[Samba] samba 4.5.0 on hpux ia64: smbd not able to use domain users for file sharing
Rowland Penny
rpenny at samba.org
Wed Dec 21 12:03:32 UTC 2016
On Wed, 21 Dec 2016 17:18:11 +0530
Arjit Gupta <arjitk.gupta at gmail.com> wrote:
> Hi Rowland,
>
> *After stopping **pwgr daemon* we are able to access the domain user
> as expected.
>
> Below is the smb.conf file used.
>
> mach# ./testparm -s
> Load smb config files from /etc/opt/samba/smb.conf
> rlimit_max: increasing rlimit_max (2048) to minimum Windows limit
> (16384) Processing section "[tmp]"
> Loaded services file OK.
> Processing comments in /etc/opt/samba/smb.conf
> Server role: ROLE_DOMAIN_MEMBER
>
> # Global parameters
> [global]
> realm = CIFSDOM.COM
> workgroup = CIFSDOM
> allow dns updates = disabled
> client ldap sasl wrapping = plain
> log file = /var/log/samba/%m.log
> security = ADS
> username map = /etc/opt/samba/users.map
> template homedir = /home/%U
> template shell = /sbin/false
> winbind enum groups = Yes
> winbind enum users = Yes
> winbind separator = /
> idmap config CIFSDOM:range = 500-99999
> idmap config CIFSDOM:backend = rid
> idmap config *:range = 500-9999
> idmap config * : backend = tdb
>
>
> [tmp]
> comment = Temporary file space
> path = /tmp
> read only = No
>
> Please suggest pointers what might be causing the issue with pwgr
> daemon.
>
OK, I am not a hpux user, so have no idea what the 'pwgr daemon' is or
does ;-)
What I can tell you is:
'allow dns updates = disabled' should only be used in an AD DC smb.conf
The 'winbind enum' lines should only be set to yes for testing purposes
The most important 'wrong' thing is, the 'idmap config' ranges MUST not
overlap.
I would also change the '*' domain range from '500-9999', with this
setting you are not allowing anywhere for local Unix users, the same
goes for the 'CIFSDOM' range. Can I suggest you follow the Samba wiki
examples and use '2000-9999' for the '*' domain and '10000-99999' for
the 'CIFSDOM' range.
More information about the samba
mailing list