[Samba] NSLCD works, do I need RFC2307 extensions enabled in AD as well?
rowlandpenny at googlemail.com
Sat Apr 18 02:43:41 MDT 2015
On 17/04/15 23:48, john wrote:
> Hello all,
> I've just installed Samba 3.6.6 from the Debian Stable repo. I want to use
> this linux box as a smb file server for windows clients.
Is this wheezy ? if so, it might be an idea to use backports, this will
get you 4.1.17 which is still in development, 3.6 is now EOL
> I installed NSLCD to allow users in AD to authenticate against my linux
> server per
Why use nlscd ? why not use winbind, see:
> getent passwd and getent group returns domain users with UID mappings like:
> tempuser at vanguard.mydomain.org:*:16043:16043:temp
Well, that's wrong for a start, you seem to be getting the users
principal name, it should look like:
This is the userPrincipalName attribute for the user above:
userPrincipalName: rowland at example.com
> Those same users can log into the linux box with their domain credentials
> via ssh and create files owned by them
> However I can't figure out how to configure Samba to allow these same users
> to access a samba file share via a windows 7 client. I thought that Samba
> would check /etc/nsswitch.conf like other services and use ldap just like
> ssh would.
No, this is down to whatever you are using for authentication. Can you
post your smb.conf ?
> the relevant part of my nsswitch.conf file looks like:
> passwd: compat ldap
> group: compat ldap
> shadow: compat ldap
> Do I need to install RFC2307 extensions per
> and then add something like the following to my smb.conf file?
> idmap config DOMAIN:backend = ad
> winbind nss info = sfu
> Any advice is appreciated!
More information about the samba