[Samba] File Server member DC ACL permissions

Rowland Penny rpenny at samba.org
Thu Aug 11 20:14:55 UTC 2016


On Thu, 11 Aug 2016 19:51:07 +0000 (UTC)
Ricardo Pardim Claus via samba <samba at lists.samba.org> wrote:

> 
> 
>  
> Follow the answers:
> 
> 
> > Yes wbinfo shows the user but does 'getent passwd iuser' show
> > anything ?
> 
> # wbinfo -i iuser 
> iuser:*:4294967295:4294967295:iuser:/home/DOMAIN/iuser:/bin/false 
> 
> 
> 
> # getent passwd iuser 
> iuser:*:4294967295:4294967295:iuser:/home/DOMAIN/iuser:/bin/false 
> 
> 
> # id iuser 
> id: iuser: no such user

Hmm, the numbers seem extremely large, did you set this number in the
users 'uidnumber' attribute in AD ?
  
> 
> 
> smb.conf file server:
> 
> # Global parameters 
> [global] 
> netbios name = SRV16 
> server string = Samba4 Server 
> security = ADS 
> encrypt passwords = yes 
> realm = domain.local 
> workgroup = DOMAIN 
> log file = /var/log/samba/%m.log 
> log level = 1 
> # 
> winbind enum users = yes 
> winbind enum groups = yes 
> winbind use default domain = Yes 
> winbind nss info = RFC2307 
> #idmap_ldb: Use 
> vfs objects = acl_xattr 
> map acl inherit = Yes 
> store dos attributes = Yes 
> # Idmap config for domain DOMAIN 
> idmap config DOMAIN: backend = ad 
> idmap config DOMAIN: schema_mode = RFC2307 
> idmap config DOMAIN: range = 10000-99999 
> idmap config * : backend = tdb 
> idmap config * : range = 2000-9999 
> 
> [data] 
> comment = Folder data 
> path = /mnt/dados 
> read only = No 
> browseable = yes 
> inherit acls = Yes 
> inherit permissions = Yes 
> guest account = guest 
> guest ok=yes 
> writeable = Yes
> 
> 
> Another issue that I'm doubt, is with respect to services related to
> Samba. The services that need to be running: smbd, nmbd and winbindd?
> I need to run the Samba 4 script, as explained in this link?
> 
> https://wiki.samba.org/index.php/Samba4/InitScript
> 

If you run Samba as a DC, you only need to start the 'samba' binary,
this will start the other binaries.
if you run Samba as domain joined fileserver, you will need to start
the 'smbd' and 'winbindd' binaries, if you want network browsing, you
will also need to start the 'nmbd' binary  

Rowland



More information about the samba mailing list