[Samba] 4.4.14 on solaris, using ads, can't read/write as user
francis picabia
fpicabia at gmail.com
Thu Jun 29 18:36:15 UTC 2017
On Thu, Jun 29, 2017 at 2:36 PM, Rowland Penny via samba <
samba at lists.samba.org> wrote:
>
>
> Your problems lie here:
>
> idmap config * : range = 16777216-33554431
> idmap config * : backend = rid
>
> Why use the range '16777216-33554431' ?
>
On a working Debian system with Samba 4.1, we have things
working OK with:
idmap config MYDOM : range = 70000-9999999999
I started with something like that yesterday, so what you saw today
was leftover guesses on something that might help.
> You cannot use 'rid' with the BUILTIN (*) domain, you should use 'tdb'
>
OK, I've switched it like the tdb example in your link. Auth and
connection still working.
>
> And the main reason why it isn't working, you need a block for the
> 'MYDOM' domain, see here for more info:
>
> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
>
>
"Block" meaning something like:
[mydom]
in smb.conf?
I am not seeing it at the link. I have not spotted anything on that page
we are missing other
than mapping the root user, which I'm assuming is optional.
I'm not getting the meaning of "need a block for the MYDOM domain".
Mind blown on the minimal krb5.conf example. I've never seen one like it
before, but apparently it is enough.
I removed all of the lockdir, statedir and cachedir content and restarted
winbind and samba.
The "main reason" is really what I need to address, if I understood.
More information about the samba
mailing list