[Samba] idmap_ad problem and workaround
Rowland penny
rpenny at samba.org
Tue Jan 26 21:17:32 UTC 2016
On 26/01/16 20:44, Joe Maloney wrote:
> The DC's are running Windows Server 2012R2. The directory itself has
> RFC2307 attributes. The file servers are running FreeBSD with Samba
> 4.1. These are just member servers not joined as domain controllers.
> I have tried to upgrade to samba 4.2, and samba 4.3 as a test with no
> difference. Here is a peak at the smb4.conf via pastebin.
>
> http://pastebin.com/Ai14LREW
>
> Joe Maloney
>
OK, try adding these two lines:
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
It may be that you are having kerberos problems and your tickets are
expiring, check if /etc/krb5.keytab exists, you may have to re-join the
domain member to the server.
I would also suggest you add these two lines:
vfs objects = acl_xattr
map acl inherit = yes
Rowland
More information about the samba
mailing list