[Samba] File Server recognize users and groups AD
Rowland Penny
rpenny at samba.org
Fri Aug 5 12:49:41 UTC 2016
On Fri, 5 Aug 2016 12:26:24 +0000 (UTC)
Ricardo Pardim Claus <ricardo.claus at yahoo.com.br> wrote:
> Dear Rowland;
> I appreciate the contact.
>
> The commands:
> getent group 'DOMAIN\Domain Admins'
> getent group 'Domain Admins'
>
> Return nothing!
When I run the command on the DC I joined to the one I provisioned, I
get this:
root at dc2:~# getent group Domain\ Admins
SAMDOM\domain admins:x:3000008:
>
> When I run only this command: getent group
> It returns only Unix / Linux groups
This also the result I get, you need to add these two lines to smb.conf:
winbind enum users = yes
winbind enum groups = yes
After restarting samba, you should get the AD users or groups,
provided libnss-winbind is set up, see here for more info:
https://wiki.samba.org/index.php/Libnss_winbind_links
https://wiki.samba.org/index.php/Setup_Samba_as_an_AD_Domain_Member#libnss_winbind
>
> Regarding Smb.conf could show me what needs to be changed?
> This smb.conf refers to the secondary DC + file server.
What you need to understand is that when you use a DC as a fileserver,
very few of the lines that you can add to a Unix domain member will
work on a DC. I would return the [global] part of your smb.conf to what
it was just after the join and then add this line 'idmap_ldb:use
rfc2307 = yes'
If you have any questions about libnss-winbind, just ask, but please,
ask onlist.
Rowland
More information about the samba
mailing list