[Samba] sometimes users fails to login
rpenny at samba.org
Tue Mar 12 11:14:50 UTC 2019
On Tue, 12 Mar 2019 12:01:08 +0100
Andrea Cucciarre' <acucciarre at cloudian.com> wrote:
> The OS is OmniOS, the DC is Windows Server (not sure about the
> release), and below the smb.conf.
> I have also noted that they have more trusted domains, but since they
> configured ad idmap only for one domain, then all the other domains
> use tdb idmap
They really should set up the trusted domains
> client ldap sasl wrapping = plain
> dedicated keytab file = /etc/krb5.keytab
> disable spoolss = yes
> host msdfs = no
> idmap config * : backend = tdb
> idmap config * : range = 30000-40000
> idmap config * : schema_mode = rfc2307
> idmap config BITINTRA : backend = ad
> idmap config BITINTRA : range = 10000-3001000
Anybody else spot the obvious mistake ?
The '*' & 'BITINTRA' ranges should not overlap.
Never mind overlap, the '*' range fits inside the 'BITINTRA' range.
More information about the samba