[Samba] fetch passwords from AD and group membership from /etc/group

marius klausen mariusklausen at gmx.net
Mon Jan 24 02:30:40 MST 2011


> > I want to use Active Directory for my samba users passwords and
> /etc/group for storing group membership.
> > 
> > /etc/nsswitch.conf looks like:
> > 
> > group: file
> > 
> > Problem: the tests i ran show that the samba server does not know about
> group membership  (deleting file from other user belonging to the same
> group fails). The same test works as expectet when winbindd is switched off.
> What do i have to do to fix this while having winbindd running?
> > 
> It wont know anything about your groups at all with NSSwitch like this.
> You need to make it 
> group: files winbind
> OR configure NSS_LDAP and make it
> group: files ldap

something seems to be still missing ....

i made a test with 

group: files winbind

without any different results.

As I far as i understand nsswitch.conf this line tells nsswitch to look for group memberships in local files first and secound in AD via winbind. As i have no group definitions for my samba users in the AD (only passwords) i don't understand why nsswitch.conf needs to look that way. Could someone please explain?

best regards,


Empfehlen Sie GMX DSL Ihren Freunden und Bekannten und wir
belohnen Sie mit bis zu 50,- Euro! https://freundschaftswerbung.gmx.de

More information about the samba mailing list