Hello,
I followed your advice and therefore deactivated the sssd service and
therefore the ldap client.
The NFS and samba file services are still operational.
How to optimize idmap range values?
Arnaud
Le 02/04/2024 ? 10:27, Rowland Penny via samba a ?crit?:> On Tue, 2 Apr 2024 09:44:35 +0200
> Arnaud Bougeard via samba <samba at lists.samba.org> wrote:
>
>> Why do you tell me I am using SMBv1? I can't see any parameter to
set
>> it ?
>
> I never said you were using SMBv1, I said running an NT4-style domain
> requires SMBv1.
>
>>
>> For idmapping, I'm afraid of side effects in the long term, my
server
>> being in AD, should I ignore the ldap in my smb.conf?
>> Which lines would you recommend removing or adding?
>
> It all depends on what you mean by 'ldap'.
> If you are referring to an ldap server running on the same machine as
> your AD, then turn the ldap off, in my opinion, you cannot use Samba as
> a member of an AD domain and also run an ldap server on the same
> machine.
>
> What you can do is, run an AD DC somewhere on one machine, run Linux
> clients as Unix domain members using the AD DC as their server. You
> could then run your 'ldap' on another machine (not an AD DC or Unix
> domain member) and sync this from AD.
> A better idea (because ldap is a vital part of AD) would be to use the
> AD domain as an ldap server and store everything in AD.
> This what was behind the creation of AD, a single (all be it on
> multiple DCs) point of maintenance.
>
> This is just my opinion, but I wish universities would come into the
> 21st century.
>
> Rowland
>