Yashpal Nagar wrote:
Thanks a lot Bill for your reply.
My smb.conf
-------------------------------------------------
[global]
As a member server, I would have expected workgroup to be "AA", that is,
the prefix of the realm.
workgroup = MYGRP
domain master = no
local master = no
server string = Test Samba Server
netbios name = FOO
realm = AA.DK <http://AA.DK>
allow trusted domains = no
security = ADS
encrypt passwords = yes
password server = *
dns proxy = no
log level = 3
max log size = 100
log file = /var/log/samba/%m.log
client use spnego = yes
Remove the following:
idmap domains = MYGRP
idmap config MYGRP:default = yes
idmap config MYGRP:backend = tdb
idmap config MYGRP:range = 200000 - 500000
idmap alloc backend = tdb
idmap alloc config:range = 200000 - 500000
Add the following:
idmap uid = 200000-500000
idmap gid = 200000-500000
Please see the following:
http://samba.org/samba/docs/man/manpages-3/idmap_tdb.8.html
But ignore the last example. :-)
The "idmap alloc" is only necessary if the allocator it not going to the
tdb model specified by "idmap backend"
The man pages are very out of sync with the reality of IDMAP, but IDMAP
is not a simple component and not always easy to debug, but I think it
is in a better place now than previously.
restrict anonymous = yes
wins server = namesrv04 namesrv03
name resolve order = wins bcast
-----------------------------------------------------
When I run testparm, it say unrecognised " idmap domains = MYGRP". If
I comment that out this throws no error for 'net ads testjoin' etc. No
matter whichever samba ver I use it complains about this line, I may
notice you have mentioned same example in one of your examples in your
pdf, under IDMAP_TDB.
Yeah, as of 3.3, that's not the case any longer. I will update my docs
to reflect the truth. :-)
Other smb.conf, I have tried which works well on AIX 5.2, but didn't
work with precompiled binaries on AIX 6.1
-------------------------------------------------------
[global]
workgroup = MYGRP
domain master = no
local master = no
server string = Test Samba Server
netbios name = foo
realm = AA.DK <http://AA.DK>
allow trusted domains = no
security = ADS
encrypt passwords = yes
password server = *
dns proxy = no
log level = 1
max log size = 100
log file = /var/log/samba/%m.log
idmap uid = 100000-999999
idmap gid = 1000000-1999999
restrict anonymous = yes
wins server = namesrv04 namesrv03
name resolve order = wins bcast
winbind enum groups = no
winbind enum users = no
winbind cache time = 300
winbind use default domain = yes
--------------------------------------------------
Since the existing setup (AIX5.2) works well with tdb backend, though
it is not explicitly mentioned into the config above, But i can see a
large winbindd_idmap.tdb under $SAMBA/var. I would keep the same tdb
(default?) backend.
The default is TDB, so yes, it would stay the same. You should (and
probably want to) copy the winbindd_idmap.tdb to the new server to keep
your mappings unless this is not desired.
What I would like know -
1. Which samba binaries you have installed, I believe it is 32
bit. Can I use 64 bit binaries on a production server? You have mentioned
*The 64-bit code is to be treated as PRODUCTION. *
what does this mean? if this PRODUCTION means it shall be used for
production servers or it is for you/SAMBA development team currently
using for development/production of samba. Some more information here
on your website surely would help more.
Sorry about that. All of my package were initially 32-bit, then I
offered the 64-bit code as BETA for about 6 months, and after some
testing and feedback from users, I marked it as production quality. The
Samba Team makes no guarantees whatsoever on what I produce. This is
simply a statement of usability.
I will remove that line from the site.
3. After changing mehtods.cfg, user file, Is there any program need to
be restarted apart from samba or server reboot?
The most you may need to do is stop Samba and run "slibclean", then
restart Samba.
4. I understand AIX uses LAM, instead of PAM which is used on Linux.
Is there any setting related to LAM we got to do on AIX. There is no
nsswitch.conf file as well, I assume since these binaries are already
compiled for that platform, it should take care automatically?
The package(s) I provide also support PAM. The IBM LAM framework is in
use with the WINBIND product Andrew Tridgell wrote some time ago.
You are correct that there no nsswitch.conf. Effectively, methods.cfg
and /etc/security/user are the equivalent.
Let me know how you get on.
Cheers,
Bill
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
