Its taken a lot of fairly random experimentation but I've finally
got configs that work under samba 3.5.5 on both Gentoo and Debian
with 2008 server. The sections in my old config that seemed to be
causing the problems and their replacements are shown below:
Old broken:
idmap backend = ad
winbind nss info = rfc2307
New working:
idmap uid = 10000-20000
idmap gid = 10000-20000
No changes were needed to my kerberos setup.
I've included a copy of my current smb.conf that is working for me
after upgrading from 3.4.8 to 3.5.5:
[global]
workgroup = DOMAIN
security = ADS
kerberos method = system keytab
winbind use default domain = true
realm = DOMAIN.NET
disable netbios = yes
name resolve order = host lmhosts
hosts allow = 127.0.0.1 192.168.1.0/24 93.97.246.119
hosts deny = 0.0.0.0/0
password server = 192.168.1.2, 192.168.1.3, *
idmap config DOMAIN : default = yes
idmap config DOMAIN : schema_mode = rfc2307
idmap config DOMAIN : backend = ad
idmap config DOMAIN : range = 10000-20000
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind offline logon = yes
winbind nested groups = yes
winbind separator = +
template homedir = /home/%U
template shell = /bin/bash
client ntlmv2 auth = yes
encrypt passwords = yes
local master = no
domain master = no
preferred master = no
dns proxy = no
server string = Samba Server Version %v
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE
SO_RCVBUF=8192 SO_SNDBUF=8192
# Fix character set issues:
#
http://www.unixresources.net/linux/lf/59/archive/00/00/13/18/131896.html
dos charset = 850
unix charset = UTF-8
There is still a slight discrepancy with debian returning more
groups for users when you type "id <user>" than gentoo, but it
appears to be a gentoo error i.e. "10005(denied rodc password
replication group)". Something to look at another day as auth works
for now which is the main thing.
Regards
Simon
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
