[Samba] File server questions
fggs at terra.com.br
Fri Sep 15 11:47:45 UTC 2017
On 14/09/2017 13:28, Rowland Penny via samba wrote:
> On Thu, 14 Sep 2017 13:15:31 -0300
> Flávio Silveira via samba <samba at lists.samba.org> wrote:
>> On 14/09/2017 12:46, Rowland Penny via samba wrote:
>>>>> well possibly, but I will rephrase my question, are:
>>>>> libpam-winbind libpam-krb5 libnss-winbind
>>>>> installed ?
>>>> Yes sir, all three are installed, should I proceed to editing
>>>> nsswitch.conf as described on the tutorial?
>>> Yes, you should now get a result from 'getent passwd ausername'
>> Thanks Rowland, below is the edited /etc/nsswitch.conf:
>> # /etc/nsswitch.conf
>> # Example configuration of GNU Name Service Switch functionality.
>> # If you have the `glibc-doc-reference' and `info' packages
>> installed, try: # `info libc "Name Service Switch"' for information
>> about this file.
>> passwd: compat winbind
>> group: compat winbind
>> shadow: compat
>> gshadow: files
>> hosts: files dns
>> networks: files
>> protocols: db files
>> services: db files
>> ethers: db files
>> rpc: db files
>> netgroup: nis
>> And here is the output of "getent passwd fsilveira":
>> root at dc1:~# getent passwd fsilveira
>> root at dc1:~#
> Looking good so far, I take it you don't want the users logging into
> the DC.
>> About the file serving here:
>> Should I use the "Setting up a share using Windows ACLs" tutorial?
> You must use Windows ACLs on a DC, so yes, you will need to follow that
Ok, just curious, are there any disvantages between using Windows ACLs
instead of POSIX ACLs?
Also, once I create a file server as Domain Member, how easy will be to
migrate from DC?
I am reading this
For the "Granting the SeDiskOperatorPrivilege Privilege" section, it
mentions "Domain Admins" group, do I need to create all groups with below?
groupadd <group name>
So, a small step-by-step would be:
1- Create all groups with: groupadd <group name>, example: groupadd
2- Create local user accounts with: useradd -M -s /sbin/nologin <user name>
3- Add password to local user accounts with: passwd <user name>
4- Add local user accounts to Samba database with: smbpasswd -a <user name>
5- Enable Samba account with: smbpasswd -e <user name>
6- Add user account to a group with: usermod -G <group name> <user name>
7- Follow "Granting the SeDiskOperatorPrivilege Privilege" section from 
8- Follow "Adding a Share" section from 
Does this look correct?
More information about the samba