Trimble, Ronald D wrote: > > Here you go... I forgot to ask which version of samba your now running, but assuming it is something around '3.0.25', then here is my suggestion config. If it is an earlier version let me know.
> [global] > workgroup = NA > realm = NA.UIS.UNISYS.COM > netbios name = ustr-linux-1 > server string = USTR-LINUX-1 Samba Server > encrypt passwords = yes > security = ADS > password server = 192.xx.xxx.xxx I believe for an AD domain, if you set the password server equal to the local domain name it will round-robin query the closest domain controller. Test it out, it will eliminate the single point of failure if it works in your environment. > passdb backend = smbpasswd I tend to use tdb for my passwd backend, especially if the number of users is large, tdb can speed lookups tremendously. > log level = 2 winbind:10 ads:10 auth:10 > syslog = 0 > log file = /var/log/samba/%m.log > # debug level = 10 > max log size = 5000 > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 I see no idmap entries here, and don't understand how winbind is working at all without them, maybe some old compatibility feature... I suggest, and of course I don't know your full topology, so it will most definitely need adjusting: idmap domains = default NA idmap config default:default = yes idmap config NA:backend = rid idmap config NA:range = 16777216 - 33554431 Is that id range valid? I have never used anything over 999999, it seems very oddly arbitrary, but I suppose you have a reason... Normally I allocate a 100000 id range per domain, so NA would have range 100000 - 199999, domain NA2 would have 200000 - 299999 and so on, makes it easier to determine the RID if the base of the range is on a power of ten and if you have multiple domains. idmap alloc backend = tdb idmap uid = 90000 - 99999 idmap gid = 90000 - 99999 This section here is for local mappings, BUILTINs and such, I set it as the default, but I'm sure other people will have their preferences or recommendations. > winbind use default domain = no > winbind enum users = no > winbind enum groups = no > template homedir = /home/%D/%U > template shell = /bin/bash > admin users = root, NA\TRIMBLRD, +"NA\EPS Admin" > nt acl support = yes > map acl inherit = yes Notice I removed these lines: > winbind uid = 16777216-33554431 > winbind gid = 16777216-33554431 This is old depreciated syntax, the syntax is now 'idmap uid', and it applies to id domains not explicitly configured with the 'id config' directive. <snip> Let me know if that helps. -Ross ______________________________________________________________________ This e-mail, and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this e-mail, and any attachments thereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify the sender and permanently delete the original and any copy or printout thereof. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba