SAMBA4 separate member and file server - Update

Rowland Penny repenny241155 at gmail.com
Mon Jun 22 14:58:49 MDT 2015


On 22/06/15 21:35, Craig SHONE wrote:
> Just adding a bit more info:
>
>   
>
> Running wbinfo -t on the file server results in a successful trust secret
> check via RPC
>
> Running wbinfo -u on the file server returns all my AD users
>
> Running wbinfo -g on the file server returns all my AD groups
>
> Running wbinfo -p on the file server results in a successful ping to
> winbindd
>
>   
>
> I have used the basic smb.conf on the wiki page for the file/member server,
> but no luck trying to set the ACL's on my shares with the command: setfacl
> -m g:domain_admins:rwx /data/shares/admin, it just results in error.
>
>   
>
> I've tried running the command wbinfo on both the file server and domain
> controller and I get different results.
>
>   
>
>  From the member/file server:
>
>   
>
> [root at hnpmb01 ~]# wbinfo -i craig
>
> failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND
>
> Could not get info for user craig
>
>   
>
>  From the domain controller:
>
>   
>
> [root at hnpmb02 ~]# wbinfo -i craig
>
> craig:*:3000047:100:Craig Shone:/home/HN/craig:/bin/false
>
>   
>
> It's almost as if setfacl cannot see the list of AD groups and accounts?  Do
> I have to add the UNIX mappings on the DC if wanting to use a separate SAMBA
> 4 file server?
>
>   

If you are referring to uidNumber & gidNumber attributes and you are 
using the winbind 'ad' backend, then yes you do.
If you do not want to add these attributes, you can use the 'rid' 
backend instead.

Until 'getent passwd username' returns your user info, setfacl will not 
work.

Rowland

>
> Thanks
>
> Craig.
>
>   
>
>



More information about the samba-technical mailing list