[Samba] samba 4.0.6 getent group

smb l. ist smblist at tms3labs.com
Wed Jun 26 09:20:29 MDT 2013



Hello smb l. ist,

I read your mail on samba mail list.

I try also setup on 9.1 the samba 4.0.x, as domain member fileserver, but i find always problems..


I would like to ask you, if it is possibe:
can you send me configurations files listed below, helping me to find where i have the errors:

/etc/nsswitch.conf

passwd: files winbind
group: files winbind
hosts: files winbind dns
networks: files
shells: files

/etc/krb5.conf

[logging]
            default = SYSLOG:INFO:LOCAL7

[libdefaults]

   ticket_lifetime = 24000

   clock_skew = 300

   default_realm = TMS3.COM

   dns_lookup_realm = true

   dns_lookup_kdc = true



[realms]

   domain.LOCAL = {



       default_domain = tms3.com

}



[domain_realm]

   .domain.local = TMS3.COM

   domain.local = TMS3.COM


/etc/resolv.conf

search tms3.com
nameserver 192.168.64.1
nameserver 192.168.64.10

/etc/host.conf
/usr/local/etc/smb4.conf

see below

/etc/rc.conf

Not required for samba. Use samba_enable = "YES"

/etc/ntp.conf


Not configured outside of using same external time server as AD DC

/usr/local/share/samba4/setup/slapd.conf

Default

/usr/local/share/samba4/setup/named.conf

deafault

/etc/namedb/named.conf

default

Thank, You,

Zsolt

Hi Zsolt,

I provided above for those that are relevant.

smb4.conf:

This is working fine as far as it goes but needs refinement:

[global]
  workgroup = TMS3
  security = ADS
  realm = TMS3.COM
  encrypt passwords = yes

#  idmap config DOMAIN : backend = rid
#  idmap config DOMAIN : range = 10000 - 20000
#  idmap config TMS3 : backend = tdb
#  idmap config TMS3:schema_mode = rfc2307
#  idmap config TMS3:range = 10000 - 20000
   idmap config DOMAIN : range = 10000 - 20000
   idmap config DOMAIN : backend = rid
   idmap config * : range = 10000 - 20000
   idmap config * : backend = tdb

#  winbind nss info = rfc2307
  winbind trusted domains only = no
  winbind use default domain = yes
  winbind enum users  = yes
  winbind enum groups = yes
  winbind refresh tickets = Yes
  winbind nested groups = No
#  map untrusted to domain = Yes

  aio read size = 16384
  aio write size = 16384
  aio write behind = false

  client ldap sasl wrapping = seal
  directory name cache size = 0

  nsupdate command = /usr/local/bin/samba-nsupdate -g
  dos filemode = yes
  inherit acls = yes
  inherit permissions = yes
#  log file = /var/log/samba/log.%m
  use sendfile = true
  read raw = yes
  write raw = yes
##############
###Member Server
##############
  preferred master = No
  domain logons =No
  domain master = No



-----Original Message-----
From: smb l. ist [mailto:smblist at tms3labs.com] 
Sent: Monday, June 24, 2013 8:49 PM
To: samba at lists.samba.org
Subject: [Samba] samba 4.0.6 getent group

Hello all listies.

I've got samba4.0.6 running on FreeBSD 9.1.

Joined W2K12 domain as member server.

running getent group I noticed it takes a long time to resolve groups.

The result is correct, but it is inordinately long.

With 3.6.13 on FreeBSD 9.1 the return is nearly instantaneous.

smb4.conf looks like this.

[global]
  workgroup = TMS3
  security = ADS
  realm = TMS3.COM
  encrypt passwords = yes

#  idmap config DOMAIN : backend = rid
#  idmap config DOMAIN : range = 10000 - 20000 #  idmap config TMS3 : backend = tdb #  idmap config TMS3:schema_mode = rfc2307 #  idmap config TMS3:range = 10000 - 20000
   idmap config DOMAIN : range = 10000 - 20000
   idmap config DOMAIN : backend = rid
   idmap config * : range = 10000 - 20000
   idmap config * : backend = tdb

#  winbind nss info = rfc2307
  winbind trusted domains only = no
  winbind use default domain = yes
  winbind enum users  = yes
  winbind enum groups = yes
  winbind refresh tickets = Yes
  winbind nested groups = No
#  map untrusted to domain = Yes

  aio read size = 16384
  aio write size = 16384
  aio write behind = false

  client ldap sasl wrapping = seal
  directory name cache size = 0

  nsupdate command = /usr/local/bin/samba-nsupdate -g
  dos filemode = yes
  inherit acls = yes
  inherit permissions = yes
#  log file = /var/log/samba/log.%m
  use sendfile = true
  read raw = yes
  write raw = yes
##############
###Member Server
##############
  preferred master = No   
  domain logons =No
  domain master = No           




More information about the samba mailing list