[Samba] Problems with Userlogin to share
rpenny at samba.org
Mon Dec 16 08:34:25 UTC 2019
On 16/12/2019 08:16, basti via samba wrote:
> we have a Samba AD (AD Server: 4.9.5 / Fileserver: 4.10.11).
> On the Fileserver sometimes the Users are lost. wbinfo -u does not show
> any AD user. After restart winbind it works like expected.
> An other strange think is, that the kerberos ticket is not updated.
> Smb.conf fileserver:
> security = ADS
> workgroup = FOO
> realm = FOO.EXAMPLE.COM
> log file = /var/log/samba/%m.log
> log level = 3
> idmap config * : backend = tdb
> idmap config * : range = 1000-1005
Interesting, how do you get around 200 users and groups into 5 ?
I also take it that you do not have any local users and groups.
> idmap config FOO:backend = ad
> idmap config FOO:schema_mode = rfc2307
> idmap config FOO:range = 1006-999999
Have you added uidNumber & gidNumber attributes to AD, they are not
> winbind enum users = yes
> winbind enum groups = yes
You do not need the winbind enum lines.
> winbind use default domain = yes
> vfs objects = acl_xattr
> map acl inherit = yes
> store dos attributes = yes
> template shell = /bin/bash
> template homedir = /home/users/%U
> host msdfs = no
> # fix connection lost ?
> client min protocol = SMB2
> client max protocol = SMB2
> # master for doamin
> local master = yes
> os level = 255
> preferred master = yes
Those are for an NT4-style domain, so you should remove them.
To stop the tickets expiring, add: winbind refresh tickets = yes
More information about the samba