[Samba] AD issue....

Michael Fernández M. michael at michael.cl
Mon Dec 3 14:36:00 GMT 2007 

El lun, 03-12-2007 a las 18:43 +0530, Sadique Puthen escribió:
> Set "winbind use default domain = yes" in smb.conf if you want to change 
> ownership of files to ad users using their actual name. If you don't set 
> it, you should change the ownership using "domain+username" as the 
> username which linux doesn't like much.
> 
> If you want getent passwd/group to work please make sure that you have 
> the below parameters in smb.conf though it has slight problems while 
> maintaining large number of users.
> 
> winbind enum users = yes
> winbind enum groups = yes

Yes, now is working, i can get the users an groups with getent passwd

Thanks!!!!

But i cannot set permissions to shares map via Windows, i have the
folowing configuration in SMB.conf:

drwxrwxrwx  3 administrator domain users  4096 2007-11-30 16:39 Domain

[domain]
   comment = domain
   browseable = yes
   path = /home/Domain
   public = yes
   writable = yes
   valid users = '@domain users'  <<< This will work?


Michael.-



> 
> This is not required if you are running "getent passwd <username>".
> 
> --Sadique
> 
> Michael Fernández M. wrote:
> > Hi, i want to integrate AD + Samba3 via kerberos, every works great i
> > get the users and groups with wbinfo -u and  wbinfo -g
> > so in linux i cat set the permissions to a share using the AD's users.
> > However when i try "getent passwd" I only get the system users and not
> > the AD's users... in my nsswitch.conf i have:
> >
> > passwd:         files winbind
> > group:          files winbind
> > shadow:         files
> > hosts:          files dns winbind
> > networks:       files
> >
> >
> > In the other hand on Windows when I try to set a permission to a share
> > using I cannot set them, because i got Permission denied.
> >
> > The following  is my smb.conf:
> >
> > [global]
> > security = ADS
> > netbios name = andromaca
> > realm = domain.tld
> > encrypt passwords = yes
> > password server = x.x.x.x
> > workgroup = domain
> > idmap uid = 10000-20000
> > idmap gid = 10000-20000
> > ldap ssl = no
> > winbind separator = +
> > template homedir = /home/%D/%U
> > template shell = /bin/bash
> > client use spnego = yes
> >
> > [ol]
> >    comment = ol
> >    browseable = yes
> >    path = /home/ol
> >    public = yes
> >    writable = yes
> >
> > [lala]
> >    comment = lala
> >    browseable = yes
> >    path = /home/ol/lala
> >    public = yes
> >    writable = yes
> >
> > ------------------------------
> >
> > when i set the permissions on lala via linux to a specific AD user, and
> > then on Windows I map that share with that user so can got it and can
> > write, read, delete, etc.... 
> >
> > Anyone knows how can i do it in order to set the permissions via
> > Windows?
> >
> > Thanks !!!!
> >
> > Michael.-
> >
> >
> >   
> 
>

More information about the samba mailing list