[Samba] Samba AD domain member with SSSD: ACL not work
Rowland Penny
rpenny at samba.org
Wed Feb 15 11:54:14 UTC 2017
On Wed, 15 Feb 2017 12:35:51 +0100
Dario Lesca via samba <samba at lists.samba.org> wrote:
> Il giorno mer, 15/02/2017 alle 09.45 +0100, Dario Lesca via samba ha
> scritto:
> > Then Yesterday in 5 minutes I installed, configured and activated
> > winbind and now all work fine.
>
> Ok, ACLs now work, but I now it's appeared another problem.
Make your smb.conf look like this:
[global]
realm = SRL.LOCAL
workgroup = SRL
security = ADS
domain master = No
local master = No
preferred master = No
log file = /var/log/samba/log.%m
max log size = 50
load printers = No
printcap name = /dev/null
client signing = if_required
template homedir = /u/samba/home/%U
template shell = /sbin/nologin
winbind use default domain = Yes
idmap config SRL:schema_mode = rfc2307
idmap config SRL:range = 100000-199999
idmap config SRL:backend = rid
idmap config * : range = 10000-99999
idmap config * : backend = tdb
store dos attributes = Yes
cups options = raw
acl allow execute always = Yes
map acl inherit = Yes
hosts allow = 127. 192.168.1.
vfs objects = acl_xattr
Make your /etc/krb5.conf look like this:
[libdefaults]
default_realm = SRL.LOCAL
dns_lookup_realm = false
dns_lookup_kdc = true
Rowland
More information about the samba
mailing list