[Samba] Limit AD for Winbind

[Daniel Frey]

Hello guys,

I'm using Winbind to integrate my Active Directory Users into Linux.

The Domain is very big and is in trust with four other Domains.

I've about 100,000+ users. 

Sometimes everything works perfect, wbinfo -u and wbinfo -g parse the correct users/groups but when I restart Samba + Winbind it does not work anymore.

When I first try wbinfo -m it lists all trusted domains but when I try wbinfo -u after, it responds "Error looking up domain users" and wbinfo -m does also not work any more.

Later, it seems to work again but I don't know why.

Do you have an answer to this?

I was thinking about limiting the users that'll be integtrated from winbind. Is there any possibility to do this? I only need one of the four trusted domains but don't know a function to limit this.

"allow trusted domains = Yes" only gives me the opportunity to disable or enable all trusted domains, not to enable one specific domain.

Hope you guys can help me with this. Thanks!

smb.conf:
[global]

        server string = Test

        workgroup = MYDOMAIN
        netbios name = SERVERNAME
        realm = MYDOMAIN.LOCAL
        idmap uid = 10000-200000
        idmap gid = 10000-200000
        winbind separator = /
        winbind use default domain = Yes
        security = ADS
        encrypt passwords = yes
        password server = server.mydomain.local
        client use spnego = yes

        winbind enum users = yes
        winbind enum groups = yes

        template shell = /bin/bash
        template homedir = /home/%D/%U

        allow trusted domains = Yes

        winbind cache time = 300

[share]
        comment = Testshare
        path = /home/share
        browseable = yes
        read only = no
        guest ok = no
        valid users = @TRUSTEDDOMAIN/MYGROUP
        create mask = 0770
        directory mask = 0770


-- 
"Feel free" - 5 GB Mailbox, 50 FreeSMS/Monat ...
Jetzt GMX ProMail testen: www.gmx.net/de/go/mailfooter/promail-out