[Samba] Unix Attributes not working as expected in a member server
Luis Peromarta
lperoma at icloud.com
Thu Apr 27 09:15:06 UTC 2023
Hi there,
I have a working SAMBA environment mainly for Windows Users. 3xDCs, 1 file server, 1 print server as member servers. File sharing / printing works perfectly. AD backend with RFC2307.
I am trying to get AD users to work in the file server (login to the server).
I have populated in ADUC
LoginShell /bin/bash
and
unixHomeDirectory /data/users/otros/luis
However when I try
# getent passwd luis
luis:*:10005:10000:Luis Peromarta:/home/MAD/luis:/bin/false
None of the parameters are read correctly from AD - maybe they are not read at all?.
Relevant portion of the server’s smb.conf:
[global]
security = ADS
workgroup = MAD
realm = MAD.MATER.INT
netbios name = SERVER
server role = member server
log file = /var/log/samba/%m.log
# interfaces = lo enp1s0
# bind interfaces only = yes
# To enable Group Policy application in winbind,
apply group policies = yes
# Default ID mapping configuration for local BUILTIN accounts
idmap config * : backend = tdb
idmap config * : range = 3000-7999
# idmap config for the MAD domain
idmap config MAD:backend = ad
idmap config MAD:schema_mode = rfc2307
idmap config MAD:range = 10000-999999
# winbind config:
winbind nss info = rfc2307
winbind use default domain = yes
# winbind enum users = yes
# winbind enum groups = yes
# renew the kerberos ticket
winbind refresh tickets = Yes
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
username map = /etc/samba/user.map
# To configure shares using extended access control lists (ACL)
vfs objects = acl_xattr
map acl inherit = yes
acl_xattr:ignore system acls = yes
What am I doing wrong ?
Thanks in advance, all the best,
More information about the samba
mailing list