=domain,DC=local
>>>>>>>>>>>>> unixUserPassword: ABCD!efgh12345$67890
>>>>>>>>>>>>> uid: tuser
>>>>>>>>>>>>> msSFU30Name: tuser
>>>>>>>>>>>>> msSFU30NisDomain: domain
>>>>>>>>>>>>> uidNumber: 10001
>>>>>>>>>>>>> loginShell: /bin/sh
>>>>>>>>>>>>> unixHomeDirectory: /home/tuser
>>>>>>>>>>>>> gidNumber: 10000
>>>>>>>>>>>>> whenChanged: 20141231185807.0Z
>>>>>>>>>>>>> uSNChanged: 477620
>>>>>>>>>>>>> distinguishedName: CN=Test User,CN=Users,DC=domain,DC=local
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> On 12/31/2014 1:50 PM, Rowland Penny wrote:
>>>>>>>>>>>>>> On 31/12/14 18:28, James wrote:
>>>>>>>>>>>>>>> Hi Rowland,
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> passwd: compat winbind
>>>>>>>>>>>>>>> group: compat winbind
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> 'getent passwd tuser' results in a blank terminal line.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> On 12/31/2014 1:12 PM, Rowland Penny wrote:
>>>>>>>>>>>>>>>> On 31/12/14 17:55, James wrote:
>>>>>>>>>>>>>>>>> Hi Rowland,
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> I did. Unfortunately something is still amiss. I
>>>>>>>>>>>>>>>>> do receive a response from 'getent group domain
>>>>>>>>>>>>>>>>> users'(users:x:100).
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> On 12/31/2014 12:26 PM, Rowland Penny wrote:
>>>>>>>>>>>>>>>>>> On 31/12/14 17:23, James wrote:
>>>>>>>>>>>>>>>>>>> Rowland,
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> I set a user with a uid and domain users group
>>>>>>>>>>>>>>>>>>> with a gid but I'm still unable to view them using
>>>>>>>>>>>>>>>>>>> 'id'. I do notice a few strange observations. If I
>>>>>>>>>>>>>>>>>>> go to another user to attempt to assign a uid. I get
>>>>>>>>>>>>>>>>>>> the default value of 10000. I would expect 2001
>>>>>>>>>>>>>>>>>>> given I set the first user with uid 2000. Groups
>>>>>>>>>>>>>>>>>>> however appear to increment.
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> On 12/31/2014 10:52 AM, Rowland Penny wrote:
>>>>>>>>>>>>>>>>>>>> On 31/12/14 15:42, James wrote:
>>>>>>>>>>>>>>>>>>>>> Hello Stefan,
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> I learned the hard way about .local. I
>>>>>>>>>>>>>>>>>>>>> understand going forward.
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> I do have an issue with the member server.
>>>>>>>>>>>>>>>>>>>>> Following along with the wiki I get stuck at
>>>>>>>>>>>>>>>>>>>>> 'Testing the Winbind user/group mapping'. Wbinfo
>>>>>>>>>>>>>>>>>>>>> works as expected but not
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> #*id DomainUser*
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> #*getent passwd*
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> #*getent group*
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> #*chown DomainUser:DomainGroup file*
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> #*chgrp DomainGroup file*
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> etc.
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> I receive 'id: sambauser: No such user'. It will
>>>>>>>>>>>>>>>>>>>>> only retrieve local machine users. Let me preface
>>>>>>>>>>>>>>>>>>>>> by saying this is a Ubuntu 12.04 server with Samba
>>>>>>>>>>>>>>>>>>>>> 4.1.14. Thanks.
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> On 12/31/2014 10:00 AM, Stefan Kania wrote:
>>>>>>>>>>>>>>>>>>>>>> -----BEGIN PGP SIGNED MESSAGE-----
>>>>>>>>>>>>>>>>>>>>>> Hash: SHA1
>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>> Hello James,
>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>> Am 31.12.2014 um 15:48 schrieb James:> Hello,
>>>>>>>>>>>>>>>>>>>>>>> I'm following along with the wiki(Setup a Samba
>>>>>>>>>>>>>>>>>>>>>>> AD Member Server)
>>>>>>>>>>>>>>>>>>>>>>> and I have a question after reading the 'Set up
>>>>>>>>>>>>>>>>>>>>>>> a basic smb.conf'
>>>>>>>>>>>>>>>>>>>>>>> section.
>>>>>>>>>>>>>>>>>>>>>> Please show us your smb.conf
>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>> Do I need to extend the schema in order for my
>>>>>>>>>>>>>>>>>>>>>> member server to
>>>>>>>>>>>>>>>>>>>>>>> successfully join and service file shares?
>>>>>>>>>>>>>>>>>>>>>> No, you dont have to.
>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>> Do I need to configure a
>>>>>>>>>>>>>>>>>>>>>>> krb5.conf file? Thanks.
>>>>>>>>>>>>>>>>>>>>>> If your DC is a samba4 DC just copy krb5.conf to
>>>>>>>>>>>>>>>>>>>>>> your new memberserver
>>>>>>>>>>>>>>>>>>>>>> Stefan
>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>> - -- Stefan Kania
>>>>>>>>>>>>>>>>>>>>>> Landweg 13
>>>>>>>>>>>>>>>>>>>>>> 25693 St. Michaelisdonn
>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>> Signieren jeder E-Mail hilft Spam zu reduzieren.
>>>>>>>>>>>>>>>>>>>>>> Signieren Sie ihre
>>>>>>>>>>>>>>>>>>>>>> E-Mail. Weiter Informationen unter
>>>>>>>>>>>>>>>>>>>>>> http://www.gnupg.org
>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>> Mein Schlüssel liegt auf
>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>> hkp://subkeys.pgp.net
>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>> -----BEGIN PGP SIGNATURE-----
>>>>>>>>>>>>>>>>>>>>>> Version: GnuPG v1
>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>> iEYEARECAAYFAlSkD3EACgkQ2JOGcNAHDTZdlwCgwsQF0g/pFp65ldcTMWDcJ1O7
>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>> LScAoLDzorUJNDCik4FP9dBUxKCbAbGN
>>>>>>>>>>>>>>>>>>>>>> =SOSt
>>>>>>>>>>>>>>>>>>>>>> -----END PGP SIGNATURE-----
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> If you followed the wiki, you will be using the
>>>>>>>>>>>>>>>>>>>> 'ad' backend. For this to work, you need to add
>>>>>>>>>>>>>>>>>>>> 'uidNumber' attributes to your users and a
>>>>>>>>>>>>>>>>>>>> 'gidNumber' attribute to at least the Domain Users
>>>>>>>>>>>>>>>>>>>> group. the numbers that you add must be between the
>>>>>>>>>>>>>>>>>>>> range you set in your smb.conf, again if you
>>>>>>>>>>>>>>>>>>>> followed the wiki, this will be between 500-40000.
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> Rowland
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> You have restarted samba, haven't you ?
>>>>>>>>>>>>>>>>>> You may have to wait a short time, or clear the cache
>>>>>>>>>>>>>>>>>> with 'net cache flush'
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> Rowland
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> OK, can you post the 'passwd' & 'group' lines from
>>>>>>>>>>>>>>>> /etc/nsswitch
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Do you get anything from 'getent passwd <a domain user>'
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Rowland
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>> OK, install ldb-tools if not already installed, then run:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> ldbedit -e nano -H /var/lib/samba/private/sam.ldb
>>>>>>>>>>>>>> sAMAccountName=tuser
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Post the (sanitized) result
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Rowland
>>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> OK, you added that user with ADUC (RSAT) and as such you
>>>>>>>>>>>> are using the std windows start number 10000, which is the
>>>>>>>>>>>> way I run samba. Here is my smb.conf from the laptop I am
>>>>>>>>>>>> writing this on:
>>>>>>>>>>>>
>>>>>>>>>>>> [global]
>>>>>>>>>>>> workgroup = EXAMPLE
>>>>>>>>>>>> security = ADS
>>>>>>>>>>>> realm = EXAMPLE.COM
>>>>>>>>>>>> dedicated keytab file = /etc/krb5.keytab
>>>>>>>>>>>> kerberos method = secrets and keytab
>>>>>>>>>>>> server string = Samba 4 Client %h
>>>>>>>>>>>> winbind enum users = yes
>>>>>>>>>>>> winbind enum groups = yes
>>>>>>>>>>>> winbind use default domain = yes
>>>>>>>>>>>> winbind expand groups = 4
>>>>>>>>>>>> winbind nss info = rfc2307
>>>>>>>>>>>> winbind refresh tickets = Yes
>>>>>>>>>>>> winbind normalize names = Yes
>>>>>>>>>>>> idmap config * : backend = tdb
>>>>>>>>>>>> idmap config * : range = 2000-9999
>>>>>>>>>>>> idmap config EXAMPLE : backend = ad
>>>>>>>>>>>> idmap config EXAMPLE : range = 10000-999999
>>>>>>>>>>>> idmap config EXAMPLE : schema_mode = rfc2307
>>>>>>>>>>>> printcap name = cups
>>>>>>>>>>>> cups options = raw
>>>>>>>>>>>> usershare allow guests = yes
>>>>>>>>>>>> domain master = no
>>>>>>>>>>>> local master = no
>>>>>>>>>>>> preferred master = no
>>>>>>>>>>>> os level = 20
>>>>>>>>>>>> map to guest = bad user
>>>>>>>>>>>> vfs objects = acl_xattr
>>>>>>>>>>>> map acl inherit = Yes
>>>>>>>>>>>> store dos attributes = Yes
>>>>>>>>>>>>
>>>>>>>>>>>> Compare it with yours, I can assure you it works.
>>>>>>>>>>>>
>>>>>>>>>>>> Rowland
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> -James
>>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> -James
>>>>>>
>>>>>> OK, you have *now* found out one of the reasons you shouldn't use
>>>>>> the .local suffix
>>>>>>
>>>>>> But does anything else work?
>>>>>>
>>>>>> Rowland
>>>>>
>>>>> --
>>>>> -James
>>>>
>>>> OK, well it seems to be a step in the right direction :-)
>>>>
>>>> Have you changed 'EXAMPLE' in these lines:
>>>>
>>>> idmap config * : backend = tdb
>>>> idmap config * : range = 2000-9999
>>>> idmap config EXAMPLE : backend = ad
>>>> idmap config EXAMPLE : range = 10000-999999
>>>> idmap config EXAMPLE:schema_mode = rfc2307
>>>>
>>>> They need to be changed for your *WORKGROUP* name.
>>>>
>>>> Rowland
>>>>
>>>>
>>>
>>> --
>>> -James
>>
>> Just change it, stop samba and winbind, run 'net cache flush' and
>> restart samba & winbind.
>>
>> Rowland
>>
>
> --
> -James
More information about the samba
mailing list