[Samba] Samba 3.6.0: unable to list Active Directoy users
David Touzeau
david at touzeau.eu
Fri Aug 12 02:23:26 MDT 2011
Dear all
I have upgraded my Samba from 3.5.x to a newest 3.6.0 version.
My Samba is connected to an Active Directory 2008 R2
the "getent passwd" did not display any ActiveDirectoy Domains users.
the "net ads group" display correctly the ActiveDirectory groups :
net ads group
Administrateurs
Utilisateurs
Invités
Opérateurs d’impression
Opérateurs de sauvegarde
Duplicateurs
Utilisateurs du Bureau à distance
Opérateurs de configuration réseau
Utilisateurs de l’Analyseur de performances
Utilisateurs du journal de performances
Utilisateurs du modèle COM distribué
IIS_IUSRS
Opérateurs de chiffrement
Lecteurs des journaux d’événements
Accès DCOM service de certificats
Ordinateurs du domaine
I think there is a misconfiguration in my setup but did not find any
solution:
Where i'm wrong ?
[global]
workgroup = TOUZEAU
netbios name = bdc2
server string = %h server
disable netbios =no
max protocol = SMB2
name resolve order =host lmhosts wins bcast
dns proxy = No
wins support = No
min protocol = NT1
syslog = 3
log level = 10
log file = /var/log/samba/log.%m
debug timestamp = yes
# Enable symbolics links -----------------------------------
follow symlinks = yes
wide links = yes
unix extensions = no
usershare allow guests = no
usershare max shares = 100
usershare owner only = true
usershare path=/var/lib/samba/usershares/data
#Guest access
guest account = nobody
map to guest = Bad Password
template homedir = /home/%U
template shell = /bin/false
enable privileges = yes
os level = 40
ldap passwd sync = no
#WINBINDD *******************************************************
security = ADS
realm = TOUZEAU.HOME
idmap config TOUZEAU:backend = ad
idmap config TOUZEAU:readonly = yes
idmap config TOUZEAU:schema_mode = rfc2307
idmap config * : range = 16777216-33554431
client use spnego = No
client use spnego principal = No
encrypt passwords = Yes
client ntlmv2 auth = Yes
client lanman auth = No
winbind normalize names = Yes
winbind separator = /
winbind use default domain = No
winbind enum users = Yes
winbind enum groups = Yes
winbind nested groups = Yes
winbind nss info = rfc2307
winbind offline logon = true
winbind cache time = 5
winbind refresh tickets = true
kerberos method = system keytab
allow trusted domains = Yes
server signing = mandatory
client signing = mandatory
lm announce = No
ntlm auth = No
lanman auth = No
preferred master = No
printing = bsd
# VISTA/Windows7 compatibility
# ACLs settings
nt acl support=yes
map acl inherit=yes
acl check permissions=yes
inherit permissions=no
inherit acls=no
acl map full control=yes
dos filemode=yes
force unknown acl user = no
# LDAP settings -----------------------------------
ldap delete dn = no
passdb backend = ldapsam:ldap://127.0.0.1:389
ldap admin dn = cn=Manager,dc=my-domain,dc=com
ldap suffix = dc=my-domain,dc=com
ldap group suffix = dc=organizations
ldap user suffix = dc=organizations
ldap machine suffix = ou=Computer,dc=samba,dc=organizations
ldap delete dn = yes
ldap ssl = off
ldap idmap suffix =
ou=idmap,dc=samba,dc=organizations,dc=my-domain,dc=com
More information about the samba
mailing list