debian 10: I can not integrate a linux machine into a Samba Ad
Rowland Penny
rpenny at samba.org
Thu May 9 08:25:18 UTC 2019
See inline comments:
On Thu, 9 May 2019 09:29:05 +0200
nathalie ramat via samba-technical <samba-technical at lists.samba.org>
wrote:
> I configured smb.conf at my server :
Er, no, you misconfigured your smb.conf on the DC ;-)
> # global parameters
> [global]
> winbind enum users = yes
> winbind enum groups = yes
> winbind use default domain = yes
> winbind separator = /
> idmap config *:backend = tdb
> idmap config *:range = 1000-19000éré correctement semble-t-il.
> host msdfs = no
> security = user
> name resolve order = host
> # ntlm auth = yes
> # raw NTLMV2 auth = yes
> # lanman auth =yes
> # vfs objects = acl_xattr
> map acl inherit = Yes
> # store dos attributes = Yes
I would suggest you remove the above lines, they either have no place
in A Samba AD DC or slow things down.
> and my linux user :
>
> [global]
> security = ads
> realm = lenzspitze.calais.fr
Change the realm to uppercase
> workgroup = LENZSPITZE
> netbios name = testbugster
> winbind separator = /
> ntlm auth = yes
> idmap uid = 0-50000
> idmap gid = 0-50000
No, that's the old way of doing things
> winbind enum users = yes
> winbind enum groups = yes
Once everything is working, remove the two lines above, they are only
required for testing purposes.
> idmap config LENZSPITZE : backend = rid
> idmap config LENZSPITZE : base_rid = 0
You do not have to set the base_rid, but what you do have to do, set
the 'idmap config' lines. See here:
https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
Finally, you really should have posted this to the samba mailing list,
not to the samba-technical list
Rowland
More information about the samba-technical
mailing list