[Samba] Limit AD for Winbind
Guenther Deschner
gd at samba.org
Tue Mar 20 15:30:29 GMT 2007
Hi,
Daniel Frey wrote:
> smb.conf:
> [global]
>
> server string = Test
>
> workgroup = MYDOMAIN
> netbios name = SERVERNAME
> realm = MYDOMAIN.LOCAL
> idmap uid = 10000-200000
> idmap gid = 10000-200000
> winbind separator = /
> winbind use default domain = Yes
> security = ADS
> encrypt passwords = yes
> password server = server.mydomain.local
> client use spnego = yes
>
> winbind enum users = yes
> winbind enum groups = yes
It would be a very good decision the turn the two above to "no". This is
the default in recent samba versions anyway.
Apart from that you should use a very recent Samba version. There have
been huge improvements achieved for large domains.
Guenther
--
Günther Deschner GPG-ID: 8EE11688
Red Hat gdeschner at redhat.com
Samba Team gd at samba.org
More information about the samba
mailing list