[Samba] Samba 4 AD member loose membership after DC reboot
frank at si.ct.upc.edu
Mon Apr 4 06:25:12 UTC 2022
Francesc Bassas Serramià
Serveis Informàtics Campus Terrassa
C/ Colom 2
08222 Terrassa (Barcelona)
Telèfon : 93.73.98630
El 1/4/22 a les 14:00, samba-request at lists.samba.org ha escrit:
> On Thu, 2022-03-31 at 14:29 +0200, Frank via samba wrote:
>> Hi Rowland,
>> thanks for your quick response.
>> Here it is a member smb.conf:
>> # Global parameters
>> workgroup = UPC-CT
>> realm = UPC-CT.UPC.EDU
>> netbios name = RADI
>> netbios aliases = RADI.UPC.ES RADI.UPC.EDU
> You cannot use netbios aliases on a Unix domain member, use a CNAME
Got it, but I don't understand what you mean by "use a CNAME"
>> security = ADS
>> log level = 5
>> username map = /var/lib/samba/user.map
>> winbind enum users = yes
>> winbind enum groups = yes
> Remove the above two lines when you are sure everything is working
> correctly, they should not be used in production.
Thanks, we will do it.
>> winbind nss info = rfc2307
>> winbind use default domain = Yes
>> winbind refresh tickets = yes
>> winbind offline logon = yes
>> winbind cache time = 60
>> idmap config * : backend = tdb
>> idmap config * : range = 100-499
>> idmap config UPC-CT:backend = ad
>> idmap config UPC-CT:schema_mode = rfc2307
>> idmap config UPC-CT:range = 500-999999
>> idmap config UPC-CT:unix_nss_info = yes
> Was this an upgrade from an NT4-style domain ?
> Even if it was, your '*' range is clobbering local system users.
Yes, you're right. This comes from a Samba 3 PDC/BDC, and that's why
uids are so low.
We realized that was a problem in that it is dangerous to keep it this
way. We are going to plan a progressive uid update with caution in order
not to mess users with repeated uids.
Anyway, could this things you noticed have something to do with the
problem of loosing AD membership after DC rebooting?
Aquest missatge ha estat escanejat per trobar-hi virus i
contingut perillós per MailScanner i es
considera que és net.
More information about the samba