[Samba] cifs share for profiles

Trenta sis trenta.sis at gmail.com
Thu Jul 7 10:34:34 UTC 2016 

Hi tried with:

winbind enum users = Yes
winbind enum groups = Yes


and winbind in nsswitch but same output, no result with getent from
users and groups from samba 4 ad


2016-07-07 11:40 GMT+02:00 Trenta sis <trenta.sis at gmail.com>:

> with  getfacl userprofiles appear that domain admins has no permission,
> and I have configured as appear in wiki profiles, but only step that I
> can't configure is chgrp doamin admins
>
> # getfacl /local/var/profilesad/usertest/
> getfacl: Removing leading '/' from absolute path names
> # file: local/var/profilesad/usertest/
> # owner: 20087
> # group: 513
> user::rwx
> user:20087:rwx
> user:3000001:rwx
> group::---
> group:513:---
> group:3000001:rwx
> mask::rwx
> other::---
> default:user::rwx
> default:user:20087:rwx
> default:user:3000001:rwx
> default:group::---
> default:group:513:---
> default:group:3000001:rwx
> default:mask::rwx
> default:other::---
>
>
> getent passwd and getent group in samba 4 ad dc server no result related
> with users and roup from samba doamin
>
>
> Where is the problem?
>
>
>
> 2016-07-07 11:29 GMT+02:00 Trenta sis <trenta.sis at gmail.com>:
>
>> Hi,
>>
>> Tried to add winbind in nsswtich but same result , getent group "domain
>> admins" without any result
>>
>> smb.conf
>>
>> # Global parameters
>> [global]
>>         bind interfaces only = Yes
>>         interfaces = lo eth0
>>         netbios name = dc
>>         realm = domain.com
>>         server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
>> winbin
>> dd, ntp_signd, kcc, dnsupdate
>>         workgroup = domain
>>         server role = active directory domain controller
>>         idmap_ldb:use rfc2307 = yes
>>         comment =
>>
>> [profilesad]
>>         path = /local/var/profilesad
>>         read only = No
>>
>>
>> I have used shares with windows acl and also posix acl
>>
>>
>> I have configured cifs profiles and we can create but with getfacl I have
>> detected that doamin users has no permission, only thing that we need is
>> add features to domain admins to allow access cifs profiles, with our
>> actual config only owner can....
>>
>>
>> Where is the problem?
>>
>> Thanks
>>
>>
>> 2016-07-07 9:56 GMT+02:00 Trenta sis <trenta.sis at gmail.com>:
>>
>>> Hi,
>>>
>>> I have installed samba 4.4.4 and configured and works perfect, now I
>>> need to configure roaming profiles and reading
>>> https://wiki.samba.org/index.php/Shares_with_Windows_ACLs
>>>
>>> I have detected that I can't configure
>>>
>>> chgrp "Domain Admins" /srv/samba/Demo/
>>>
>>>
>>> I'm creating this share on our dc, but seem that with
>>> # getent group "Domain Admins"
>>>
>>> any samba AD group is recovered
>>>
>>>
>>>
>>> I have found
>>> "If you don't get an output showing the queried name and its ID, there
>>> may be something wrong in your NSS configuration
>>> <https://wiki.samba.org/index.php?title=Name_service_switch_(NSS)&action=edit&redlink=1> or
>>> if you are using Winbindd with RFC2307 (idmap_ad)
>>> <https://wiki.samba.org/index.php/Idmap_config_ad>, you might not have
>>> an ID assigned (see User and group management
>>> <https://wiki.samba.org/index.php/User_and_group_management> for how to
>>> administer Unix Attributes in an AD)"
>>>
>>> but I don't know where is the problem with wbinfo we recover user and
>>> group but with getent not.
>>>
>>> We are making thins test on our samba doamin controller with samba 4.4.4
>>> and debian jessie
>>>
>>>
>>> Where is the problem?
>>>
>>> Thanks
>>>
>>>
>>
>

More information about the samba mailing list