[Samba] winbind problems
Dale Schroeder
dale at BriannasSaladDressing.com
Thu Nov 12 20:31:03 UTC 2015
OK, try this smb.conf, don't add anything else until you have getent
working:
>
> [global]
> workgroup = DOMAIN
> security = ADS
> realm = DOMAIN.COM
> dedicated keytab file = /etc/krb5.keytab
> kerberos method = secrets and keytab
> idmap config * : range = 1000000-2000000
> idmap config * : backend = tdb
> idmap config DOMAIN : range = 1000-2000
> idmap config DOMAIN : backend = rid
> winbind nss info = template
> winbind trusted domains only = no
> winbind use default domain = yes
> winbind enum users = Yes
> winbind enum groups = Yes
> winbind refresh tickets = Yes
> winbind offline logon = Yes
> username map = /etc/samba/users.map
> template homedir = /data/users/%U
> template shell = /bin/bash
> vfs objects = acl_xattr
> map acl inherit = yes
> store dos attributes = yes
>
> The above should work against an AD DC
>
> Your users.map should be:
>
> !root = DOMAIN\Administrator DOMAIN\administrator
>
> Rowland
>
>
Thanks, Rowland. I've gotten it working for the most part. There are
some permissions issues with vfs recycle, but I'll have to work those
out later.
Just to satisfy my curiosity more than anything, I'd like to clarify a
few things.
1. What is the benefit of using 'secrets and keytab'? All of my other
member servers seem to function OK with the default 'secrets only'.
2. What does the syntax of the users.map file that you have presented
mean, or maybe it would be better stated as what does it do? That is
nothing at all like the mapping files I have used for the past 12
years. I have seen this before, but have never seen an explanation of it.
3. Some time back, you mentioned the name of the file in Debian that
listed the default mount options. Would you please state it again? I
can't seem to locate that particular email in the archives.
Thanks again,
Dale
More information about the samba
mailing list