[Samba] rights -- structures

Rowland penny rpenny at samba.org
Mon Dec 14 09:00:41 UTC 2020

On 14/12/2020 08:45, Maurizio Caloro wrote:
>> First, the workgroup cannot be the same as the realm and the realm must be
> the dns domain name in uppercase. By default the workgroup name is the
> lefthand portion of the realm (in your case 'CARAG'), but it can be anything
> and it >must not contain dots. If your TLD is '.local' then it really
> shouldn't be and you will have to turn off Avahi
>> You also seem to not have any 'idmap config' lines, are you using sssd or
> similar ?
>> Rowland
> Thanks for you quick Answer!
> Add this to smb.conf
>   [global]
>          realm = CARAG.LOCAL
>          workgroup = CARAG
>          netbios name = SRVCAR005
>          security = domain

Why have you jumped to 'domain' from 'ADS' ?

'domain' is used with an NT4-style domain and 'ADS' is used with an 'AD'  
domain, what do you have ?

>          vfs objects = acl_xattr
>          idmap config * : backend = tdb
>          idmap config * : range 10000-199999
Do you really need such a large range for the default domain, bearing in  
mind that it is mostly for the well known SIDS and there are less than  
two hundred of those.
>          idmap config DOMAIN : backend = autorid
Why 'autorid' ? do you have more than one domain ? and if you are using  
autorid then you don't need the default ('*') domain lines, it includes  

Are you starting winbind before smbd ?


More information about the samba mailing list