[Samba] Access to sharing by hostname but not by its IP

Rowland Penny rpenny at samba.org
Tue Jul 25 13:44:13 UTC 2017

On Tue, 25 Jul 2017 14:52:37 +0200
Marc-Henri Pamiseux via samba <samba at lists.samba.org> wrote:

Just a few comments on your smb.conf:

>         password server = hera.local.mydomain

You should remove the above line, Samba will find the best DC to use.

>         encrypt passwords = Yes

The above line is a default and as such could be removed.
>         idmap config * : backend = tdb
>         idmap config * : range = 950-999

The '*' domain is for the Well Know SIDs and anything outside the
'MYDOMAIN' domain, there are 96 Well known SIDS, therefore your range
isn't big enough.

>         idmap config MYDOMAIN:backend  = ad
>         idmap config MYDOMAIN:range  = 1000-3000300

By using a 'domain range that starts at '1000' means that you cannot
have ANY local Unix users.

>         idmap config MYDOMAIN:unix_nss_info = yes
>         idmap config MYDOMAIN:schema_mode = rfc2307
>         idmap config MYDOMAIN:unix_primary_group = yes

Do the users groups exist with a gidNumber inside '1000-3000300' ?

>         vfs objects = acl_xattr dfs_samba4

Why are you using 'dfs_samba4' ?

As for the shares, you would be better setting the permissions from
windows, see here:



More information about the samba mailing list