[Samba] Setup a new samba AD DC
Rowland Penny
rpenny at samba.org
Tue Apr 25 16:53:41 UTC 2017
On Tue, 25 Apr 2017 18:29:47 +0200
Dario Lesca via samba <samba at lists.samba.org> wrote:
>
> Another questions:
>
> Where is the better place to set:
>
> - logon script = netlogon.bat
> and other logon options
Actually the best place to set them is per user in AD.
>
> - wins support = yes
No where, AD uses DNS instead
>
> - load printers = yes
On the computer that you want to be a print server, in your case
probably the member server.
> I have join a samba server to AD with success.
>
> This is my member server smb.conf
>
> password server = fedora-addc.solinos.loc
Can I suggest you remove the above line, the domain member should find
it via dns
> winbind enum users = yes
> winbind enum groups = yes
You should remove the 'winbind enum' lines, you do not need them
>
> store dos attributes = yes
You should also add:
vfs objects = acl_xattr
map acl inherit = Yes
> this my /etc/krb5.conf
You only actually need:
> > [libdefaults]
> > default_realm = SOLINOS.LOC
> > dns_lookup_realm = false
> > dns_lookup_kdc = true
>
> I have start with "idmap config * : range = 16777216-33554431" (now
> commented) then I have change it to new per domain value.
>
> I must to reset some cache? How to reset the local ID?
>
> If I check the user still have the old id mapping (I believe)
Run 'net cache flush'
Rowland
More information about the samba
mailing list