[Samba] Samba 4.1.17-Debian as ADS member
Stefan G. Weichinger
lists at xunil.at
Wed Feb 24 13:05:26 UTC 2016
Am 2016-02-24 um 13:32 schrieb Rowland penny:
> I would add a few extra lines:
>
> dedicated keytab file = /etc/krb5.keytab
> kerberos method = secrets and keytab
> winbind refresh tickets = Yes
> idmap config CUST:schema_mode = rfc2307
>
> The first three should ensure the tickets never expire and the last one
> defines the schema that idmap will use.
I had crashes as the /etc/krb5.keytab does not yet exist and the howto
looked complicated. Will attack that one again, OK.
> Is PAM setup correctly ?
I tried my best. The examples in the docs always look slightly different
from the files in the various distros.
ran pam-auth-update now (as recommended for Debian)
> Do you have libpam-winbind, libpam-krb5 and libnss-winbind installed ?
3x yes
>> 3) in turn I only see UIDs and GIDs in the linux filesystem, no
>> ADS-user/group-names.
>
> This looks like something set up incorrectly in PAM.
hmm
--
status on the production machine:
I get users and groups via wbinfo AND via getent
clients are connected and tell me things work so far
In the shell I still see only numbers for owners of files
# ls -l
[..]
-rwxrwxr--. 1 1026 1009 1037630 Jän 24 2013 20130102.txt
[..]
This is better than people not able to access their files ;)
but still not satisfying
as mentioned in my other reply I think of using "rid" later, ok?
More information about the samba
mailing list