[Samba] chgrp "Domain Admins" on folder return invalid group "Domain Admins"

Jules Houantonon juleshoueto at gmail.com
Tue Apr 5 14:26:38 UTC 2016 

Please, strangely

In AD the user demo have /bin/sh as its shell and with getent we have
 /bin/false.

Is it normal  ?





On Tue, Apr 5, 2016 at 3:22 PM, Jules Houantonon <juleshoueto at gmail.com>
wrote:

> Thank you Rowland,
>
> I do not change my existing configuration as far i have already indicate
> winbind value on both passwd and group lines in nsswitch.conf.
>
> But i execute the net cahe flush command and then try getent command by
> providing the user name and it works.
>
> It provide outpout for a demo acount that it is only creat in AD and has
> unix attribute assigned :
> #getent passwd demo
> demo:*:10001:10001:demo demo:/home/DEMO/demo:/bin/false
>
> So now, i should be able to define file or folder right from Linux OS with
> AD users.
>
> I think that we can consider this subject Solved with your permission.
>
> Many thanks again
>
> On Tue, Apr 5, 2016 at 2:52 PM, Rowland penny <rpenny at samba.org> wrote:
>
>> On 05/04/16 14:32, Jules Houantonon wrote:
>>
>>> Thank you Rowland for your mail.
>>>
>>> My aim is to create a fileserver with samba4 and with acl supported.
>>> Users most logon through their windows that are in domain to access their
>>> shares.
>>>
>>> Samba how to and your explanations open my eyes on the interaction
>>> between samba users and group with the Linux OS.
>>>
>>> From ADUC, I assign an Unix Attribute to a user accout, and
>>> automatically it is given 10000 as its UID, getent command still not
>>> display it.
>>>
>>
>> The next one should get 10001
>>
>>
>>> So in my plan, users should only exist in active directory. Does that
>>> mean that getent can still display user or group information that will only
>>> exist in AD ?
>>>
>>>
>> getent will display users known to the underlying OS, this is done by
>> specifying what methods to use in /etc/nsswitch.conf. For users, there is a
>> line that starts 'passwd', this normally contains 'compat ' or 'files' and
>> will mean 'getent passwd auser' will return the users info found in the
>> file /etc/passwd. If you want to user a different method to use to get a
>> users info, you would add it after 'compat ' or 'files' i.e. to use winbind
>> 'passwd compat winbind'. This would mean that when you run 'getent passwd
>> auser' , the user would be found by first searching in /etc/passwd (this is
>> why you cannot have users in /etc/passwd & AD) and then by asking winbind.
>> On a DC, winbind would assign an xidNumber and then store it in idmap.ldb
>> *or* you can give each user a 'uidNumber' and then this will be used
>> instead, only problem is that the old xidNumber will take precedence for a
>> time, but you can short circuit this by running:
>>
>> net cache flush
>>
>>
>> Sorry if i am missing something.
>>>
>>> Thank you
>>>
>>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>
>
>
> --
> Jules HOUANTONON
> *Phone* : (00229) 97578914
> *Email *: juleshoueto at gmail.com
> *Skype* : houantonon
> *linkedin* : www.linkedin.com/in/jhouantonon/en
>



-- 
Jules HOUANTONON
*Phone* : (00229) 97578914
*Email *: juleshoueto at gmail.com
*Skype* : houantonon
*linkedin* : www.linkedin.com/in/jhouantonon/en

More information about the samba mailing list