[Samba] AD issue....

Sadique Puthen sputhenp at redhat.com
Mon Dec 3 13:13:23 GMT 2007 

Set "winbind use default domain = yes" in smb.conf if you want to change 
ownership of files to ad users using their actual name. If you don't set 
it, you should change the ownership using "domain+username" as the 
username which linux doesn't like much.

If you want getent passwd/group to work please make sure that you have 
the below parameters in smb.conf though it has slight problems while 
maintaining large number of users.

winbind enum users = yes
winbind enum groups = yes

This is not required if you are running "getent passwd <username>".

--Sadique

Michael Fernández M. wrote:
> Hi, i want to integrate AD + Samba3 via kerberos, every works great i
> get the users and groups with wbinfo -u and  wbinfo -g
> so in linux i cat set the permissions to a share using the AD's users.
> However when i try "getent passwd" I only get the system users and not
> the AD's users... in my nsswitch.conf i have:
>
> passwd:         files winbind
> group:          files winbind
> shadow:         files
> hosts:          files dns winbind
> networks:       files
>
>
> In the other hand on Windows when I try to set a permission to a share
> using I cannot set them, because i got Permission denied.
>
> The following  is my smb.conf:
>
> [global]
> security = ADS
> netbios name = andromaca
> realm = domain.tld
> encrypt passwords = yes
> password server = x.x.x.x
> workgroup = domain
> idmap uid = 10000-20000
> idmap gid = 10000-20000
> ldap ssl = no
> winbind separator = +
> template homedir = /home/%D/%U
> template shell = /bin/bash
> client use spnego = yes
>
> [ol]
>    comment = ol
>    browseable = yes
>    path = /home/ol
>    public = yes
>    writable = yes
>
> [lala]
>    comment = lala
>    browseable = yes
>    path = /home/ol/lala
>    public = yes
>    writable = yes
>
> ------------------------------
>
> when i set the permissions on lala via linux to a specific AD user, and
> then on Windows I map that share with that user so can got it and can
> write, read, delete, etc.... 
>
> Anyone knows how can i do it in order to set the permissions via
> Windows?
>
> Thanks !!!!
>
> Michael.-
>
>
>

More information about the samba mailing list