[Samba] Invalid zone operation IsSigned ERROR
Rowland Penny
rpenny at samba.org
Tue May 22 16:21:56 UTC 2018
On Tue, 22 May 2018 11:00:05 -0500
rschiefer at suturehealth.com wrote:
> The xxxx.com is just sanitization of our logs/data.
You posted a samba-tool command, the '<http://xxxx.com>' shouldn't be
part of the command.
>
> Here you go:
>
> --------------------------------------------------
> # Global parameters
> [global]
> workgroup = xxxx
> realm = xxxx.com
> netbios name = DC-1
> server role = active directory domain controller
> server services = dns, dnsupdate, drepl, kcc, kdc, ldap,
> cldap, nbt, drepl, wrepl, rpc, s3fs, winbindd
Where did 'ntp_signd' go to ?
Just remove the line and it will come back ;-)
> allow dns updates = nonsecure
> dns forwarder = 8.8.4.4
> idmap_ldb:use rfc2307 = yes
>
> kerberos method = secrets and keytab
> ldap server require strong auth = no
> client ldap sasl wrapping = plain
>
> load printers = no
> printing = bsd
> printcap name = /dev/null
> disable spoolss = yes
>
> logging = syslog at 1
> log level = 1
>
> [netlogon]
> path = /var/lib/samba/sysvol/xxxx.com/scripts
> read only = No
>
> [sysvol]
> path = /var/lib/samba/sysvol
> read only = No
>
> --------------------------------------------------
> # Global parameters
> [global]
> workgroup = xxxx
> realm = xxxx.com
> netbios name = IDENTITY-C01
> server role = active directory domain controller
> dns forwarder = 8.8.8.8
> idman_ldb:use rfc2307 = yes
That should be 'idmap_ldb'
>
> load printers = no
> printing = bsd
> printcap name = /dev/null
> disable spoolss = yes
>
> ldap server require strong auth = no
>
> log level = 1
> syslog = 1
> syslog only = yes
>
> idmap config *:backend = rid
> idmap config *:range = 5000-100000
> #idmap config xxxx:backend = rid
> #idmap config xxxx:range = 2000-999999
> #idmap backend = idmap_rid:xxxx=2000-999999
> #idmap uid = 2000-999900
> #idmap gid = 2000-999999
Remove all the 'idmap config' lines, they have no place on a DC
> winbind use default domain = yes
The above doesn't work on a DC
> winbind enum users = yes
> winbind enum groups = yes
> winbind nested groups = yes
> winbind expand groups = 10
> #winbind refresh tickets = yes
> template homedir = /home/%U
> template shell = /bin/bash
>
> [netlogon]
> path = /var/lib/samba/sysvol/xxxx.com/scripts
> read only = No
>
> [sysvol]
> path = /var/lib/samba/sysvol
> read only = No
>
Rowland
More information about the samba
mailing list