[Samba] SAMBA4 separate member and file server - Update

Daniel Carrasco Marín danielmadrid19 at gmail.com
Tue Jun 23 03:22:13 MDT 2015


2015-06-22 22:35 GMT+02:00 Craig SHONE <craig.shone at gmail.com>:

> Just adding a bit more info:
>
>
>
> Running wbinfo -t on the file server results in a successful trust secret
> check via RPC
>
> Running wbinfo -u on the file server returns all my AD users
>
> Running wbinfo -g on the file server returns all my AD groups
>
> Running wbinfo -p on the file server results in a successful ping to
> winbindd
>
>
>
> I have used the basic smb.conf on the wiki page for the file/member server,
> but no luck trying to set the ACL's on my shares with the command: setfacl
> -m g:domain_admins:rwx /data/shares/admin, it just results in error.
>
>
>
> I've tried running the command wbinfo on both the file server and domain
> controller and I get different results.
>
>
>
> From the member/file server:
>
>
>
> [root at hnpmb01 ~]# wbinfo -i craig
>
> failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND
>
> Could not get info for user craig
>
>
>
> From the domain controller:
>
>
>
> [root at hnpmb02 ~]# wbinfo -i craig
>
> craig:*:3000047:100:Craig Shone:/home/HN/craig:/bin/false
>
>
>
> It's almost as if setfacl cannot see the list of AD groups and accounts?
> Do
> I have to add the UNIX mappings on the DC if wanting to use a separate
> SAMBA
> 4 file server?
>
>
>
> Thanks
>
> Craig.
>
>
>
> From: Craig SHONE [mailto:craig.shone at gmail.com]
> Sent: 22 June 2015 03:06 PM
> To: 'samba at lists.samba.org'
> Subject: SAMBA4 member and file server
>
>
>
> Hi everyone
>
>
>
> Needing some advice with regards to setting up a SAMBA 4 file server in a
> SAMBA 4 AD domain (I come from Windows so bear with me please).
>
>
>
> I've followed the wiki guidelines and successfully setup a SAMBA4 domain
> controller in ESXI, created some test user accounts and joined my
> workstation to the domain, DNS works fine, can log in with no problem,
> Windows RSAT tools runs fine in creating the test user accounts, etc.  DC
> was provisioned with --use-rfc2307.
>
>
>
> Now I'm trying to setup a separate SAMBA4 file server, have created the
> smb.conf as per the wiki, joined the file server to the domain and granted
> Domain Admins SeDiskOperatorPrivilege.
>
>
>
> Issue I'm facing is in creating shares and setting ACL's on them for Domain
> Admins to change the permissions via a Windows machine.   Pretty sure I
> have
> to set uid and gid using the RSAT tools for the various groups and users I
> have created as I didn't set Domain Users to 10000 before adding more users
> and groups and letting SAMBA increment them automatically.
>
>
>
> Can anyone confirm if my assumption is correct and point me to the right
> procedure to assign what is needed so that I can set the ACL's on my file
> server?
>
>
>
> Thank you
>
> Craig.
>
>
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

Hi,


   - In RSAT: have you set the Unix UID for the users and/or groups in
   "Unix Atributes" tab?
   - In File Server: Have you edited the /etc/nsswitch.conf file?

Greetings!!


More information about the samba-technical mailing list