[Samba] samba 4.5.0 on hpux ia64: smbd not able to use domain users for file sharing

Arjit Gupta arjitk.gupta at gmail.com
Wed Dec 21 13:25:32 UTC 2016 

Hi Rowland,

Below is the man page for pwgrd deamon.

http://nixdoc.net/man-pages/HP-UX/pwgrd.1m.html


Thanks for suggesting the changes in smb..conf as of now we are using above
for testing purpose only.
I have corrected your suggestion still i am having the same issue.



Arjit Kumar


On Wed, Dec 21, 2016 at 5:33 PM, Rowland Penny via samba <
samba at lists.samba.org> wrote:

> On Wed, 21 Dec 2016 17:18:11 +0530
> Arjit Gupta <arjitk.gupta at gmail.com> wrote:
>
> > Hi Rowland,
> >
> > *After stopping **pwgr daemon* we are able to access the domain user
> > as expected.
> >
> > Below is the smb.conf file used.
> >
> > mach# ./testparm -s
> > Load smb config files from /etc/opt/samba/smb.conf
> > rlimit_max: increasing rlimit_max (2048) to minimum Windows limit
> > (16384) Processing section "[tmp]"
> > Loaded services file OK.
> > Processing comments in /etc/opt/samba/smb.conf
> > Server role: ROLE_DOMAIN_MEMBER
> >
> > # Global parameters
> > [global]
> >         realm = CIFSDOM.COM
> >         workgroup = CIFSDOM
> >         allow dns updates = disabled
> >         client ldap sasl wrapping = plain
> >         log file = /var/log/samba/%m.log
> >         security = ADS
> >         username map = /etc/opt/samba/users.map
> >         template homedir = /home/%U
> >         template shell = /sbin/false
> >         winbind enum groups = Yes
> >         winbind enum users = Yes
> >         winbind separator = /
> >         idmap config CIFSDOM:range = 500-99999
> >         idmap config CIFSDOM:backend = rid
> >         idmap config *:range = 500-9999
> >         idmap config * : backend = tdb
> >
> >
> > [tmp]
> >         comment = Temporary file space
> >         path = /tmp
> >         read only = No
> >
> > Please suggest pointers what might be causing the issue with pwgr
> > daemon.
> >
>
> OK, I am not a hpux user, so have no idea what the 'pwgr daemon' is or
> does ;-)
>
> What I can tell you is:
>
> 'allow dns updates = disabled' should only be used in an AD DC smb.conf
>
> The 'winbind enum' lines should only be set to yes for testing purposes
>
> The most important 'wrong' thing is, the 'idmap config' ranges MUST not
> overlap.
> I would also change the '*' domain range from '500-9999', with this
> setting you are not allowing anywhere for local Unix users, the same
> goes for the 'CIFSDOM' range. Can I suggest you follow the Samba wiki
> examples and use '2000-9999' for the '*' domain and '10000-99999' for
> the 'CIFSDOM' range.
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list