[Samba] Samba 4.3.13 logon oddity on Solaris 10
Rowland Penny
rpenny at samba.org
Mon Jul 2 10:30:50 UTC 2018
On Mon, 02 Jul 2018 12:04:10 +0200
Bernd Markgraf <bernd.markgraf at med.ovgu.de> wrote:
> Do you agree that this is a valid smb.conf that should work:
> [global]
> security = ADS
> encrypt passwords = yes
> workgroup = MD-DZNE
> realm = MAGDEBURG.DZNE.DS
>
> log file = /opt/samba4/var/log/%m.log
> log level = 1
>
> idmap config *:backend = tdb
> idmap config *:range = 3000-7999
> idmap config MD-DZNE:backend = ad
> idmap config MD-DZNE:schema_mode = rfc2307
> idmap config MD-DZNE:range = 10000-999999
>
> winbind nss info = rfc2307
> winbind use default domain = yes
> winbind enum users = Yes
> winbind enum groups = Yes
> kerberos method = system keytab
>
Provided that your users have a uidNumber attribute containing a unique
number inside the '10000-999999' range AND Domain Users has a gidNumber
attribute containing a number inside the same range, then, yes it is a
valid smb.conf. These attributes are not added automatically, you must
add them manually.
There are lines I would remove though:
encrypt passwords = yes # This a default setting
winbind enum users = Yes
winbind enum groups = Yes # These are not required and can slow things
down.
kerberos method = system keytab # you shouldn't really have this.
Rowland
More information about the samba
mailing list