[Samba] cifs share for profiles
Trenta sis
trenta.sis at gmail.com
Thu Jul 7 10:34:34 UTC 2016
Hi tried with:
winbind enum users = Yes
winbind enum groups = Yes
and winbind in nsswitch but same output, no result with getent from
users and groups from samba 4 ad
2016-07-07 11:40 GMT+02:00 Trenta sis <trenta.sis at gmail.com>:
> with getfacl userprofiles appear that domain admins has no permission,
> and I have configured as appear in wiki profiles, but only step that I
> can't configure is chgrp doamin admins
>
> # getfacl /local/var/profilesad/usertest/
> getfacl: Removing leading '/' from absolute path names
> # file: local/var/profilesad/usertest/
> # owner: 20087
> # group: 513
> user::rwx
> user:20087:rwx
> user:3000001:rwx
> group::---
> group:513:---
> group:3000001:rwx
> mask::rwx
> other::---
> default:user::rwx
> default:user:20087:rwx
> default:user:3000001:rwx
> default:group::---
> default:group:513:---
> default:group:3000001:rwx
> default:mask::rwx
> default:other::---
>
>
> getent passwd and getent group in samba 4 ad dc server no result related
> with users and roup from samba doamin
>
>
> Where is the problem?
>
>
>
> 2016-07-07 11:29 GMT+02:00 Trenta sis <trenta.sis at gmail.com>:
>
>> Hi,
>>
>> Tried to add winbind in nsswtich but same result , getent group "domain
>> admins" without any result
>>
>> smb.conf
>>
>> # Global parameters
>> [global]
>> bind interfaces only = Yes
>> interfaces = lo eth0
>> netbios name = dc
>> realm = domain.com
>> server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
>> winbin
>> dd, ntp_signd, kcc, dnsupdate
>> workgroup = domain
>> server role = active directory domain controller
>> idmap_ldb:use rfc2307 = yes
>> comment =
>>
>> [profilesad]
>> path = /local/var/profilesad
>> read only = No
>>
>>
>> I have used shares with windows acl and also posix acl
>>
>>
>> I have configured cifs profiles and we can create but with getfacl I have
>> detected that doamin users has no permission, only thing that we need is
>> add features to domain admins to allow access cifs profiles, with our
>> actual config only owner can....
>>
>>
>> Where is the problem?
>>
>> Thanks
>>
>>
>> 2016-07-07 9:56 GMT+02:00 Trenta sis <trenta.sis at gmail.com>:
>>
>>> Hi,
>>>
>>> I have installed samba 4.4.4 and configured and works perfect, now I
>>> need to configure roaming profiles and reading
>>> https://wiki.samba.org/index.php/Shares_with_Windows_ACLs
>>>
>>> I have detected that I can't configure
>>>
>>> chgrp "Domain Admins" /srv/samba/Demo/
>>>
>>>
>>> I'm creating this share on our dc, but seem that with
>>> # getent group "Domain Admins"
>>>
>>> any samba AD group is recovered
>>>
>>>
>>>
>>> I have found
>>> "If you don't get an output showing the queried name and its ID, there
>>> may be something wrong in your NSS configuration
>>> <https://wiki.samba.org/index.php?title=Name_service_switch_(NSS)&action=edit&redlink=1> or
>>> if you are using Winbindd with RFC2307 (idmap_ad)
>>> <https://wiki.samba.org/index.php/Idmap_config_ad>, you might not have
>>> an ID assigned (see User and group management
>>> <https://wiki.samba.org/index.php/User_and_group_management> for how to
>>> administer Unix Attributes in an AD)"
>>>
>>> but I don't know where is the problem with wbinfo we recover user and
>>> group but with getent not.
>>>
>>> We are making thins test on our samba doamin controller with samba 4.4.4
>>> and debian jessie
>>>
>>>
>>> Where is the problem?
>>>
>>> Thanks
>>>
>>>
>>
>
More information about the samba
mailing list