[Samba] Setup of Samba with Solaris 11.3 to provide Unix File Shares to Windows Users
Martin Decker
martin.decker at gmx.net
Fri Aug 18 15:32:34 UTC 2017
Thank you for your feedback. I have changed the parameters, but still no
success.
winbind use default domain = yes
idmap config * : range = 1000000-1999999
idmap config MYDOM : range = 100-999999
Regards,
Martin
2017-08-18 15:00 GMT+02:00 Rowland Penny via samba <samba at lists.samba.org>:
>
> See inline comments:
>
> On Fri, 18 Aug 2017 14:40:54 +0200
> Martin Decker via samba <samba at lists.samba.org> wrote:
>
> > Dear List,
> >
> > I am trying to set up Samba 3.6.25 (solaris 11.3 packaged) to
> > provide unix file shares to windows users.
> >
> > I can successfully list groups and users with wbinfo -u / wbinfo
> > -g, but I do not get any data with "getent group" or "getent passwd".
> > In AD, we have set "gidNumber" Attribute for Group "Domain Users" to
> > a value in the specified range (100-999999). Also, for my account
> > "mdecker", we have set uidNumber in AD to a value in the range.
> >
> > getent group "MYDOM\\Domain Users"
> > ... no output
> >
> > For reference, this is the smb.conf:
> >
> > [global]
> > workgroup = MYDOM
> > realm = MYDOM.ADS
> > server string = Samba Server
> > security = ADS
> > log level = 2
> > log file = /var/samba/log/log.%m
> > max log size = 50
> > unix extensions = No
> > client signing = Yes
> > local master = No
> > domain master = No
> > dns proxy = No
> > winbind enum users = Yes
> > winbind enum groups = Yes
> > # So we remove the "MYDOMAIN\" part from MYDOMAIN\userid
> > winbind trusted domains only = Yes
>
> The above line doesn't remove the DOMAIN from the username, you need:
> winbind use default domain = yes
> to do that
>
> > idmap config * :backend = tdb
> > idmap config * : range = 1000-1999999
> > idmap config MYDOM : backend = ad
> > idmap config MYDOM : range = 100-999999
> > idmap config MYDOM : schema_mode = rfc2307
>
> Your ranges overlap and you don't really need '1,998,999' IDs for the
> '*' range.
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
--
--
Martin Decker
More information about the samba
mailing list