I am running into an issue with OpenMediaVault and Active Directory. I have set up Samba and joined the server to the domain. But since there are many mailing lists and disabled users in the directory Samba takes a long time to load the Users and Groups list, or sometimes just gives up and we need to restart the service.
I would like to know if there is a way to configure either of these 2 options to limit the users that samba lists.
- prevent samba from enumerating disabled users.
- limit the scope of samba to a single OU in Active Directory.
This is the smb.conf information
[global]
workgroup = DOMAIN
server string = %h server
dns proxy = no
log level = 0
log file = /var/log/samba/log.%m
max log size = 1000
logging = syslog
panic action = /usr/share/samba/panic-action %d
passdb backend = tdbsam
obey pam restrictions = no
unix password sync = no
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
pam password change = yes
socket options = TCP_NODELAY IPTOS_LOWDELAY
guest account = nobody
load printers = no
disable spoolss = yes
printing = bsd
printcap name = /dev/null
unix extensions = yes
create mask = 0777
directory mask = 0777
use sendfile = yes
aio read size = 1
aio write size = 1
time server = no
wins support = no
disable netbios = yes
multicast dns register = no
server min protocol = SMB2_02
# Special configuration for Apple's Time Machine
fruit:aapl = yes
fruit:copyfile = yes
fruit:nfs_aces = no
# Extra options
realm = DOMAIN.COM
security = ads
encrypt passwords = yes
preferred master = False
local master = No
domain master = No
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
client use spnego = yes
