[Samba] Samba 4 AD member loose membership after DC reboot
Rowland Penny
rpenny at samba.org
Thu Mar 31 13:56:14 UTC 2022
On Thu, 2022-03-31 at 14:29 +0200, Frank via samba wrote:
> Hi Rowland,
>
> thanks for your quick response.
>
> Here it is a member smb.conf:
>
> # Global parameters
> [global]
> workgroup = UPC-CT
> realm = UPC-CT.UPC.EDU
> netbios name = RADI
> netbios aliases = RADI.UPC.ES RADI.UPC.EDU
You cannot use netbios aliases on a Unix domain member, use a CNAME
instead.
> security = ADS
>
> log level = 5
> username map = /var/lib/samba/user.map
>
> winbind enum users = yes
> winbind enum groups = yes
Remove the above two lines when you are sure everything is working
correctly, they should not be used in production.
> winbind nss info = rfc2307
> winbind use default domain = Yes
> winbind refresh tickets = yes
> winbind offline logon = yes
> winbind cache time = 60
>
> idmap config * : backend = tdb
> idmap config * : range = 100-499
> idmap config UPC-CT:backend = ad
> idmap config UPC-CT:schema_mode = rfc2307
> idmap config UPC-CT:range = 500-999999
> idmap config UPC-CT:unix_nss_info = yes
Was this an upgrade from an NT4-style domain ?
Even if it was, your '*' range is clobbering local system users.
Rowland
More information about the samba
mailing list