[Samba] 4.4.14 on solaris, using ads, can't read/write as user

francis picabia fpicabia at gmail.com
Thu Jun 29 18:36:15 UTC 2017


On Thu, Jun 29, 2017 at 2:36 PM, Rowland Penny via samba <
samba at lists.samba.org> wrote:

>
>
> Your problems lie here:
>
>    idmap config * : range = 16777216-33554431
>    idmap config * : backend = rid
>
> Why use the range '16777216-33554431' ?
>

On a working Debian system with Samba 4.1, we have things
working OK with:

idmap config MYDOM : range = 70000-9999999999

I started with something like that yesterday, so what you saw today
was leftover guesses on something that might help.



> You cannot use 'rid' with the BUILTIN (*) domain, you should use 'tdb'
>

OK, I've switched it like the tdb example in your link.  Auth and
connection still working.

>
> And the main reason why it isn't working, you need a block for the
> 'MYDOM' domain, see here for more info:
>
> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
>
>
"Block" meaning something like:
[mydom]
in smb.conf?

I am not seeing it at the link.  I have not spotted anything on that page
we are missing other
than mapping the root user, which I'm assuming is optional.

I'm not getting the meaning of "need a block for the MYDOM domain".

Mind blown on the minimal krb5.conf example.  I've never seen one like it
before, but apparently it is enough.

I removed all of the lockdir, statedir and cachedir content and restarted
winbind and samba.

The "main reason" is really what I need to address, if I understood.


More information about the samba mailing list