[Samba] Setup of Samba with Solaris 11.3 to provide Unix File Shares to Windows Users

Martin Decker martin.decker at gmx.net
Fri Aug 18 15:32:34 UTC 2017 

Thank you for your feedback. I have changed the parameters, but still no
success.

winbind use default domain = yes
         idmap config * : range = 1000000-1999999
         idmap config MYDOM : range = 100-999999

Regards,
Martin


2017-08-18 15:00 GMT+02:00 Rowland Penny via samba <samba at lists.samba.org>:

>
> See inline comments:
>
> On Fri, 18 Aug 2017 14:40:54 +0200
> Martin Decker via samba <samba at lists.samba.org> wrote:
>
> >     Dear List,
> >
> >     I am trying to set up Samba 3.6.25 (solaris 11.3 packaged) to
> > provide unix file shares to windows users.
> >
> >     I can successfully list groups and users with wbinfo -u / wbinfo
> > -g, but I do not get any data with "getent group" or "getent passwd".
> > In AD, we have set "gidNumber" Attribute for Group "Domain Users" to
> > a value in the specified range (100-999999). Also, for my account
> > "mdecker", we have set uidNumber in AD to a value in the range.
> >
> >     getent group "MYDOM\\Domain Users"
> >     ... no output
> >
> >     For reference, this is the smb.conf:
> >
> >     [global]
> >         workgroup = MYDOM
> >         realm = MYDOM.ADS
> >         server string = Samba Server
> >         security = ADS
> >         log level = 2
> >         log file = /var/samba/log/log.%m
> >         max log size = 50
> >         unix extensions = No
> >         client signing = Yes
> >         local master = No
> >         domain master = No
> >         dns proxy = No
> >         winbind enum users = Yes
> >         winbind enum groups = Yes
> >         # So we remove the "MYDOMAIN\" part from MYDOMAIN\userid
> >         winbind trusted domains only = Yes
>
> The above line doesn't remove the DOMAIN from the username, you need:
>           winbind use default domain = yes
> to do that
>
> >         idmap config * :backend = tdb
> >         idmap config * : range = 1000-1999999
> >         idmap config MYDOM : backend = ad
> >         idmap config MYDOM : range = 100-999999
> >         idmap config MYDOM : schema_mode = rfc2307
>
> Your ranges overlap and you don't really need '1,998,999' IDs for the
> '*' range.
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba




-- 
--
Martin Decker

More information about the samba mailing list