[Samba] NSS and group enumeration in CUPS...
L.P.H. van Belle
belle at bazuin.nl
Thu Jun 14 07:11:30 UTC 2018
Yes, the link is what i have setup, but in less steps without sssd.
For the kerberos part, you only need to add the HTTP/UPN.
After a join with winbind you have the host/UPN.
I must say that the CUPS setup is working great.
Only 1 or 2 problems in almost 2 years.
> ...but you have added 'locally' (eg, in /etc/group
> and /etc/shadow) the user 'winadmin', 'otherwinuser' and 'a-linuxuser'?!
Yes, i did add my AD admin user to a local group but only once.
And its only for the lpadmin group.
Everthing else can be done through windows groups.
And yes, you can replace the lpadmin group for a windows group but thats more work imo.
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Rowland Penny via samba
> Verzonden: woensdag 13 juni 2018 17:53
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] NSS and group enumeration in CUPS...
> On Wed, 13 Jun 2018 17:40:35 +0200
> Marco Gaiarin via samba <samba at lists.samba.org> wrote:
> > Mandi! Rowland Penny via samba
> > In chel di` si favelave...
> > > > ...but you have added 'locally' (eg, in /etc/group
> > > > and /etc/shadow) the user 'winadmin', 'otherwinuser' and
> > > > 'a-linuxuser'?!
> > Ahem i meant '/etc/group' and '/etc/gshadow', sorry.
> > > It surprises me that nobody has mentioned 'kerberos' yet.
> > ?! Kerberos can also handle membership information?
> No, but AD can, try reading this:
> mentally replace all mentions of LDAP with AD ;-)
> Never tried it, but it should work.
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba