[Samba] Using samba AD in mixed OS environment

Zdravko Zdravkov nirayah at gmail.com
Thu May 3 17:08:20 UTC 2018

Hi Rowland.

As suggested I switched to winbind with rid backend, since I had free time
for tests today. This is what I've done for few min.

smb.conf from the testing pc

        workgroup = XXXX
        security = ads
        realm = XXXX.X.XX

        log file = /var/log/samba/%m.log
        log level = 1

        idmap config * : backend = tdb
        idmap config * : range = 3000-7999

        winbind nss info = rfc2307
        winbind use default domain = yes
#       winbind separator = +

        template shell = /usr/bin/bash
        template homedir = /home/%U

        idmap config XXXX : backend = rid
        idmap config XXXX : range = 10000-999999

        passdb backend = tdbsam

with the current config I successfully join the domain, can list users and
groups with both the wbinfo command and getent passwd/group, but if I want
to *su testdomainuser* it goes to bash-4.2$, no home dir is created which
obviously means that I can't login with domain account.

My AD server config is untouched (yet)


On Wed, May 2, 2018 at 9:34 AM, Zdravko Zdravkov <nirayah at gmail.com> wrote:

> Hi Denis.
> Since we have "tricky" people working on the Linux machines we prefer NFS
> because it's less hassle to mount and requires no credentials. Basically
> because of the users we tend to choose the easiest possible way for them to
> access the needed resources. I guess  pam-script module mounting is
> exactly for this purpose, but I'll to research more since I'm not familiar
> with it.
> Thanks
> On Wed, May 2, 2018 at 9:00 AM, Denis Cardon <dcardon at tranquil.it> wrote:
>> Hi Zdravko,
>> I've got working samba AD server. It is playing nicely with Windows 10 and
>>> also successfully authenticating Linux machines with SSSD.
>>> On the Windows machines I have our EMC storage smb mounted via group
>>> policy. Managing permissions for users and groups there, as you know,
>>> happens with right click, security etc..
>>> As you may have already guessed the troubles come when my Linux machines,
>>> that access the storage via nfs mount, need to work with folders and
>>> files
>>> created from the Windows PCs. Linux doesn't "see" the actual user/group
>>> that owns given folder. It interprets it into numbers, some kind of UID
>>> that comes from the Windows machines.
>> unless you definitly need NFS for some reasons you should go for a
>> mount.cifs for share access. Having two different protocols is bound to
>> have issues with ownership and ACLs. And if you really need POSIX support,
>> you can still have it with Unix Extensions, although it will retrict you to
>> SMB1 support, which is very chatty and not so fast.
>> By the way, you can mount a CIFS share at session startup using
>> pam-script module.
>> Cheers,
>> Denis
>> I'm quite sure that this is common and known issue, but I don't know what
>>> is the right way to deal with it, so any wisdom will be helpful.
>>> Thanks
>>> Z
>> --
>> Denis Cardon
>> Tranquil IT Systems
>> Les Espaces Jules Verne, bâtiment A
>> 12 avenue Jules Verne
>> 44230 Saint SĂ©bastien sur Loire
>> tel : +33 (0)
>> http://www.tranquil.it
>> Samba install wiki for Frenchies : https://dev.tranquil.it
>> WAPT, software deployment made easy : https://wapt.fr

More information about the samba mailing list