[Samba] RE: Samba with ADS
Dimitri Yioulos
dyioulos at firstbhph.com
Tue Jun 16 11:24:25 GMT 2009
On Monday 15 June 2009 8:14:39 pm James Zuelow
wrote:
> > -----Original Message-----
> > From:
> > samba-bounces+james_zuelow=ci.juneau.ak.us at li
> >sts.samba.org
> > [mailto:samba-bounces+james_zuelow=ci.juneau.
> >ak.us at lists.samba .org] On Behalf Of
> > McGranahan, Jamen Sent: Monday, 15 June, 2009
> > 07:50
> > To: samba at lists.samba.org
> > Subject: [Samba] Samba with ADS
> >
> > Environment: Sun Solaris 9 sparc
> > Software: Samba-3.3.3, KRB5-1.6.3,
> > OpenLDAP-2.4.11 Problem:
> > Am trying to create shares with Samba so that
> > users can map to folders on this server using
> > Active Directory. I am successful in creating
> > a Kerberos ticket; I can join the domain; and
> > wbinfo -u and -g give me users in the AD.
> > However, getent passwd only gives me a list
> > of users on the server and not in the AD. The
> > winbindd.log file has a lot of these lines:
>
> --8<-- snip -->8--
>
> > If you have any advice and/or guidance, I
> > would greatly appreciate it. Thank you!
>
> The getent passwd trouble may be a red herring.
>
> If you do not have these lines in smb.conf
>
> Winbind enum users = Yes
> Winbind enum groups = Yes
>
> Then wbinfo -u will work, but getent passwd
> will not.
>
> Generally you want to leave enumumerating users
> and groups turned off (the default) on larger
> domains. In my experience having them turned
> on can delay share access, restart times, etc.
>
> However enumerating users and groups so that
> getent passwd works is not necessary for shares
> to work correctly or users to map drives in AD.
> (At least this is true for Debian, I don't
> know about Solaris.)
>
> James
> --
It's been a very long time since I installed and
ran Samba on Solaris. That said, are
nsswitch.conf and resolv.conf correctly
configured? Is your Solaris clock synced with
the AD server? And, as James suggested,
are "Winbind enum users" and "Winbind enum
groups" set to "Yes"?
HTH.
Dimitri
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the samba
mailing list