[Samba] Winbind problems
Rowland penny
rpenny at samba.org
Mon Feb 3 19:26:23 UTC 2020
On 03/02/2020 18:03, Marcio Demetrio Bacci via samba wrote:
> Hi,
>
> I have a problem in my Samba 4 file server.
>
> I tried to change a directory's permission, but domain groups are not
> recognized:
>
> chown root:"Domain Admins" /home/Empresa
> chown: invalid group: “root:Domain Admins”
>
>
> When I run "getent passwd" command, only local user are listed.
>
> wbinfo commands (wbinfo -g, wbinfo -u, wbinfo -a <user>) are working
> properly.
Yes, but does 'getent passwd username' produce output ?
And does 'getent group Domain\ Admins' produce output ?
> cat /usr/local/samba/etc/smb.conf
> [global]
> netbios name = FILESERVER
> workgroup = EMPRESA
> security = ADS
> realm = EMPRESA.COM.BR
> encrypt passwords = yes
> username map = /usr/local/samba/etc/user.map
> log file = /var/log/samba/%m.log
> log level = 1
> idmap config * : backend = tdb
> idmap config * : range = 3000-7999
> idmap config EMPRESA:backend = ad
> idmap config EMPRESA:schema_mode = rfc2307
> idmap config EMPRESA:range = 10000-999999
> idmap config EMPRESA:unix_nss_info = yes
> idmap config EMPRESA:unix_primary_group = yes
Have you given your users a gidNumber attribute containing a number
inside '10000-999999'
Have you given the groups that you want to be the users primary groups a
gidnumber attribute containing a number inside '10000-999999' and then
given your users a gidNumber attribute containing the gidNumber of a
relevant group.
Have you given 'Domain Users' a gidNumber attribute containing a number
inside '10000-999999'
> winbind nss info = rfc2307
This is not used any more
> winbind refresh tickets = Yes
> winbind separator = +
> winbind use default domain = yes
> vfs objects = acl_xattr
> map acl inherit = Yes
> store dos attributes = Yes
> template shell = /bin/bash
> template homedir = /home/%U
> dedicated keytab file = /etc/krb5.keytab
> kerberos method = secrets and keytab
> load printers = no
> printing = bsd
> printcap name = /dev/null
> disable spoolss = yes
>
> [Empresa]
> comment = Compartilhamentos
> path = /home/Empresa
> valid users = +EMPRESA\"Domain Users"
> guest ok = no
> writable = yes
> browsable = yes
> create mask = 0777
> directory mask = 0777
You should set the share permissions following one of these pages:
https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs
https://wiki.samba.org/index.php/Setting_up_a_Share_Using_POSIX_ACLs
Rowland
More information about the samba
mailing list