[Samba] autorid broken in samba 4.9?

Rowland penny rpenny at samba.org
Wed Jun 17 14:20:31 UTC 2020

On 17/06/2020 15:12, Nathaniel W. Turner via samba wrote:
> Yeah. It wasn't clear to me which smb.conf settings were picked up by a
> reload, and which required a restart. Most share configuration changes only
> appear to require a reload, but it seems idmap configuration changes
> require a restart (of the winbind service, at least).
Well, yes that is true, but you normally would only set these once.
>> Why is 'realm' re-writing the smb.conf, this sounds like a major bug to
>> me, perhaps there should either be another switch
>> --smb-conf=do_not_touch, or realm shouldn't touch smb.conf if
>> '--client-software=winbind' is set. The other option is to use what
>> Samba provides: 'net ads join'
> Well, maybe. What 'realm' does here is mostly helpful, as it handles
> changing the security, workgroup, and related values as appropriate for the
> AD domain (and changes them back when you run "realm leave"). But it sets
> suboptimal (IMO) idmap config values, hence the need to rewrite smb.conf
> after the 'realm join'.
OK, back to the 'do not touch smb.conf' switch
> Probably if 'realm' wasn't so 'helpful', you wouldn't have this problem
>> i.e. setup smb.conf before the join, the join doesn't change the
>> smb.conf and everything works first time.
> Yes, I think that's accurate. =)

Someone just needs to convince red hat to do that ;-)


More information about the samba mailing list