[Samba] Domain member (2k8R2) server, problem mapping Kerberos/NSS users
Rowland Penny
rowlandpenny at googlemail.com
Mon Jul 21 09:38:53 MDT 2014
On 21/07/14 16:22, Elias Probst wrote:
> On 07/21/2014 05:15 PM, Rowland Penny wrote:
>> OK, have you joined the fileserver to the domain? what is in
>> /etc/nsswitch.conf or to put it another way, how does the fileserver
>> know about the domain users & groups? does getent passwd show the domain
>> users ?
> The server is joined to the domain.
>
> nsswitch.conf is set up properly which is backed by the fact that things
> like
> getent passwd some-domain-user
> getent group some-domain-group
> chown some-domain-user:some-domain-group /tmp/foobar
> work just fine and show the expected results.
>
> 'klist -ke' (full output see also my initial mail) looks good to me.
>
>
>
Hi, to be honest, I have never used the 'nss' backend, but a quick look
at the idmap_nss manpage reveals this:
DESCRIPTION
The idmap_nss plugin provides a means to map Unix users and
groups to
Windows accounts and obsoletes the "winbind trusted domains only"
smb.conf option. This provides a simple means of ensuring that
the SID
for a Unix user named jsmith is reported as the one assigned to
DOMAIN\jsmith which is necessary for reporting ACLs on files and
printers stored on a Samba member server.
This seems to say that winbind will map the domain users to local users,
so I suppose the next question has to be, is winbind running ?
Rowland
More information about the samba
mailing list