search for: kushnirenko

Hello, There recommended range in Samba4 share for BUILTIN users is usually (from Samba wiki) # Default ID mapping configuration for local BUILTIN accounts # and groups on a domain member. The default (*) domain: # - must not overlap with any domain ID mapping configuration! # - must use a read-write-enabled back end, such as tdb. idmap config * : backend = tdb idmap config * : range = 3000-7999

Hi I apologize for long introduction, but I hope it can clarify the problem. We use Samba in the following configuration: 1. Samba DC based on Samba4 2. Windows Member Server 2008/2012 where we manage users (windows admin tools have Unix Attributes) and where some users work with Win Programs 3. Multiple Samba4 Member Servers for Shares 4. Multiple Windows/Linux Workstations that use Samba AD for

On 29/02/2020 16:30, Alexander Kushnirenko wrote: > > You are right, this is used on Unix domain member I know I am right, I put that in the wiki ;-) > > Well on DC I see files owned by unix user with UID=3000000 in > /var/lib/samba/sysvol/, and when I look on the same SYSVOL share from > windows world I see that the fil...

On 29/02/2020 18:15, Alexander Kushnirenko wrote: > > OK, thanks! Does any of them need to be reflected in unix world? Mostly just Domain Users > > ------------- DC -------------------- > [global] > kerberos method = system keytab Please don't set the above on a DC > client ldap sasl wrapping = sign That is the defa...

On 11/11/2019 20:34, Alexander Kushnirenko wrote: > ?Hi, Rowland! > Thank you for you comments, everything worked out just fine. > > > Our plan now is to use 'domain group' = 10513, but we have very > little idea > > what problems it can lead to and it will upset a lot of users if > we do i...