[Samba] RE: Samba with ADS
James Zuelow
James_Zuelow at ci.juneau.ak.us
Tue Jun 16 00:14:39 GMT 2009
> -----Original Message-----
> From:
> samba-bounces+james_zuelow=ci.juneau.ak.us at lists.samba.org
> [mailto:samba-bounces+james_zuelow=ci.juneau.ak.us at lists.samba
> .org] On Behalf Of McGranahan, Jamen
> Sent: Monday, 15 June, 2009 07:50
> To: samba at lists.samba.org
> Subject: [Samba] Samba with ADS
>
> Environment: Sun Solaris 9 sparc
> Software: Samba-3.3.3, KRB5-1.6.3, OpenLDAP-2.4.11
> Problem:
> Am trying to create shares with Samba so that users can map
> to folders on this server using Active Directory. I am
> successful in creating a Kerberos ticket; I can join the
> domain; and wbinfo -u and -g give me users in the AD.
> However, getent passwd only gives me a list of users on the
> server and not in the AD. The winbindd.log file has a lot of
> these lines:
--8<-- snip -->8--
>
> If you have any advice and/or guidance, I would greatly
> appreciate it. Thank you!
>
The getent passwd trouble may be a red herring.
If you do not have these lines in smb.conf
Winbind enum users = Yes
Winbind enum groups = Yes
Then wbinfo -u will work, but getent passwd will not.
Generally you want to leave enumumerating users and groups turned off (the default) on larger domains. In my experience having them turned on can delay share access, restart times, etc.
However enumerating users and groups so that getent passwd works is not necessary for shares to work correctly or users to map drives in AD. (At least this is true for Debian, I don't know about Solaris.)
James
More information about the samba
mailing list