[Samba] Samba 4.1.17-Debian as ADS member

Stefan G. Weichinger lists at xunil.at
Wed Feb 24 13:05:26 UTC 2016

Am 2016-02-24 um 13:32 schrieb Rowland penny:
> I would add a few extra lines:
>    dedicated keytab file = /etc/krb5.keytab
>    kerberos method = secrets and keytab
>    winbind refresh tickets = Yes
>    idmap config CUST:schema_mode = rfc2307
> The first three should ensure the tickets never expire and the last one
> defines the schema that idmap will use.

I had crashes as the /etc/krb5.keytab does not yet exist and the howto
looked complicated. Will attack that one again, OK.

> Is PAM setup correctly ?

I tried my best. The examples in the docs always look slightly different
from the files in the various distros.

ran pam-auth-update now (as recommended for Debian)

> Do you have libpam-winbind, libpam-krb5 and libnss-winbind installed ?

3x yes

>> 3) in turn I only see UIDs and GIDs in the linux filesystem, no
>> ADS-user/group-names.
> This looks like something set up incorrectly in PAM.



status on the production machine:

I get users and groups via wbinfo AND via getent

clients are connected and tell me things work so far

In the shell I still see only numbers for owners of files

# ls -l

-rwxrwxr--.  1  1026 1009  1037630 Jän 24  2013 20130102.txt

This is better than people not able to access their files ;)
but still not satisfying

as mentioned in my other reply I think of using "rid" later, ok?

More information about the samba mailing list