[Samba] fetch passwords from AD and group membership from /etc/group

William Brown william.e.brown at adelaide.edu.au
Fri Jan 21 07:47:01 MST 2011


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


On 20/01/2011, at 19:29, marius klausen wrote:

> Hi List,
> 
> I want to use Active Directory for my samba users passwords and /etc/group for storing group membership.
> 
> /etc/nsswitch.conf looks like:
> 
> group: file
> 
> Problem: the tests i ran show that the samba server does not know about group membership  (deleting file from other user belonging to the same group fails). The same test works as expectet when winbindd is switched off. What do i have to do to fix this while having winbindd running?
> 

It wont know anything about your groups at all with NSSwitch like this. You need to make it 

group: files winbind

OR configure NSS_LDAP and make it

group: files ldap

Samba4 (And active directory on windows also) supports posix schemas in its ldap objects by default, so using the samba-tool group add <name>, then doing an object modification on that in ldap to add your  needed posix data is the most robust way (since GID's will be consistent and controllable on all workstations)

Just be aware that AD does not allow anonymous reads, so your NSS_LDAP will need to be setup with a user account (preferably unprivileged) to read the ldap tree. You will need a Domain Admin account to actually do the modify operation also.

> Regards, Marius
> -- 
> Empfehlen Sie GMX DSL Ihren Freunden und Bekannten und wir
> belohnen Sie mit bis zu 50,- Euro! https://freundschaftswerbung.gmx.de
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

William Brown

Research & Teaching, Technology Services
The University of Adelaide, AUSTRALIA 5005

CRICOS Provider Number 00123M
- -----------------------------------------------------------------------------
IMPORTANT: This message may contain confidential or legally privileged
information. If you think it was sent to you by mistake, please delete all
copies and advise the sender. For the purposes of the SPAM Act 2003, this
email is authorised by The University of Adelaide.

pgp.mit.edu



-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.16 (Darwin)

iQIcBAEBAgAGBQJNOZxoAAoJEDwKxtqy+Sii59UQAJDbWBkdTVWfY0pDdFVTt59T
94sRina2BgqVpFdGRUkEizQivTzIJL6Z30cqn4VSFNx660AsMtzyPrYkBMGgFKU9
wrX6PaKBcjOnnPVB0SHBeZV7pBjrInk2lbigpwFJQJlNV+Y1EnkvfCXqYgZfnUhP
8QwjzcpWRUqHOYC2qbC8g55vYTfG8eH36iHTisi2q2F44l8z3H7jEmT62TFkvT22
oFn7fvOQ1OMEbY+XNbZ8vKXMBdFO0TWUaPf04a5XVnXrExexjHutHe2HtYLUQtcD
YtaxOIBMZlBeNXWIp3ExEBQtXu8Z4SlMz41loMtXUl4GOS4ZdWRIpgTC8/RHdeha
+FncJ9CTgxG46d7EEpctdOSyeq+57N7UAWnLbGhqUMPQ5h385cxCUOp212hvzF+8
Bhxl3eOucg4mG20GQlb0J+RCITIjZornqKnWuqp2DufVp+UZwJd+VGJDuxKJeRJz
4cU9xNqEfxt+zDX9Yze3nFT5tv1JhNfCjMuiMir5gr9D+svHJv7Mn8sIBJiTlNLQ
2t5w4gQ70ZpKtdi2tLe9ZyUoSDcTDs0/hsoJ+aFnNIIxRylwReYvgmLHQfpAziF/
jKwTNSmVOkI9Fh7/ovAcG9MaD1guZylF1XyvJCEhbKnGA2eUY0Sdnl/isGOu9NAA
3hoe9QvFAMIdT7XV0Q/9
=WR8F
-----END PGP SIGNATURE-----


More information about the samba mailing list