[Samba] Setup of Samba with Solaris 11.3 to provide Unix File Shares to Windows Users
Rowland Penny
rpenny at samba.org
Fri Aug 18 13:00:52 UTC 2017
See inline comments:
On Fri, 18 Aug 2017 14:40:54 +0200
Martin Decker via samba <samba at lists.samba.org> wrote:
> Dear List,
>
> I am trying to set up Samba 3.6.25 (solaris 11.3 packaged) to
> provide unix file shares to windows users.
>
> I can successfully list groups and users with wbinfo -u / wbinfo
> -g, but I do not get any data with "getent group" or "getent passwd".
> In AD, we have set "gidNumber" Attribute for Group "Domain Users" to
> a value in the specified range (100-999999). Also, for my account
> "mdecker", we have set uidNumber in AD to a value in the range.
>
> getent group "MYDOM\\Domain Users"
> ... no output
>
> For reference, this is the smb.conf:
>
> [global]
> workgroup = MYDOM
> realm = MYDOM.ADS
> server string = Samba Server
> security = ADS
> log level = 2
> log file = /var/samba/log/log.%m
> max log size = 50
> unix extensions = No
> client signing = Yes
> local master = No
> domain master = No
> dns proxy = No
> winbind enum users = Yes
> winbind enum groups = Yes
> # So we remove the "MYDOMAIN\" part from MYDOMAIN\userid
> winbind trusted domains only = Yes
The above line doesn't remove the DOMAIN from the username, you need:
winbind use default domain = yes
to do that
> idmap config * :backend = tdb
> idmap config * : range = 1000-1999999
> idmap config MYDOM : backend = ad
> idmap config MYDOM : range = 100-999999
> idmap config MYDOM : schema_mode = rfc2307
Your ranges overlap and you don't really need '1,998,999' IDs for the
'*' range.
Rowland
More information about the samba
mailing list