[Samba] cifs share for profiles
Achim Gottinger
achim at ag-web.biz
Thu Jul 7 12:18:01 UTC 2016
Am 07.07.2016 um 12:47 schrieb Trenta sis:
> Hi,
>
> compiled from sources with
> # ./configure
> # make
> # sudo make install
This means you must copy libnss-winbind.
https://wiki.samba.org/index.php/Libnss_winbind_links
>
>
>
> 2016-07-07 12:34 GMT+02:00 Trenta sis <trenta.sis at gmail.com>:
>
>> Hi tried with:
>>
>> winbind enum users = Yes
>> winbind enum groups = Yes
>>
>>
>> and winbind in nsswitch but same output, no result with getent from users and groups from samba 4 ad
>>
>>
>> 2016-07-07 11:40 GMT+02:00 Trenta sis <trenta.sis at gmail.com>:
>>
>>> with getfacl userprofiles appear that domain admins has no permission,
>>> and I have configured as appear in wiki profiles, but only step that I
>>> can't configure is chgrp doamin admins
>>>
>>> # getfacl /local/var/profilesad/usertest/
>>> getfacl: Removing leading '/' from absolute path names
>>> # file: local/var/profilesad/usertest/
>>> # owner: 20087
>>> # group: 513
>>> user::rwx
>>> user:20087:rwx
>>> user:3000001:rwx
>>> group::---
>>> group:513:---
>>> group:3000001:rwx
>>> mask::rwx
>>> other::---
>>> default:user::rwx
>>> default:user:20087:rwx
>>> default:user:3000001:rwx
>>> default:group::---
>>> default:group:513:---
>>> default:group:3000001:rwx
>>> default:mask::rwx
>>> default:other::---
>>>
>>>
>>> getent passwd and getent group in samba 4 ad dc server no result related
>>> with users and roup from samba doamin
>>>
>>>
>>> Where is the problem?
>>>
>>>
>>>
>>> 2016-07-07 11:29 GMT+02:00 Trenta sis <trenta.sis at gmail.com>:
>>>
>>>> Hi,
>>>>
>>>> Tried to add winbind in nsswtich but same result , getent group "domain
>>>> admins" without any result
>>>>
>>>> smb.conf
>>>>
>>>> # Global parameters
>>>> [global]
>>>> bind interfaces only = Yes
>>>> interfaces = lo eth0
>>>> netbios name = dc
>>>> realm = domain.com
>>>> server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
>>>> drepl, winbin
>>>> dd, ntp_signd, kcc, dnsupdate
>>>> workgroup = domain
>>>> server role = active directory domain controller
>>>> idmap_ldb:use rfc2307 = yes
>>>> comment =
>>>>
>>>> [profilesad]
>>>> path = /local/var/profilesad
>>>> read only = No
>>>>
>>>>
>>>> I have used shares with windows acl and also posix acl
>>>>
>>>>
>>>> I have configured cifs profiles and we can create but with getfacl I
>>>> have detected that doamin users has no permission, only thing that we need
>>>> is add features to domain admins to allow access cifs profiles, with our
>>>> actual config only owner can....
>>>>
>>>>
>>>> Where is the problem?
>>>>
>>>> Thanks
>>>>
>>>>
>>>> 2016-07-07 9:56 GMT+02:00 Trenta sis <trenta.sis at gmail.com>:
>>>>
>>>>> Hi,
>>>>>
>>>>> I have installed samba 4.4.4 and configured and works perfect, now I
>>>>> need to configure roaming profiles and reading
>>>>> https://wiki.samba.org/index.php/Shares_with_Windows_ACLs
>>>>>
>>>>> I have detected that I can't configure
>>>>>
>>>>> chgrp "Domain Admins" /srv/samba/Demo/
>>>>>
>>>>>
>>>>> I'm creating this share on our dc, but seem that with
>>>>> # getent group "Domain Admins"
>>>>>
>>>>> any samba AD group is recovered
>>>>>
>>>>>
>>>>>
>>>>> I have found
>>>>> "If you don't get an output showing the queried name and its ID, there
>>>>> may be something wrong in your NSS configuration
>>>>> <https://wiki.samba.org/index.php?title=Name_service_switch_(NSS)&action=edit&redlink=1> or
>>>>> if you are using Winbindd with RFC2307 (idmap_ad)
>>>>> <https://wiki.samba.org/index.php/Idmap_config_ad>, you might not have
>>>>> an ID assigned (see User and group management
>>>>> <https://wiki.samba.org/index.php/User_and_group_management> for how
>>>>> to administer Unix Attributes in an AD)"
>>>>>
>>>>> but I don't know where is the problem with wbinfo we recover user and
>>>>> group but with getent not.
>>>>>
>>>>> We are making thins test on our samba doamin controller with samba
>>>>> 4.4.4 and debian jessie
>>>>>
>>>>>
>>>>> Where is the problem?
>>>>>
>>>>> Thanks
>>>>>
>>>>>
More information about the samba
mailing list