[Samba] idmap backend = ad and Active Directory 2008R2
Jonathan Buzzard
jonathan at buzzard.me.uk
Thu May 31 06:36:01 MDT 2012
This is a working smb.conf CentOS 6.2 latest aka 3.5.10-116.el6_2.x86_6
configuration against a Windows 2008R2 domain. Note we are using GPFS as
our underlying file system and CTDB. All I have changed is the names
[global]
netbios name = NEMO
security = ads
workgroup = MYDOMAIN
realm = MYDOMAIN.MEGACORP.COM
password server = *
preferred master = no
encrypt passwords = yes
kerberos method = secrets only
# general options
vfs objects = shadow_copy2 fileid gpfs
unix extensions = no
mangled names = no
case sensitive = no
map untrusted to domain = yes
deadtime = 0
log level = 1
log file = /var/log/samba/%I.log
max log size = 100
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
SO_REUSEADDR SO_KEEPALIVE
# store DOS attributes in extended attributes (vfs_gpfs then stores them
in the file system)
ea support = yes
store dos attributes = yes
map readonly = no
map archive = no
map system = no
# the ctdb clustering and GPFS stuff
clustering = yes
ctdbd socket = /tmp/ctdb.socket
fileid : algorithm = fsname
gpfs : sharemodes = yes
gpfs : winattr = yes
force unknown acl user = yes
nfs4 : mode = special
nfs4 : chown = no
nfs4 : acedup = merge
# enable shadow copies
shadow : snapdir = /nemo/.snapshots
shadow : basedir = /nemo
shadow : fixinodes = yes
# silence warnings about CUPS
printing = bsd
printcap name = /etc/printcap
load printers = yes
cups options = raw
# stuff necessary for guest logins to work where required
guest account = nobody
map to guest = bad user
# fake the dfree information to match the fileset quota if it exists
dfree cache time = 15
dfree command = /var/lib/samba/scripts/mmdfree
# deal with NSS and the whole UID/SID id mapping stuff
idmap backend = tdb
idmap uid = 2000000 - 2999999
idmap gid = 2000000 - 2999999
idmap config MYDOMAIN : backend = ad
idmap config MYDOMAIN : schema_mode = rfc2307
idmap config MYDOMAIN : readonly = yes
idmap config MYDOMAIN : range = 500 - 1999999
idmap cache time = 604800
idmap negative cache time = 20
winbind cache time = 600
winbind nss info = rfc2307
winbind expand groups = 2
winbind nested groups = yes
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
winbind refresh tickets = yes
winbind offline logon = false
--
Jonathan A. Buzzard Email: jonathan (at) buzzard.me.uk
Fife, United Kingdom.
More information about the samba
mailing list