[Samba] winbind behavior question
d tbsky
tbskyd at gmail.com
Sun Jul 22 09:44:17 UTC 2018
2018-07-19 23:59 GMT+08:00 Rowland Penny via samba <samba at lists.samba.org>:
>
> Please see inline comments.
>
> On Thu, 19 Jul 2018 23:44:48 +0800
> d tbsky <tbskyd at gmail.com> wrote:
>
>> thanks a lot for the quick help. I remember in old days it happened
>> sometimes. but after upgrade rhel 7.5 (from samba 4.6.x to 4.7.1) and
>> samba DC 4.7/4.8 it now happens every time.
>> below is the smb.conf configuration from member server
>>
>> [global]
>> workgroup = SAMDOM
>> netbios name = backup
>> realm = AD.SAMDOM.EXAMPLE.COM
>> security = ads
>>
>> idmap backend = tdb
>
> Remove the above line
>
>> idmap config *:backend = tdb
>> idmap config *:range = 1000000-1999999
>>
>> idmap config SAMDOM:backend = ad
>> idmap config SAMDOM:default = yes
>
> You do not need the above line.
>
>> idmap config SAMDOM:range = 1000-999999
>> idmap config SAMDOM:schema_mode = rfc2307
>>
>> winbind enum users = yes
>> winbind enum groups = yes
>> winbind nested groups = no
>> winbind use default domain = yes
>> winbind offline logon = no
>
> You do not need the above line.
>
> I know you said in your other email that you are using samba-tool to
> create the users, but how, please provide an example.
>
Hi:
sorry for the late reply. I was busy downgrade/upgrade samba
versions of dc and member servers. try to tune the configuration and
watch the log. today I gave up RHEL samba 4.6.x and 4.7.1 rpms and
recompile samba of member servers myself. both 4.7.1 and 4.7.8 are
working fine.
so there are some problems with recent RHEL samba packages,
although they work fine years ago. maybe mit kerberos or some other
issue I don't know(is samba file server without ad-dc also infected by
kerberos type?). I will try to report to RedHat bugzilla.
thanks a lot for your help!
More information about the samba
mailing list