[Samba] cifs share for profiles

Trenta sis trenta.sis at gmail.com
Thu Jul 7 09:40:11 UTC 2016 

with  getfacl userprofiles appear that domain admins has no permission, and
I have configured as appear in wiki profiles, but only step that I can't
configure is chgrp doamin admins

# getfacl /local/var/profilesad/usertest/
getfacl: Removing leading '/' from absolute path names
# file: local/var/profilesad/usertest/
# owner: 20087
# group: 513
user::rwx
user:20087:rwx
user:3000001:rwx
group::---
group:513:---
group:3000001:rwx
mask::rwx
other::---
default:user::rwx
default:user:20087:rwx
default:user:3000001:rwx
default:group::---
default:group:513:---
default:group:3000001:rwx
default:mask::rwx
default:other::---


getent passwd and getent group in samba 4 ad dc server no result related
with users and roup from samba doamin


Where is the problem?



2016-07-07 11:29 GMT+02:00 Trenta sis <trenta.sis at gmail.com>:

> Hi,
>
> Tried to add winbind in nsswtich but same result , getent group "domain
> admins" without any result
>
> smb.conf
>
> # Global parameters
> [global]
>         bind interfaces only = Yes
>         interfaces = lo eth0
>         netbios name = dc
>         realm = domain.com
>         server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
> winbin
> dd, ntp_signd, kcc, dnsupdate
>         workgroup = domain
>         server role = active directory domain controller
>         idmap_ldb:use rfc2307 = yes
>         comment =
>
> [profilesad]
>         path = /local/var/profilesad
>         read only = No
>
>
> I have used shares with windows acl and also posix acl
>
>
> I have configured cifs profiles and we can create but with getfacl I have
> detected that doamin users has no permission, only thing that we need is
> add features to domain admins to allow access cifs profiles, with our
> actual config only owner can....
>
>
> Where is the problem?
>
> Thanks
>
>
> 2016-07-07 9:56 GMT+02:00 Trenta sis <trenta.sis at gmail.com>:
>
>> Hi,
>>
>> I have installed samba 4.4.4 and configured and works perfect, now I need
>> to configure roaming profiles and reading
>> https://wiki.samba.org/index.php/Shares_with_Windows_ACLs
>>
>> I have detected that I can't configure
>>
>> chgrp "Domain Admins" /srv/samba/Demo/
>>
>>
>> I'm creating this share on our dc, but seem that with
>> # getent group "Domain Admins"
>>
>> any samba AD group is recovered
>>
>>
>>
>> I have found
>> "If you don't get an output showing the queried name and its ID, there
>> may be something wrong in your NSS configuration
>> <https://wiki.samba.org/index.php?title=Name_service_switch_(NSS)&action=edit&redlink=1> or
>> if you are using Winbindd with RFC2307 (idmap_ad)
>> <https://wiki.samba.org/index.php/Idmap_config_ad>, you might not have
>> an ID assigned (see User and group management
>> <https://wiki.samba.org/index.php/User_and_group_management> for how to
>> administer Unix Attributes in an AD)"
>>
>> but I don't know where is the problem with wbinfo we recover user and
>> group but with getent not.
>>
>> We are making thins test on our samba doamin controller with samba 4.4.4
>> and debian jessie
>>
>>
>> Where is the problem?
>>
>> Thanks
>>
>>
>

More information about the samba mailing list