[Samba] Limit AD for Winbind
Daniel Frey
Daniel_Fr at gmx.de
Tue Mar 20 15:25:30 GMT 2007
Hello guys,
I'm using Winbind to integrate my Active Directory Users into Linux.
The Domain is very big and is in trust with four other Domains.
I've about 100,000+ users.
Sometimes everything works perfect, wbinfo -u and wbinfo -g parse the correct users/groups but when I restart Samba + Winbind it does not work anymore.
When I first try wbinfo -m it lists all trusted domains but when I try wbinfo -u after, it responds "Error looking up domain users" and wbinfo -m does also not work any more.
Later, it seems to work again but I don't know why.
Do you have an answer to this?
I was thinking about limiting the users that'll be integtrated from winbind. Is there any possibility to do this? I only need one of the four trusted domains but don't know a function to limit this.
"allow trusted domains = Yes" only gives me the opportunity to disable or enable all trusted domains, not to enable one specific domain.
Hope you guys can help me with this. Thanks!
smb.conf:
[global]
server string = Test
workgroup = MYDOMAIN
netbios name = SERVERNAME
realm = MYDOMAIN.LOCAL
idmap uid = 10000-200000
idmap gid = 10000-200000
winbind separator = /
winbind use default domain = Yes
security = ADS
encrypt passwords = yes
password server = server.mydomain.local
client use spnego = yes
winbind enum users = yes
winbind enum groups = yes
template shell = /bin/bash
template homedir = /home/%D/%U
allow trusted domains = Yes
winbind cache time = 300
[share]
comment = Testshare
path = /home/share
browseable = yes
read only = no
guest ok = no
valid users = @TRUSTEDDOMAIN/MYGROUP
create mask = 0770
directory mask = 0770
--
"Feel free" - 5 GB Mailbox, 50 FreeSMS/Monat ...
Jetzt GMX ProMail testen: www.gmx.net/de/go/mailfooter/promail-out
More information about the samba
mailing list