On 22/09/2022 21:31, Sonic wrote:> On Thu, Sep 22, 2022 at 2:58 PM Rowland Penny via samba
> <samba at lists.samba.org> wrote:
>> You need to reset the 'idmap config' lines, I presume
'quinine' is the
>> hostname of the Unix domain member, if so, remove the two idmap config
>> lines that mention 'quinine' and I suggest you use the ranges
on the
>> wiki (at least as a starting point) they are known to work.
>
> Those changes made no difference. Same results.
> I think at one time it was recommended to have a range for the local
> host, not sure if it was ever used.
Did you run 'net cache flush' ?
Also, it has never been recommended to have a range for the local host
when running 'security = ADS'
This is my working smb.conf:
[global]
workgroup = SAMDOM
security = ADS
realm = SAMDOM.EXAMPLE.COM
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
server string = Samba Client %h
winbind use default domain = yes
winbind expand groups = 2
winbind refresh tickets = Yes
disable netbios = yes
dns proxy = no
idmap config * : backend = tdb
idmap config * : range = 3000-7999
idmap config SAMDOM : backend = rid
idmap config SAMDOM : range = 10000-999999
template shell = /bin/bash
template homedir = /home/%U
# user Administrator workaround, without it you are unable to set
privileges
username map = /etc/samba/user.map
vfs objects = acl_xattr
map acl inherit = Yes
# Comment the following 4 lines to act as a print server
printcap name = /dev/null
load printers = no
disable spoolss = yes
printing = bsd
# logging
log level = 3
log file = /var/log/samba/%m.log
logging = file
min domain uid = 0
host msdfs = yes
map to guest = bad user
Rowland