[Samba] Samba 4 with sssd - primary Windows group membership not honored
Joseph Dickson
jdickson at evolvetsi.com
Wed Mar 23 20:51:15 UTC 2016
>
> Can you check if this file exists:
> /usr/local/samba/lib/security/pam_winbind.so
For historical reasons, I used a prefix of /opt/samba when I compiled:
[root at smbfs1 shares]# ls -al /opt/samba/lib/security/pam_winbind.so
-rwxr-xr-x 1 root root 63837 Mar 17 19:54
/opt/samba/lib/security/pam_winbind.so
relevant config lines in case they are helpful:
[global]
lock directory = /srv/fs_main/var/lock
state directory = /srv/fs_main/var/state
cache directory = /var/lib/samba/cache
private dir = /srv/fs_main/var/priv
vfs objects = acl_xattr
inherit acls = yes
map acl inherit = yes
hide dot files = no
winbind enum users = yes
winbind enum groups = yes
workgroup = EVOLVETSI
server string = smbfs cluster
netbios name = SMBFS
map archive = no
map hidden = no
map read only = no
map system = no
store dos attributes = yes
[test]
path = /srv/fs_main/shares/test
read only = no
and outputs from the test dir:
[root at smbfs1 shares]# ls -ald test
drwxrwx---+ 2 root domain admins at Evolvetsi.local 6 Mar 23 16:48 test
[root at smbfs1 shares]# getfacl test
# file: test
# owner: root
# group: domain\040admins at Evolvetsi.local
user::rwx
group::rwx
other::---
default:user::rwx
default:group::r-x
default:group:domain\040admins at Evolvetsi.local:rwx
default:mask::rwx
default:other::r-x
Thanks!
--
*Joseph Dickson*
Director of IT Systems, Evolve Tele-Services, Inc.
More information about the samba
mailing list