[Samba] cifs share for profiles

L.P.H. van Belle belle at bazuin.nl
Thu Jul 7 09:52:20 UTC 2016


What happens if you add : 

winbind enum users = Yes
winbind enum groups = Yes


Greetz, 

Louis


> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Trenta sis
> Verzonden: donderdag 7 juli 2016 11:40
> Aan: samba
> Onderwerp: Re: [Samba] cifs share for profiles
> 
> with  getfacl userprofiles appear that domain admins has no permission,
> and
> I have configured as appear in wiki profiles, but only step that I can't
> configure is chgrp doamin admins
> 
> # getfacl /local/var/profilesad/usertest/
> getfacl: Removing leading '/' from absolute path names
> # file: local/var/profilesad/usertest/
> # owner: 20087
> # group: 513
> user::rwx
> user:20087:rwx
> user:3000001:rwx
> group::---
> group:513:---
> group:3000001:rwx
> mask::rwx
> other::---
> default:user::rwx
> default:user:20087:rwx
> default:user:3000001:rwx
> default:group::---
> default:group:513:---
> default:group:3000001:rwx
> default:mask::rwx
> default:other::---
> 
> 
> getent passwd and getent group in samba 4 ad dc server no result related
> with users and roup from samba doamin
> 
> 
> Where is the problem?
> 
> 
> 
> 2016-07-07 11:29 GMT+02:00 Trenta sis <trenta.sis at gmail.com>:
> 
> > Hi,
> >
> > Tried to add winbind in nsswtich but same result , getent group "domain
> > admins" without any result
> >
> > smb.conf
> >
> > # Global parameters
> > [global]
> >         bind interfaces only = Yes
> >         interfaces = lo eth0
> >         netbios name = dc
> >         realm = domain.com
> >         server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
> drepl,
> > winbin
> > dd, ntp_signd, kcc, dnsupdate
> >         workgroup = domain
> >         server role = active directory domain controller
> >         idmap_ldb:use rfc2307 = yes
> >         comment =
> >
> > [profilesad]
> >         path = /local/var/profilesad
> >         read only = No
> >
> >
> > I have used shares with windows acl and also posix acl
> >
> >
> > I have configured cifs profiles and we can create but with getfacl I
> have
> > detected that doamin users has no permission, only thing that we need is
> > add features to domain admins to allow access cifs profiles, with our
> > actual config only owner can....
> >
> >
> > Where is the problem?
> >
> > Thanks
> >
> >
> > 2016-07-07 9:56 GMT+02:00 Trenta sis <trenta.sis at gmail.com>:
> >
> >> Hi,
> >>
> >> I have installed samba 4.4.4 and configured and works perfect, now I
> need
> >> to configure roaming profiles and reading
> >> https://wiki.samba.org/index.php/Shares_with_Windows_ACLs
> >>
> >> I have detected that I can't configure
> >>
> >> chgrp "Domain Admins" /srv/samba/Demo/
> >>
> >>
> >> I'm creating this share on our dc, but seem that with
> >> # getent group "Domain Admins"
> >>
> >> any samba AD group is recovered
> >>
> >>
> >>
> >> I have found
> >> "If you don't get an output showing the queried name and its ID, there
> >> may be something wrong in your NSS configuration
> >>
> <https://wiki.samba.org/index.php?title=Name_service_switch_(NSS)&action=e
> dit&redlink=1> or
> >> if you are using Winbindd with RFC2307 (idmap_ad)
> >> <https://wiki.samba.org/index.php/Idmap_config_ad>, you might not have
> >> an ID assigned (see User and group management
> >> <https://wiki.samba.org/index.php/User_and_group_management> for how to
> >> administer Unix Attributes in an AD)"
> >>
> >> but I don't know where is the problem with wbinfo we recover user and
> >> group but with getent not.
> >>
> >> We are making thins test on our samba doamin controller with samba
> 4.4.4
> >> and debian jessie
> >>
> >>
> >> Where is the problem?
> >>
> >> Thanks
> >>
> >>
> >
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba





More information about the samba mailing list