[Samba] samba crashes windows explorer (while trying to view file permissions)

[Rowland Penny]

On 21/11/2022 06:26, Michael Tokarev via samba wrote:
> 19.11.2022 18:57, Michael Tokarev via samba wrote:
> ..
>> I *think* this is "winbind nss info = rfc2307" setting.   With this one,
>> I *have* to configure gidNumbers for every group in the AD.  But these
>> groups are *not* propagated into winbindd even after multiple 
>> reload-config and
>> net cache flush, some *time* have to pass...
> 
> So, the problem was with winbind nss info = rfc2307.  And commenting it out
> in smb.conf and doing 'smbcontrol all reload-config' does not change 
> things,
> this is why it took so long to find out.  After restarting whole thing, the
> changes do take effect and becomes visible.
> 
> It looks like quite some things needs to be changed here.
> 
> And it looks like DC mode is significantly different from other modes, 
> where
> many parameters described in the man page work differently, does not 
> work at
> all, or just break other things.
> 
> All these little discrepancies, while not bad when is faced 
> independently, when
> happens all together, makes samba to look like very unreliable thing.
> 
> /mjt
> 

There are numerous problems with using a Samba AD DC as a fileserver, 
one of which is that it uses a totally different idmapping system than 
any other Samba machine. This means that you cannot use any of the 
parameters that you would use on a Unix domain member. I have seen users 
attempt to use the 'idmap config' lines, but they usually have no 
effect, I cannot remember the use of 'winbind nss info' before, but 
again, the winbind  lines mostly have no effect.

The top and bottom of it is, do not use a Samba AD DC as a fileserver, 
but if you do, do not attempt to set it up like a Unix domain member.

I suggest you read this:

https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller#Using_the_Domain_Controller_as_a_File_Server_.28Optional.29

Rowland