[Samba] AIX issue
Rowland Penny
rpenny at samba.org
Tue Jan 15 17:41:27 UTC 2019
On Tue, 15 Jan 2019 17:09:00 +0000
Howard Coles <hcoles at dollargeneral.com> wrote:
> Here is the smb.conf made generic to pass on. The share I’m
> concerned with at the moment is the "appprt" share, it's simple
> enough but it's not recognizing that primary local group.:
>
> # Samba config file created using SWAT
> # Date: 2007/09/26 11:03:44
>
> [global]
> workgroup = OURDOMAIN
> realm = realm.net
> netbios name = SERVERNAME
> server string = SERVERNAME Samba Server
> security = ADS
> encrypt passwords = Yes
> syslog = 0
> max log size = 1000
> local master = No
> wins server = 192.168.0.6
> read only = No
> short preserve case = No
> dos filetime resolution = Yes
> kerberos method = secrets and keytab
> winbind refresh tickets = yes
> winbind use default domain = yes
> passdb backend = tdbsam
> protocol = SMB2
There appears to be a large block missing i.e. the authentication block
There should be something like this:
idmap config * : backend = tdb
idmap config * : range = 3000-7999
idmap config OURDOMAIN : backend = rid
idmap config OURDOMAIN : range = 10000-999999
But that wouldn't work for what you asking about, the only way to set
the users Unix primary group is to add uidNumber & gidNumber attributes
to AD, use Samba >= 4.6.0 and this:
idmap config * : backend = tdb
idmap config * : range = 3000-7999
idmap config OURDOMAIN : backend = ad
idmap config OURDOMAIN : schema_mode = rfc2307
idmap config OURDOMAIN : range = 10000-999999
idmap config OURDOMAIN : unix_nss_info = yes
idmap config OURDOMAIN : unix_primary_group = yes
>
> [appprt]
> path = /u/appdir/app/print/%u
> read only = Yes
> guest ok = Yes
You cannot use 'guest ok = yes' in AD, all the users are
authenticated.
What is the AD DC ?
Rowland
More information about the samba
mailing list