[Samba] WinbinD no longer available in Samba 4.7.6
Rowland Penny
rpenny at samba.org
Tue Dec 4 10:17:32 UTC 2018
On Tue, 04 Dec 2018 16:45:43 +0700
Konstantin Boyandin via samba <samba at lists.samba.org> wrote:
>
> Are there possibly missing some winbind settings (the smb.conf has
> been generated by domain upgrade process).
>
Sorry, but I do not believe that is true:
winbind enum users = yes
winbind enum groups = yes
The lines above should only be used for testing purposes, they serve no
other purpose.
winbind nss info = rfc2307
The above line is only any use on a Unix domain member and then, only
before Samba 4.6.0
dns proxy = no
Really, on a DC that relies on DNS ?
tls enabled = yes
tls keyfile = tls/key.pem
tls certfile = tls/cert.pem
tls cafile = tls/ca.pem
tls verify peer = no_check
acl:search = no
They are default settings
passdb backend = tdbsam
Big mistake, you have turned off the correct password database.
obey pam restrictions = yes
Useless on a DC
unix password sync = yes
Extremely useless on a DC, you cannot have Unix users in /etc/passwd
and AD
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:
pam password change = yes
map to guest = bad user
usershare allow guests = yes
Only of real use on a Unix domain member
[profiles]
comment = Users profiles
path = /srv/samba/profiles/
browseable = No
read only = No
force create mode = 0600
force directory mode = 0700
csc policy = disable
store dos attributes = yes
vfs objects = acl_xattr
The above is a cut & paste from here:
https://wiki.samba.org/index.php/Roaming_Windows_User_Profiles
The only problem is, it also tells you, just above that block on the
page, that it doesn't work on an AD DC.
Rowland
More information about the samba
mailing list