[Samba] Samba 4 with sssd - primary Windows group membership not honored
Rowland penny
rpenny at samba.org
Wed Mar 23 21:04:54 UTC 2016
On 23/03/16 20:51, Joseph Dickson wrote:
>> Can you check if this file exists:
>> /usr/local/samba/lib/security/pam_winbind.so
>
> For historical reasons, I used a prefix of /opt/samba when I compiled:
>
> [root at smbfs1 shares]# ls -al /opt/samba/lib/security/pam_winbind.so
> -rwxr-xr-x 1 root root 63837 Mar 17 19:54
> /opt/samba/lib/security/pam_winbind.so
You need to have a symbolic link in /usr/lib64 (/usr/lib on i386)
ln -s /opt/samba/lib/security/pam_winbind.so
/usr/lib64/security/pam_winbind.so
>
> relevant config lines in case they are helpful:
> [global]
> lock directory = /srv/fs_main/var/lock
> state directory = /srv/fs_main/var/state
> cache directory = /var/lib/samba/cache
> private dir = /srv/fs_main/var/priv
> vfs objects = acl_xattr
> inherit acls = yes
> map acl inherit = yes
> hide dot files = no
> winbind enum users = yes
> winbind enum groups = yes
>
> workgroup = EVOLVETSI
> server string = smbfs cluster
> netbios name = SMBFS
>
> map archive = no
> map hidden = no
> map read only = no
> map system = no
> store dos attributes = yes
>
> [test]
> path = /srv/fs_main/shares/test
> read only = no
>
See here for idmap set up (required for winbind) :
https://wiki.samba.org/index.php/Setup_Samba_as_an_AD_Domain_Member
Rowland
> and outputs from the test dir:
>
> [root at smbfs1 shares]# ls -ald test
> drwxrwx---+ 2 root domain admins at Evolvetsi.local 6 Mar 23 16:48 test
>
> [root at smbfs1 shares]# getfacl test
> # file: test
> # owner: root
> # group: domain\040admins at Evolvetsi.local
> user::rwx
> group::rwx
> other::---
> default:user::rwx
> default:group::r-x
> default:group:domain\040admins at Evolvetsi.local:rwx
> default:mask::rwx
> default:other::r-x
>
> Thanks!
>
> --
> *Joseph Dickson*
> Director of IT Systems, Evolve Tele-Services, Inc.
More information about the samba
mailing list