[Samba] cifs share for profiles

Trenta sis trenta.sis at gmail.com
Thu Jul 7 10:47:20 UTC 2016


Hi,

compiled from sources with
# ./configure
# make
# sudo make install



2016-07-07 12:34 GMT+02:00 Trenta sis <trenta.sis at gmail.com>:

> Hi tried with:
>
> winbind enum users = Yes
> winbind enum groups = Yes
>
>
> and winbind in nsswitch but same output, no result with getent from users and groups from samba 4 ad
>
>
> 2016-07-07 11:40 GMT+02:00 Trenta sis <trenta.sis at gmail.com>:
>
>> with  getfacl userprofiles appear that domain admins has no permission,
>> and I have configured as appear in wiki profiles, but only step that I
>> can't configure is chgrp doamin admins
>>
>> # getfacl /local/var/profilesad/usertest/
>> getfacl: Removing leading '/' from absolute path names
>> # file: local/var/profilesad/usertest/
>> # owner: 20087
>> # group: 513
>> user::rwx
>> user:20087:rwx
>> user:3000001:rwx
>> group::---
>> group:513:---
>> group:3000001:rwx
>> mask::rwx
>> other::---
>> default:user::rwx
>> default:user:20087:rwx
>> default:user:3000001:rwx
>> default:group::---
>> default:group:513:---
>> default:group:3000001:rwx
>> default:mask::rwx
>> default:other::---
>>
>>
>> getent passwd and getent group in samba 4 ad dc server no result related
>> with users and roup from samba doamin
>>
>>
>> Where is the problem?
>>
>>
>>
>> 2016-07-07 11:29 GMT+02:00 Trenta sis <trenta.sis at gmail.com>:
>>
>>> Hi,
>>>
>>> Tried to add winbind in nsswtich but same result , getent group "domain
>>> admins" without any result
>>>
>>> smb.conf
>>>
>>> # Global parameters
>>> [global]
>>>         bind interfaces only = Yes
>>>         interfaces = lo eth0
>>>         netbios name = dc
>>>         realm = domain.com
>>>         server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
>>> drepl, winbin
>>> dd, ntp_signd, kcc, dnsupdate
>>>         workgroup = domain
>>>         server role = active directory domain controller
>>>         idmap_ldb:use rfc2307 = yes
>>>         comment =
>>>
>>> [profilesad]
>>>         path = /local/var/profilesad
>>>         read only = No
>>>
>>>
>>> I have used shares with windows acl and also posix acl
>>>
>>>
>>> I have configured cifs profiles and we can create but with getfacl I
>>> have detected that doamin users has no permission, only thing that we need
>>> is add features to domain admins to allow access cifs profiles, with our
>>> actual config only owner can....
>>>
>>>
>>> Where is the problem?
>>>
>>> Thanks
>>>
>>>
>>> 2016-07-07 9:56 GMT+02:00 Trenta sis <trenta.sis at gmail.com>:
>>>
>>>> Hi,
>>>>
>>>> I have installed samba 4.4.4 and configured and works perfect, now I
>>>> need to configure roaming profiles and reading
>>>> https://wiki.samba.org/index.php/Shares_with_Windows_ACLs
>>>>
>>>> I have detected that I can't configure
>>>>
>>>> chgrp "Domain Admins" /srv/samba/Demo/
>>>>
>>>>
>>>> I'm creating this share on our dc, but seem that with
>>>> # getent group "Domain Admins"
>>>>
>>>> any samba AD group is recovered
>>>>
>>>>
>>>>
>>>> I have found
>>>> "If you don't get an output showing the queried name and its ID, there
>>>> may be something wrong in your NSS configuration
>>>> <https://wiki.samba.org/index.php?title=Name_service_switch_(NSS)&action=edit&redlink=1> or
>>>> if you are using Winbindd with RFC2307 (idmap_ad)
>>>> <https://wiki.samba.org/index.php/Idmap_config_ad>, you might not have
>>>> an ID assigned (see User and group management
>>>> <https://wiki.samba.org/index.php/User_and_group_management> for how
>>>> to administer Unix Attributes in an AD)"
>>>>
>>>> but I don't know where is the problem with wbinfo we recover user and
>>>> group but with getent not.
>>>>
>>>> We are making thins test on our samba doamin controller with samba
>>>> 4.4.4 and debian jessie
>>>>
>>>>
>>>> Where is the problem?
>>>>
>>>> Thanks
>>>>
>>>>
>>>
>>
>


More information about the samba mailing list