[Samba] Setup of Samba with Solaris 11.3 to provide Unix File Shares to Windows Users
Martin Decker
martin.decker at gmx.net
Fri Aug 18 12:40:54 UTC 2017
Dear List,
I am trying to set up Samba 3.6.25 (solaris 11.3 packaged) to provide
unix file shares to windows users.
I can successfully list groups and users with wbinfo -u / wbinfo -g,
but I do not get any data with "getent group" or "getent passwd". In AD, we
have set "gidNumber" Attribute for Group "Domain Users" to a value in the
specified range (100-999999). Also, for my account "mdecker", we have set
uidNumber in AD to a value in the range.
e.g.:
wbinfo -u | grep mdecker
mdecker
wbinfo -g |grep -i "dom"
domänencomputer
domänen-benutzer
..
For getent commands, when I enable debug level for winbindd, I can see:
getent passwd "MYDOM\\mdecker"
... no output
Winbind Trace:
accepted socket 23
process_request: request fn INTERFACE_VERSION
[ 1414]: request interface version
winbind_client_response_written[1414:INTERFACE_VERSION]: delivered
response to client
process_request: request fn WINBINDD_PRIV_PIPE_DIR
[ 1414]: request location of privileged pipe
winbind_client_response_written[1414:WINBINDD_PRIV_PIPE_DIR]: delivered
response to client
accepted socket 24
closing socket 23, client exited
process_request: Handling async request 1414:GETPWNAM
getpwnam mdecker
winbindd_getpwnam: My domain -- rejecting getpwnam() for MYDOM\mdecker.
Could not convert sid S-0-0: NT_STATUS_NO_SUCH_USER
wb_request_done[1414:GETPWNAM]: NT_STATUS_NO_SUCH_USER
winbind_client_response_written[1414:GETPWNAM]: delivered response to
client
closing socket 24, client exited
getent group "MYDOM\\Domain Users"
... no output
Winbind Trace:
process_request: Handling async request 3067:GETGRNAM
getgrnam MARABU\Domain Users
wbint_LookupName: struct wbint_LookupName
in: struct wbint_LookupName
domain : *
domain : 'MYDOM'
name : *
name : 'DOMAIN USERS'
flags : 0x00000000 (0)
wbint_LookupName: struct wbint_LookupName
out: struct wbint_LookupName
type : *
type : SID_NAME_USE_NONE (0)
sid : *
sid : S-0-0
result : NT_STATUS_NONE_MAPPED
Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
wb_request_done[3067:GETGRNAM]: NT_STATUS_NONE_MAPPED
winbind_client_response_written[3067:GETGRNAM]: delivered response to
client
Any hints are greatly appreciated.
Best regards,
Martin
For reference, this is the smb.conf:
[global]
workgroup = MYDOM
realm = MYDOM.ADS
server string = Samba Server
security = ADS
log level = 2
log file = /var/samba/log/log.%m
max log size = 50
unix extensions = No
client signing = Yes
local master = No
domain master = No
dns proxy = No
winbind enum users = Yes
winbind enum groups = Yes
# So we remove the "MYDOMAIN\" part from MYDOMAIN\userid
winbind trusted domains only = Yes
idmap config * :backend = tdb
idmap config * : range = 1000-1999999
idmap config MYDOM : backend = ad
idmap config MYDOM : range = 100-999999
idmap config MYDOM : schema_mode = rfc2307
winbind nss info = rfc2307
inherit permissions = Yes
map acl inherit = Yes
# We do not run NETBIOS
disable netbios = Yes
# Printers
load printers = no
# Set up our ZFS shares so that ACL work correctly from Windows
[homes]
comment = Home Directories
read only = No
inherit acls = Yes
map archive = No
map readonly = no
vfs objects = zfsacl
zfsacl: acesort = dontcare
nfs4:chown = yes
nfs4:acedup = merge
nfs4:mode = special
[SHARE1]
comment = Verzeichnis fuer Rezepturen
read only = No
path = /share1
available = yes
browsable = yes
guest ok = yes
writable = yes
--
--
Martin Decker
More information about the samba
mailing list