[Samba] Make a share owned by a service account available to members of an AD group
John Yocum
jtyocum at uw.edu
Fri Oct 9 19:36:51 UTC 2015
On 10/09/2015 12:31 PM, Tovey, Mark wrote:
> The only way it seems to work is if I do have both the local and AD user with the same name. But my goal here is to not require that, to have the AD account only.
> I have applied Unix attributes to the users. testuser uidNumber = 30089 and gidNumber = 100. However, when I try to query with wbinfo, I was unable to look that up:
>
> wbinfo -i "DEVELOPMENT\testuser"
> failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND
>
> I get the same result regardless of if the account is in the local passwd file or not.
> I switched to “rid” and now I can successfully query for the testuser account:
>
> wbinfo -i "DEVELOPMENT\testuser"
> testuser:*:36385:30513::/home/testuser:/bin/bash
>
> but the uidNumber and gidNumber do not match what is in AD. And it still will not allow the testuser account to map the share unless the account exists in the local passwd file. It is getting the password from AD, but only if the account exists in the local system too.
> -Mark
>
> ________________________________________________________________
> Mark Tovey - UNIX Engineer | Service Strategy & Design
> UTi | 400 SW Sixth Ave, Suite 1100 | Portland | Oregon | 97204 | USA
> MTovey at go2uti.com | O / C +1 503 953-1389
>
Do you have winbind listed in your nsswitch.conf? If not, you'll need
that so the OS itself will see the AD users.
--
John Yocum, Systems Administrator, DEOHS
More information about the samba
mailing list