[Samba] Fwd: Re: Ressources needed (cpus, ram, etc.) for a Samba server
rpenny at samba.org
Wed Apr 10 15:38:12 UTC 2019
On Wed, 10 Apr 2019 12:08:55 -0300
Edouard Guigné via samba <samba at lists.samba.org> wrote:
> Hello Rowland,
> Yes, this is an Unix Domain member.
> Below, my smb.conf :
> security = ads
> realm = IPGAD.MYDOMAIN.FR
> workgroup = IPGAD
> kerberos method = secrets and keytab
> server signing = mandatory
> client signing = mandatory
> hosts allow = 127. 10.9.X. 10.9.X. 10.9.X. 10.9.4. 10.9.X.
> hosts deny = 10.9.X. 10.9.X.
> log file = /var/log/samba/%m.log
> max log size = 5000
> log level = 10
> local master = no
> domain master = no
> preferred master = no
> use sendfile = true
> load printers = no
> cups options = raw
> printcap name = /dev/null
> disable spoolss = yes
> vfs objects = acl_xattr
> map acl inherit = yes
> store dos attributes = yes
> idmap config * : backend = tdb
> idmap config * : range = 15000-99999
> winbind nss info = rfc2307
> idmap config IPGAD : backend = ad
> idmap config IPGAD : schema_mode = rfc2307
> idmap config IPGAD : range = 1-14999
> idmap config IPGAD : unix_nss_info = yes
> idmap config IPGAD : unix_primary_group = yes
> client min protocol = SMB2
I have removed all the default lines, but just a couple of questions
Why have you set the log level to 10 ? this will swamp your logfile.
Is there some reason why you have started the 'IPGAD' range at '1' ?
The normal practise is at '10000', also using '1' means that you
should move everything from /etc/passwd and /etc/group into AD, or to
put it another way, this is a stupid range.
You are also using the winbind 'ad' backend, so have you added
anything to AD ?
Have you read this:
> comment = jaguar2
> path = /var/datashared
> public = no
> writable = yes
> guest ok = no
Interesting fact: 'public' is a synonym for 'guest ok', so you don't
need both and the default for 'guest ok' is 'no', so you don't really
More information about the samba