Hi Rowland, here is my config file.
# Global parameters
[global]
bind interfaces only = Yes
config backend = file
dos charset = CP850
enable core files = Yes
interfaces = enp3s0 lo0
multicast dns register = Yes
netbios aliases netbios name = PDC-SRV
netbios scope realm server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
drepl,
winbindd, ntp_signd, kcc, dnsupdate, dns
server string = PDC Domain Controller
share backend = classic
unix charset = UTF8
workgroup = MYDOMAIN
browse list = Yes
domain master = Yes
enhanced browsing = Yes
lm announce = Auto
lm interval = 60
local master = Yes
os level = 20
preferred master = Yes
allow dns updates = secure only
dns forwarder dns update command = /usr/sbin/samba_dnsupdate
machine password timeout = 604800
nsupdate command = /usr/bin/nsupdate -g
rndc command = /usr/sbin/rndc
spn update command = /usr/sbin/samba_spnupdate
mangle prefix = 1
mangling method = hash2
max stat cache size = 256
stat cache = Yes
client ldap sasl wrapping = sign
ldap admin dn = cn=root,dc=MYDOMAIN,dc=com
ldap connection timeout = 2
ldap delete dn = No
ldap deref = auto
ldap follow referral = Auto
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
ldap machine suffix = ou=Computers
ldap page size = 1000
ldap passwd sync = yes
ldap replication sleep = 1000
ldap server require strong auth = Yes
ldap ssl = no
ldap ssl ads = No
ldap suffix = dc=MYDOMAIN,dc=com
ldap timeout = 15
ldap user suffix = ou=Users
lock spin time = 200
oplock break wait time = 0
smb2 leases = Yes
debug class = No
debug hires timestamp = Yes
debug pid = No
debug prefix timestamp = No
debug uid = No
ldap debug level = 0
ldap debug threshold = 10
log file = /var/log/samba/%m.log
logging log level = 2
max log size = 2048
syslog = 1
syslog only = No
timestamp logs = Yes
abort shutdown script add group script = /usr/sbin/smbldap-groupadd -p %g
add machine script = /usr/sbin/smbldap-useradd -w %u
add user script = /usr/sbin/smbldap-useradd -m %u
add user to group script = /usr/sbin/smbldap-groupmod -m %u %g
allow nt4 crypto = No
delete group script = /usr/sbin/smbldap-groupdel %g
delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g
delete user script = /usr/sbin/smbldap-userdel %u
domain logons = Yes
enable privileges = Yes
init logon delay = 100
init logon delayed hosts logon drive logon home logon path logon script reject
md5 clients = No
set primary group script = /usr/sbin/smbldap-usermod -g %g %u
shutdown script add share command afs token lifetime = 604800
afs username map allow insecure wide links = No
async smb echo handler = No
auto services cache directory = /var/lib/samba
change notify = Yes
change share command cluster addresses clustering = No
config file ctdbd socket ctdb locktime warn threshold = 0
ctdb timeout = 0
default service delete share command homedir map = auto.home
kernel change notify = Yes
lock directory = /var/lib/samba/lock
log writeable files on exit = No
message command nbt client socket address = 0.0.0.0
ncalrpc dir = /run/samba/ncalrpc
NIS homedir = No
nmbd bind explicit broadcast = Yes
panic action perfcount module pid directory = /run
registry shares = No
remote announce = 192.168.1.255
remote browse sync reset on zero vc = No
smbd profiling level = off
state directory = /var/lib/samba
usershare allow guests = No
usershare max shares = 0
usershare owner only = Yes
usershare path = /var/lib/samba/usershares
usershare prefix allow list usershare prefix deny list usershare template share
utmp = No
utmp directory wtmp directory addport command addprinter command cups connection
timeout = 30
cups encrypt = No
cups server deleteprinter command disable spoolss = No
enumports command iprint server load printers = No
lpq cache time = 30
os2 driver map printcap cache time = 750
printcap name show add printer wizard = No
cldap port = 389
client ipc max protocol = default
client ipc min protocol = default
client max protocol = default
client min protocol = CORE
client use spnego = Yes
dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr, netlogon,
lsarpc, drsuapi, dssetup, unixinfo, browser, eventlog6, backupkey,
dnsserver
defer sharing violations = Yes
dgram port = 138
disable netbios = No
enable asu support = No
eventlog list large readwrite = Yes
lsa over netlogon = No
max mux = 50
max ttl = 259200
max wins ttl = 518400
max xmit = 16644
min receivefile size = 0
min wins ttl = 21600
name resolve order = wins bcast hosts lmhost
nbt port = 137
nt pipe support = Yes
nt status support = Yes
read raw = Yes
rpc big endian = No
rpc server port = 0
server max protocol = NT1
server min protocol = CORE
server multi channel support = No
smb2 max credits = 8192
smb2 max read = 8388608
smb2 max trans = 8388608
smb2 max write = 8388608
smb ports = 139 445
svcctl list time server = No
unicode = Yes
unix extensions = Yes
use spnego = Yes
web port = 901
write raw = Yes
rpc server dynamic port range = 49152-65535
algorithmic rid base = 1000
allow dcerpc auth level connect = No
allow trusted domains = No
auth methods check password script client ipc signing = default
client lanman auth = No
client NTLMv2 auth = Yes
client plaintext auth = No
client schannel = Auto
client signing = default
client use spnego principal = No
dedicated keytab file encrypt passwords = Yes
guest account = nobody
kerberos encryption types = all
kerberos method = default
kpasswd port = 464
krb5 port = 88
lanman auth = Yes
log nt token command map to guest = Bad User
map untrusted to domain = No
ntlm auth = No
ntp signd socket directory = /var/lib/samba/ntp_signd
null passwords = No
obey pam restrictions = No
old password allowed period = 60
pam password change = Yes
passdb backend = ldapsam:ldap://127.0.0.1/
passdb expand explicit = No
passwd chat = *New*UNIX*password* %nn *ReType*new*UNIX*password* %nn *
passwd:*all*authentication*tokens*updated*successfully*
passwd chat debug = No
passwd chat timeout = 2
passwd program = /usr/bin/passwd %u
password hash gpg key ids password server = *
preload modules private dir = /var/lib/samba/private
raw NTLMv2 auth = No
rename user script restrict anonymous = 0
root directory samba kcc command = /usr/sbin/samba_kcc
security = USER
server role = auto
server schannel = Auto
server signing = default
smb passwd file = /var/lib/samba/private/smbpasswd
tls cafile = tls/ca.pem
tls certfile = tls/cert.pem
tls crlfile tls dh params file tls enabled = Yes
tls keyfile = tls/key.pem
tls priority = NORMAL:-VERS-SSL3.0
tls verify peer = as_strict_as_possible
unix password sync = Yes
username level = 0
username map = /etc/samba/usermap
username map cache time = 0
username map script aio max threads = 100
deadtime = 0
getwd cache = Yes
hostname lookups = No
keepalive = 300
max disk size = 0
max open files = 16384
max smbd processes = 0
name cache timeout = 660
socket options = IPTOS_LOWDELAY TCP_NODELAY
use mmap = Yes
get quota command host msdfs = Yes
set quota command create krb5 conf = Yes
idmap backend = tdb
idmap cache time = 604800
idmap gid idmap negative cache time = 120
idmap uid include system krb5 conf = Yes
neutralize nt4 emulation = No
reject md5 servers = No
require strong key = Yes
template homedir = /home/%D/%U
template shell = /bin/false
winbind cache time = 300
winbindd privileged socket directory = /var/lib/samba/winbindd_privileged
winbindd socket directory = /run/samba/winbindd
winbind enum groups = No
winbind enum users = No
winbind expand groups = 0
winbind max clients = 200
winbind max domain connections = 1
winbind nested groups = Yes
winbind normalize names = No
winbind nss info = template
winbind offline logon = No
winbind reconnect delay = 30
winbind refresh tickets = No
winbind request timeout = 60
winbind rpc only = No
winbind sealed pipes = Yes
winbind separator = \
winbind trusted domains only = No
winbind use default domain = No
dns proxy = Yes
wins hook wins proxy = No
wins server wins support = Yes
idmap config * : backend = tdb
comment path administrative share = No
browseable = Yes
case sensitive = No
default case = lower
delete veto files = No
hide dot files = Yes
hide files hide special files = No
hide unreadable = No
hide unwriteable files = No
mangled names = Yes
mangling char = ~
map archive = No
map hidden = No
map readonly = no
map system = No
preserve case = Yes
short preserve case = Yes
store dos attributes = Yes
veto files veto oplock files blocking locks = Yes
csc policy = manual
fake oplocks = No
kernel oplocks = No
kernel share modes = Yes
level2 oplocks = Yes
locking = Yes
oplock contention limit = 2
oplocks = Yes
posix locking = Yes
strict locking = Auto
afs share = No
available = Yes
copy delete readonly = No
dfree cache time = 0
dfree command directory name cache size = 100
dmapi support = No
dont descend dos filemode = No
dos filetime resolution = No
dos filetimes = Yes
fake directory create times = No
follow symlinks = Yes
fstype = NTFS
include magic output magic script postexec preexec preexec close = No
root postexec root preexec root preexec close = No
spotlight = No
volume wide links = No
cups options default devmode = Yes
force printername = No
lppause command lpq command = %p
lpresume command lprm command max print jobs = 1000
max reported print jobs = 0
printable = No
print command printer name printing = cups
printjob username = %U
print notify backchannel = No
queuepause command queueresume command use client driver = No
acl allow execute always = No
acl check permissions = Yes
acl map full control = Yes
durable handles = Yes
ea support = Yes
map acl inherit = Yes
nt acl support = Yes
profile acls = No
access based share enum = No
acl group control = No
admin users create mask = 0744
directory mask = 0755
force create mode = 0000
force directory mode = 0000
force group force unknown acl user = No
force user guest ok = No
guest only = No
hosts allow = 192.168.1. 192.168.2. 127.
hosts deny = 0.0.0.0
inherit acls = No
inherit owner = no
inherit permissions = No
invalid users read list read only = Yes
smb encrypt = default
valid users write list aio read size = 0
aio write behind aio write size = 0
allocation roundup size = 1048576
block size = 1024
max connections = 0
min print space = 0
strict allocate = No
strict rename = No
strict sync = No
sync always = No
use sendfile = Yes
write cache size = 0
msdfs proxy msdfs root = No
msdfs shuffle referrals = No
ntvfs handler = unixuid, default
vfs objects
[netlogon]
comment = Network Logon Service
path = /home/samba/netlogon
locking = No
[homes]
comment = Home Directories
browseable = No
read only = No
valid users = %S
Thanks for your time.
On Thu, Apr 12, 2018 at 12:52 AM, Rowland Penny via samba
<samba at lists.samba.org> wrote:> On Wed, 11 Apr 2018 16:57:00 -0700
> Periko Support via samba <samba at lists.samba.org> wrote:
>
>> Hi guys.
>>
>> I had migrate samba PDC with LDAP as backend:
>>
>> Version 3.6.23-13.el5_11
>> Centos 6.x.
>>
>> To Centos 7.x with samba 4.6.2
>>
>> But got some errors related to idmap went I run testparm:
>>
>> idmap range not specified for domain '*'
>> ERROR: Invalid idmap range for domain *!
>>
>> This are my settings right on my extend file running testparm -v
>>
>> ldap idmap suffix = ou=Idmap
>> idmap backend = tdb
>> idmap cache time = 604800
>> idmap gid >> idmap negative cache time = 120
>> idmap uid >> idmap config * : backend = tdb
>>
>> Exist a way to now which are the right settings or this message
won't
>> affect my setup?
>>
>> Other thing I notice, If my backend is LDAP is normal that the
>> settings say 'tdb' insted of LDAP?
>>
>> Thanks for your time!!!
>>
>
> Please post the entire [global] part of your smb.conf.
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba