[Samba] RE: Samba with ADS

Dimitri Yioulos dyioulos at firstbhph.com
Tue Jun 16 11:24:25 GMT 2009


On Monday 15 June 2009 8:14:39 pm James Zuelow 
wrote:
> > -----Original Message-----
> > From:
> > samba-bounces+james_zuelow=ci.juneau.ak.us at li
> >sts.samba.org
> > [mailto:samba-bounces+james_zuelow=ci.juneau.
> >ak.us at lists.samba .org] On Behalf Of
> > McGranahan, Jamen Sent: Monday, 15 June, 2009
> > 07:50
> > To: samba at lists.samba.org
> > Subject: [Samba] Samba with ADS
> >
> > Environment: Sun Solaris 9 sparc
> > Software: Samba-3.3.3, KRB5-1.6.3,
> > OpenLDAP-2.4.11 Problem:
> > Am trying to create shares with Samba so that
> > users can map to folders on this server using
> > Active Directory. I am successful in creating
> > a Kerberos ticket; I can join the domain; and
> > wbinfo -u and -g give me users in the AD.
> > However, getent passwd only gives me a list
> > of users on the server and not in the AD. The
> > winbindd.log file has a lot of these lines:
>
> --8<-- snip -->8--
>
> > If you have any advice and/or guidance, I
> > would greatly appreciate it. Thank you!
>
> The getent passwd trouble may be a red herring.
>
> If you do not have these lines in smb.conf
>
>  Winbind enum users = Yes
>  Winbind enum groups = Yes
>
> Then wbinfo -u will work, but getent passwd
> will not.
>
> Generally you want to leave enumumerating users
> and groups turned off (the default) on larger
> domains.  In my experience having them turned
> on can delay share access, restart times, etc.
>
> However enumerating users and groups so that
> getent passwd works is not necessary for shares
> to work correctly or users to map drives in AD.
>  (At least this is true for Debian, I don't
> know about Solaris.)
>
> James
> --

It's been a very long time since I installed and 
ran Samba on Solaris.  That said, are 
nsswitch.conf and resolv.conf correctly 
configured?  Is your Solaris clock synced with 
the AD server?  And, as James suggested, 
are "Winbind enum users" and "Winbind enum 
groups" set to "Yes"?

HTH.

Dimitri

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.



More information about the samba mailing list