[Samba] samba4 missing group membership with getent group
Rowland Penny
rowlandpenny at googlemail.com
Mon Jun 24 11:47:07 MDT 2013
Hi Marc, ok it looks like anything will work on an S4 server apart from
winbind ;-)
My working /etc/sssd/sssd.conf on the S4 server is:
[sssd]
config_file_version = 2
domains = example.com
services = nss, pam
[nss]
[pam]
[domain/example.com]
description = AD domain with Samba 4 server
cache_credentials = true
id_provider = ldap
auth_provider = krb5
chpass_provider = krb5
access_provider = ldap
krb5_realm = EXAMPLE.COM
ldap_referrals = false
ldap_sasl_mech = GSSAPI
ldap_schema = rfc2307bis
ldap_access_order = expire
ldap_account_expire_policy = ad
ldap_force_upper_case_realm = true
ldap_user_object_class = user
ldap_user_name = sAMAccountName
ldap_user_home_directory = unixHomeDirectory
ldap_user_principal = userPrincipalName
ldap_group_object_class = group
ldap_group_name = sAMAccountName
Thats it, no special user, no passwords, it just works, I haven't found any
problems yet, touch wood.
And when 1.10.0 gets released (it's in beta at the moment) it gets even
better:
[sssd]
config_file_version = 2
domains = example.com
services = nss, pam
[nss]
[pam]
[domain/example.com]
description = AD domain with Samba 4 server
cache_credentials = true
enumerate = False
id_provider = ad
auth_provider = ad
access_provider = ad
chpass_provider = ad
Rowland
On 24 June 2013 17:21, Marc Muehlfeld <samba at marc-muehlfeld.de> wrote:
> Hello Rowland,
>
> Am 24.06.2013 12:26, schrieb Rowland Penny:
>
> As far as I can see, the only way to get getent on the S4 server to show
>> groupmembers is to use sssd
>>
>
> nslcd works great for that job here, too.
>
>
> The nslcd.conf is almost the same like I wrote here:
> http://wiki.samba.org/index.**php/Samba4/beyond#Nslcd:_User.**
> 2FGroups_from_AD_through_**openLDAP_proxy<http://wiki.samba.org/index.php/Samba4/beyond#Nslcd:_User.2FGroups_from_AD_through_openLDAP_proxy>
>
>
> I'll publish the nslcd config for directly getting the data from AD, the
> next days in the wiki, too.
>
>
>
> Regards,
> Marc
>
>
>
>
More information about the samba
mailing list