[Samba] AD share not accessible
Benjamin Budts
ben at zentrix.be
Mon Jan 20 02:15:26 MST 2014
Gents,
Could this be the reason I get a timeout while trying to run getent ? the AD
server +500 users and 100's of groups...
winbind enum users and groups should be used with caution in active
directories greater than 200 users or groups, as enumeration is an expensive
process and likely to timeout and cause login failures. during login, the
full passwd and group will be "enumerated" every time from your active
directory server. enumeration is not required for a successful login.
-----Original Message-----
From: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org]
On Behalf Of Benjamin Budts
Sent: maandag 20 januari 2014 0:16
To: samba at lists.samba.org
Subject: Re: [Samba] AD share not accessible
Hi,
Thx Steve for pointing out the overlapping range issue I had in my conf.
I changed the config, but still no success gentent passwd or getent groups
is only showing local users/groups after showing the local users, there
seems to be a timeout of 5 seconds and then back to shell.
Accessing my share with a group that is situated in the group Valid Users
isn't working either. No errors in smb or winbind log. (Although I get an
error output if I make a mistake in my users's password on purpose I see an
errorlog being created. as stated in my first post to the mailinglist) so
there seems to be some form of authentication although I can't find out how
to debug it
My /share has been remounted with ACL too
Any ideas ?
My new config
----
[global]
workgroup = INTRANET
realm = ISPPC.BE
server string = %h
security = ADS
ntlm auth = No
kerberos method = system keytab
log file = /var/log/samba/log.%m
max log size = 1024
client signing = required
server signing = required
client use spnego = No
load printers = No
lm announce = No
dns proxy = No
ldap ssl = no
template homedir = /dev/null
template shell = /bin/true
winbind separator = +
winbind cache time = 5
winbind enum users = Yes
winbind enum groups = Yes
winbind nss info = rfc2307
winbind refresh tickets = Yes
winbind offline logon = Yes
winbind normalize names = Yes
idmap config * : range = 1000000-1999999
idmap config INTRANET:base_rid = 0
idmap config INTRANET:range = 50000-59999
idmap config INTRANET:read only = yes
idmap config INTRANET:backend = rid
idmap config * : backend = tdb
invalid users = root
cups options = raw
[glims_share]
comment = Glims Cluster Share
path = /share
valid users = @INTRANET+GRP_GLIMS_RDS_USERS
read only = No
Cheers,
-----Original Message-----
From: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org]
On Behalf Of steve
Sent: donderdag 16 januari 2014 19:02
To: samba at lists.samba.org
Subject: Re: [Samba] samba linux share vs AD
On Thu, 2014-01-16 at 17:30 +0100, Benjamin Budts wrote:
>
>
> . #getent passwd only shows local users it seems to wait 5
seconds
> after printing the local users and then times out to shell without an
error.
>
>
Your ranges overlap.
idmap config * : range = 1000000-1999999
idmap config INTRANET:range = 60000-50000000
Go for something like * 50000-59999
HTH
Steve
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list