Am 2017-12-04 um 13:22 schrieb Rowland Penny via samba:> There doesn't seem to anything really wrong with the smb.conf, unless > you are running a version of Samba from 4.6.0, see here for how to set > up idmap now: > > https://wiki.samba.org/index.php/Idmap_config_adSo that seems to hit it, we run 4.6.11 and still winbind nss info = rfc2307 That has to be edited if I interpret correctly. Is that a "dangerous" change? Should it be done with no users connected or with all daemons restarted after the change? thanks, Stefan
On Mon, 4 Dec 2017 13:41:32 +0100 "Stefan G. Weichinger via samba" <samba at lists.samba.org> wrote:> Am 2017-12-04 um 13:22 schrieb Rowland Penny via samba: > > > There doesn't seem to anything really wrong with the smb.conf, > > unless you are running a version of Samba from 4.6.0, see here for > > how to set up idmap now: > > > > https://wiki.samba.org/index.php/Idmap_config_ad > > So that seems to hit it, we run 4.6.11 and still > > winbind nss info = rfc2307 > > That has to be edited if I interpret correctly. > > Is that a "dangerous" change? Should it be done with no users > connected or with all daemons restarted after the change? > > thanks, Stefan >I wouldn't call it dangerous, but you will have to either reload or restart the samba daemons, so probably best done when no one is connected. Rowland
Am 2017-12-04 um 13:55 schrieb Rowland Penny via samba:> On Mon, 4 Dec 2017 13:41:32 +0100 > "Stefan G. Weichinger via samba" <samba at lists.samba.org> wrote: > >> Am 2017-12-04 um 13:22 schrieb Rowland Penny via samba: >> >>> There doesn't seem to anything really wrong with the smb.conf, >>> unless you are running a version of Samba from 4.6.0, see here for >>> how to set up idmap now: >>> >>> https://wiki.samba.org/index.php/Idmap_config_ad >> >> So that seems to hit it, we run 4.6.11 and still >> >> winbind nss info = rfc2307 >> >> That has to be edited if I interpret correctly. >> >> Is that a "dangerous" change? Should it be done with no users >> connected or with all daemons restarted after the change? >> >> thanks, Stefan >> > > I wouldn't call it dangerous, but you will have to either reload or > restart the samba daemons, so probably best done when no one is > connected.ok, will do so, thanks. Do you think that my current mis-config leads to the GID-full-issue as described? Is there a valid explanation for this? Just curious.