[Samba] Fwd: Re: Ressources needed (cpus, ram, etc.) for a Samba server
Edouard Guigné
eguigne at pasteur-cayenne.fr
Wed Apr 10 16:14:35 UTC 2019
Log level to 10 was for debug reasons, I can now surely set to 1 now.
Concerning idmap config IPGAD, I don't see why is the reason to start at 1...
I will set to 10000 as according to the documentation, thank you.
What do you mean by "
You are also using the winbind 'ad' backend, so have you added
anything to AD ?
" ?
Le 10/04/2019 à 12:38, Rowland Penny via samba a écrit :
> On Wed, 10 Apr 2019 12:08:55 -0300
> Edouard Guigné via samba <samba at lists.samba.org> wrote:
>
>> Hello Rowland,
>>
>> Yes, this is an Unix Domain member.
>>
>> Below, my smb.conf :
>>
>> [global]
>> security = ads
>> realm = IPGAD.MYDOMAIN.FR
>> workgroup = IPGAD
>> kerberos method = secrets and keytab
>> server signing = mandatory
>> client signing = mandatory
>> hosts allow = 127. 10.9.X. 10.9.X. 10.9.X. 10.9.4. 10.9.X.
>> hosts deny = 10.9.X. 10.9.X.
>>
>> log file = /var/log/samba/%m.log
>> max log size = 5000
>>
>> log level = 10
>> local master = no
>> domain master = no
>> preferred master = no
>> use sendfile = true
>> load printers = no
>> cups options = raw
>> printcap name = /dev/null
>>
>> disable spoolss = yes
>>
>> vfs objects = acl_xattr
>> map acl inherit = yes
>> store dos attributes = yes
>>
>> idmap config * : backend = tdb
>> idmap config * : range = 15000-99999
>>
>> winbind nss info = rfc2307
>> idmap config IPGAD : backend = ad
>> idmap config IPGAD : schema_mode = rfc2307
>> idmap config IPGAD : range = 1-14999
>> idmap config IPGAD : unix_nss_info = yes
>> idmap config IPGAD : unix_primary_group = yes
>>
>> client min protocol = SMB2
> I have removed all the default lines, but just a couple of questions
> about [global]:
>
> Why have you set the log level to 10 ? this will swamp your logfile.
> Is there some reason why you have started the 'IPGAD' range at '1' ?
> The normal practise is at '10000', also using '1' means that you
> should move everything from /etc/passwd and /etc/group into AD, or to
> put it another way, this is a stupid range.
> You are also using the winbind 'ad' backend, so have you added
> anything to AD ?
> Have you read this:
>
> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
>
> and this:
>
> https://wiki.samba.org/index.php/Idmap_config_ad
>
>> #[myshare]
>> [groups]
>> comment = jaguar2
>> path = /var/datashared
>> public = no
>> writable = yes
>> guest ok = no
> Interesting fact: 'public' is a synonym for 'guest ok', so you don't
> need both and the default for 'guest ok' is 'no', so you don't really
> need either.
>
> Rowland
>
>
More information about the samba
mailing list