[Samba] Fwd: Re: Ressources needed (cpus, ram, etc.) for a Samba server

Edouard Guigné eguigne at pasteur-cayenne.fr
Wed Apr 10 16:14:35 UTC 2019 

Log level to 10 was for debug reasons, I can now surely set to 1 now.
Concerning idmap config IPGAD, I don't see why is the reason to start at 1...
I will set to 10000 as according to the documentation, thank you.

What do you mean by "
You are also using the winbind 'ad' backend, so have you added
anything to AD ?
" ?


Le 10/04/2019 à 12:38, Rowland Penny via samba a écrit :
> On Wed, 10 Apr 2019 12:08:55 -0300
> Edouard Guigné via samba <samba at lists.samba.org> wrote:
>
>> Hello Rowland,
>>
>> Yes, this is an Unix Domain member.
>>
>> Below, my smb.conf :
>>
>> [global]
>>       security = ads
>>       realm = IPGAD.MYDOMAIN.FR
>>       workgroup = IPGAD
>>       kerberos method = secrets and keytab
>>       server signing = mandatory
>>       client signing = mandatory
>>       hosts allow = 127. 10.9.X. 10.9.X. 10.9.X. 10.9.4. 10.9.X.
>>       hosts deny = 10.9.X. 10.9.X.
>>
>>       log file = /var/log/samba/%m.log
>>       max log size = 5000
>>
>>       log level = 10
>>       local master = no
>>       domain master = no
>>       preferred master = no
>>       use sendfile = true
>>       load printers = no
>>       cups options = raw
>>       printcap name = /dev/null
>>
>>      disable spoolss = yes
>>
>>       vfs objects = acl_xattr
>>       map acl inherit = yes
>>       store dos attributes = yes
>>
>>      idmap config * : backend = tdb
>>      idmap config * : range = 15000-99999
>>
>>       winbind nss info = rfc2307
>>       idmap config IPGAD : backend = ad
>>       idmap config IPGAD : schema_mode = rfc2307
>>       idmap config IPGAD : range = 1-14999
>>       idmap config IPGAD : unix_nss_info = yes
>>       idmap config IPGAD : unix_primary_group = yes
>>
>>       client min protocol = SMB2
> I have removed all the default lines, but just a couple of questions
> about [global]:
>
> Why have you set the log level to 10 ? this will swamp your logfile.
> Is there some reason why you have started the 'IPGAD' range at '1' ?
> The normal practise is at '10000', also using '1' means that you
> should move everything from /etc/passwd and /etc/group into AD, or to
> put it another way, this is a stupid range.
> You are also using the winbind 'ad' backend, so have you added
> anything to AD ?
> Have you read this:
>
> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
>
> and this:
>
> https://wiki.samba.org/index.php/Idmap_config_ad
>
>> #[myshare]
>> [groups]
>>     comment = jaguar2
>>     path = /var/datashared
>>     public = no
>>     writable = yes
>>     guest ok = no
> Interesting fact: 'public' is a synonym for 'guest ok', so you don't
> need both and the default for 'guest ok' is 'no', so you don't really
> need either.
>
> Rowland
>
>

More information about the samba mailing list