[Samba] Samba 4.3.13 logon oddity on Solaris 10
Rowland Penny
rpenny at samba.org
Mon Jul 2 10:55:51 UTC 2018
On Mon, 02 Jul 2018 12:38:54 +0200
Bernd Markgraf <bernd.markgraf at med.ovgu.de> wrote:
> On Mon, 2018-07-02 at 11:30 +0100, Rowland Penny via samba wrote:
>
> > Provided that your users have a uidNumber attribute containing a
> > unique number inside the '10000-999999' range AND Domain Users has a
> > gidNumber attribute containing a number inside the same range, then,
> > yes it is a valid smb.conf. These attributes are not added
> > automatically, you must add them manually.
> Yes all UID/GID numbers stored in the AD user objects are unique and
> start at 10000. Both attributes are set for all users.
>
> > There are lines I would remove though:
> >
> > encrypt passwords = yes # This a default setting
> >
> > winbind enum users = Yes
> > winbind enum groups = Yes # These are not required and can slow
> > things
> > down.
> Thanks, I removed them now.
>
> > kerberos method = system keytab # you shouldn't really have this.
> Removed too. What's wrong with that line? My understanding was that it
> tells samba to use the system's global keytab. I don't see much harm
> in that?
Because you should be using the default 'secrets.tdb', your setting had
turned this off. You only need a separate keytab if there is something
that needs it and, if so, you should use 'kerberos method = secrets and
keytab'
>
> So now that I have a valid smb.conf - the initial problem persists.
> How do I proceed to resolve this issue?
Is there a firewall or similar getting in the way ?
Is the output of 'net ads testjoin' 'Join is OK' ?
Rowland
More information about the samba
mailing list