[Samba] NSLCD works, do I need RFC2307 extensions enabled in AD as well?

Andrey Repin anrdaemon at yandex.ru
Fri Apr 17 17:54:53 MDT 2015

Greetings, john!

> I've just installed Samba 3.6.6 from the Debian Stable repo. I want to use
> this linux box as a smb file server for windows clients.

> I installed NSLCD to allow users in AD to authenticate against my linux
> server per
> https://wiki.samba.org/index.php/Local_user_management_and_authentication/nslcd

> getent passwd and getent group returns domain users with UID mappings like:

> tempuser at vanguard.mydomain.org:*:16043:16043:temp
> user:/home/VANGUARD/tempuser:/bin/bash

> Those same users can log into the linux box with their domain credentials
> via ssh and create files owned by them

> However I can't figure out how to configure Samba to allow these same users
> to access a samba file share via a windows 7 client. I thought that Samba
> would check /etc/nsswitch.conf like other services and use ldap just like
> ssh would.

> the relevant part of my nsswitch.conf file looks like:

> passwd:         compat ldap
> group:          compat ldap
> shadow:         compat ldap

This is for POSIX users. Samba has nothing to do with them, other than to map
Windows users to POSIX uids sometimes.
Normally, Samba servers communicate with each other directly, without falling
down to POSIX layer.

> Do I need to install RFC2307 extensions per
> https://wiki.samba.org/index.php/Using_RFC2307_on_a_Samba_DC#Administer_Unix_Attributes_in_Active_Directory

You have to tell a little more about your setup, to begin with.

> and then add something like the following to my smb.conf file?

> idmap config DOMAIN:backend = ad
> winbind nss info = sfu

> Any advice is appreciated!

No advice before I know, what you actually have on hand.
I'm not breaking other people's systems for fun.

With best regards,
Andrey Repin
Saturday, April 18, 2015 02:47:31

Sorry for my terrible english...

More information about the samba mailing list