Francesc Bassas Serrami? Serveis Inform?tics Campus Terrassa C/ Colom 2 08222 Terrassa (Barcelona) Tel?fon : 93.73.98630 https://serveis.terrassa.upc.edu/sict El 1/4/22 a les 14:00, samba-request at lists.samba.org ha escrit:> On Thu, 2022-03-31 at 14:29 +0200, Frank via samba wrote: >> Hi Rowland, >> >> thanks for your quick response. >> >> Here it is a member smb.conf: >> >> # Global parameters >> [global] >> workgroup = UPC-CT >> realm = UPC-CT.UPC.EDU >> netbios name = RADI >> netbios aliases = RADI.UPC.ES RADI.UPC.EDU > You cannot use netbios aliases on a Unix domain member, use a CNAME > instead.Got it, but I don't understand what you mean by "use a CNAME"> >> security = ADS >> >> log level = 5 >> username map = /var/lib/samba/user.map >> >> winbind enum users = yes >> winbind enum groups = yes > Remove the above two lines when you are sure everything is working > correctly, they should not be used in production.Thanks, we will do it.> >> winbind nss info = rfc2307 >> winbind use default domain = Yes >> winbind refresh tickets = yes >> winbind offline logon = yes >> winbind cache time = 60 >> >> idmap config * : backend = tdb >> idmap config * : range = 100-499 >> idmap config UPC-CT:backend = ad >> idmap config UPC-CT:schema_mode = rfc2307 >> idmap config UPC-CT:range = 500-999999 >> idmap config UPC-CT:unix_nss_info = yes > Was this an upgrade from an NT4-style domain ? > Even if it was, your '*' range is clobbering local system users. > > RowlandYes, you're? right. This comes from a Samba 3 PDC/BDC, and that's why uids are so low. We realized that was a problem in that it is dangerous to keep it this way. We are going to plan a progressive uid update with caution in order not to mess users with repeated uids. Anyway, could this things you noticed have something to do with the problem of loosing AD membership after DC rebooting? Frank -- Aquest missatge ha estat escanejat per trobar-hi virus i contingut perill?s per MailScanner i es considera que ?s net.