[Samba] id shows only primary group on domain member server
Rowland penny
rpenny at samba.org
Wed Jun 15 15:31:51 UTC 2016
On 15/06/16 14:00, Daniel Thielking wrote:
> cat /usr/local/samba/etc/smb.conf:
>
> # Eintraege fuer das ActiveDirectory Samba4 workgroup = SAMDOM
> realm =SAMDOM.LOCAL security = ADS # Alle Template
> Einstellungen kommen direkt aus der AD # Die Shell ist nur aus
> Sicherheitsgruenden hier eingetragen template shell = /bin/false
> kerberos method = secrets and keytab dedicated keytab file =
> /etc/krb5.keytab # Auswaehlen der Domain ist hier nicht noetig,
> da default domain die Workgroup nimmt # Offline Logon ist aus.
> Einschalten macht nur bei Mobilengeraeten sinn winbind use
> default domain = true winbind offline logon = false
> #--authconfig--end-line-- server string = Samba %v on %h
> local master = No # --------------------------- Logging Options
> ----------------------------- # # Log File let you specify
> where to put logs and how to split them up. # # Max Log Size
> let you specify the max size log files should reach # logs
> split per machine log file = /usr/local/samba/var/log.%m
> # max 500KB per log file, then rotate max log size
> = 500 log level = 1 # Use settings from AD for login
> shell and home directory winbind nss info = rfc2307
> winbind refresh tickets = yes winbind cache time = 300
> winbind trusted domains only = no winbind enum
> users = yes winbind enum groups = yes winbind expand
> groups = 4 # Important: The ranges of the default (*) idmap
> config # and the domain(s) must not overlap! #
> Default idmap config used for BUILTIN and local accounts/groups
> idmap config *:backend = tdb idmap config *:range =
> 1000000-1100000 # idmap config for domain SAMDOM idmap
> config IAS:backend = ad idmap config IAS:schema_mode =
> rfc2307 idmap config IAS:range = 500-999999 #
> Caching auf 5 Minuten fuer Gids/Uids einrichten idmap cache
> time = 300 idmap negative cache time = 1 #
> --------------------------- Printer Options
> ----------------------------- load printers = no #
> --------------------------- Filesystem Options
> --------------------------- unix charset = UTF8 dos
> charset = 850 # Fuer Dateien # u-x g-x o-rwx create mask
> = 0660 # ug+rw (SVN) force create mode = 0660 # Fuer
> Verzeichnisse directory mask = 0770 force directory mode
> = 0770 # Mappings der Speziellen Dateien unter Windows map
> archive = no map hidden = no map read only =
> Permissions map system = no # Verhalten von Samba
> gegenueber von Speziellen Dateien wide links = no blocking
> locks = no delete veto files = yes hide
> files = /.*/desktop.ini/.DS_Store/ hide special files = yes
> delete readonly = yes vfs objects = acl_xattr map
> acl inherit = yes store dos attributes = yes #
> --------------------------- Share Definitions
> ---------------------------
>
>
> On 15/06/16 14:49, Rowland penny wrote:
>> On 15/06/16 13:33, Daniel Thielking wrote:
>>> Hi,
>>>
>>> know I have another problem. I compiled samba 4.4.4 on a Centos 7.2
>>> Server no special options for ./configure.
>>> Afterwards I followed the article from mentioned below wiki article
>>> below, to join Centos 7.2 as an member server to our existing AD.
>>>
>>> WIKI Article:
>>> https://wiki.samba.org/index.php/Setup_Samba_as_an_AD_Domain_Member
>>>
>>> Now, if i type id USERNAME I only get the users UID, GID and only
>>> the GID as the supplementary Group no more groups are showing up.
>>> What have I missed?
>>>
>>> Thanks Guys
>>> Daniel
>>>
>>
>> Can you please post your smb.conf from the domain member.
>>
>> Rowland
>>
>>
>
Hmm, about the only thing I can see wrong with your smb.conf is this:
You have:
# Use settings from AD for login shell and home directory
winbind nss info = rfc2307
but, you also have:
template shell = /bin/false
This will overwrite what ever is in AD.
Which sort of asks the question, what RFC2307 attributes have you given
your users and have you given your groups a gidNumber attribute ?
Rowland
More information about the samba
mailing list