[Samba] getent acting unreliable with idmap_ad

Robert Grasso robert.grasso+nv at cedrat.com
Tue Aug 3 03:16:45 MDT 2010 

> > I just filled it up properly, but did not mention Kerberos 
> in any way in smb.conf
> 
> Doh, that's what I have too.
> 
> Any chance you could send me a copy of your smb.conf?
> 

well, no problem, I am sure it is not a great piece of smb.conf, actually : here it is : it is the one for my desktop : I removed
the comments and our private names and IPs :

[global]
   netbios name = short
   workgroup = WG
   realm = WG.LAN
   server string = Samba Server - long_name
   hosts allow = 10.0. 127.
   smb ports = 445
   #printcap name = /etc/printcap
   printcap name = cups
   load printers = yes
    printing = cups
cups options = raw
 log level = 1
 log file = /var/log/samba/%m.log
   max log size = 10000
   security = ADS
    password server = s1,s2
   encrypt passwords = yes
   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
   preferred master = no
name resolve order = wins bcast
    wins server = IP1 IP2
   dns proxy = yes 
   idmap domains = ALLDOMAINS
   idmap config ALLDOMAINS:backend = ad
   idmap config ALLDOMAINS:default = yes
   idmap config ALLDOMAINS:schema_mode = sfu
   idmap config ALLDOMAINS:range = 500 - 20000
   template homedir = /home/%U
   winbind use default domain = yes
   winbind separator = +
   winbind enum users = yes
   winbind enum groups = yes
   winbind nss info = template sfu
   winbind offline logon = true
   winbind refresh tickets = true

Some comments : 
- I used "netbios name", as my desktop Unix name is longer than 15 characters - Windows or Samba did not like it ...
- we have two names for our AD domain - our winadmin did not solve this issue so far, thus I put one name as the "workgroup" and the
other name as the kerberos "realm" ...
- I let "template homedir" in smb.conf by sheer lazyness, with SFU I don't use it
- I used to set "winbind offline logon" and "winbind refresh tickets" when my Samba was unstable, they were tests - then, once I
found the true solution, lazyness again ...

Hope this helps
---
Robert GRASSO 
System Engineer

CEDRAT
15, Chemin de Malacher - Inovallée - 38246 MEYLAN Cedex - FRANCE 
Tel: +33 (0)4 76 90 50 45 Fax: +33 (0)4 76 90 16 09
mailto:Robert.Grasso at cedrat.com
---
Support service       : mailto:support at cedrat.com 
Commercial service : mailto:cedrat at cedrat.com 
Web site                  : http://www.cedrat.com

More information about the samba mailing list