[Samba] security = ads parameter not working in samba 4.9.5
Rowland penny
rpenny at samba.org
Sat May 1 17:54:25 UTC 2021
On 01/05/2021 18:14, Sac Isilia wrote:
> Hi Rowland,
>
> This is in continuation of the same issue that somehow got resolved
> two years ago but has now again popped up. Below is the right smb.conf
> that worked for Debian 10 machine but now failing on Ubuntu 18. I
> have done all the edits as suggested in the trail mail and have gone
> through again and again but winbind service fails to start if i put
> "security = ADS" in smb.conf.
>
You are now using Samba 4.7.6
I would remove these packages, they are only required for the MIT
kerberos kdc that I hope you are not running on your Unix domain member:
krb5-auth-dialog
krb5-gss-samples
krb5-k5tls
krb5-kdc
krb5-multidev
krb5-otp
krb5-pkinit
krb5-strength
krb5-sync-plugin
krb5-sync-tools
You also do not seem to have the 'samba' package installed, unless you
missed it of the list.
Finally, your main problem was explained to you with this line:
ERROR: Do not use the 'ad' backend as the default idmap backend!
Replace these lines:
idmap config * : range = 10000-9999999
idmap config * : backend = ad
With something like these:
idmap config * : backend = tdb
idmap config * : range = 7000-9999
idmap config EMEA-MEDIA : backend = ad
idmap config EMEA-MEDIA : range = 10000-9999999
Rowland
More information about the samba
mailing list