[Samba] Unix Attributes not working as expected in a member server

Luis Peromarta lperoma at icloud.com
Thu Apr 27 09:15:06 UTC 2023

Hi there,

I have a working SAMBA environment mainly for Windows Users. 3xDCs, 1 file server, 1 print server as member servers. File sharing / printing works perfectly. AD backend with RFC2307.

I am trying to get AD users to work in the file server (login to the server).

I have populated in ADUC

LoginShell /bin/bash


unixHomeDirectory /data/users/otros/luis

However when I try

# getent passwd luis
luis:*:10005:10000:Luis Peromarta:/home/MAD/luis:/bin/false

None of the parameters are read correctly from AD - maybe they are not read at all?.

Relevant portion of the server’s smb.conf:

	security = ADS
	workgroup = MAD
	realm = MAD.MATER.INT
	netbios name = SERVER
	server role = member server
	log file = /var/log/samba/%m.log
#	interfaces = lo enp1s0
#	bind interfaces only = yes

# To enable Group Policy application in winbind,
	apply group policies = yes

# Default ID mapping configuration for local BUILTIN accounts

	idmap config * : backend = tdb
	idmap config * : range = 3000-7999

# idmap config for the MAD domain

	idmap config MAD:backend = ad
	idmap config MAD:schema_mode = rfc2307
	idmap config MAD:range = 10000-999999

# winbind config:

	winbind nss info = rfc2307
	winbind use default domain = yes
#	winbind enum users = yes
#	winbind enum groups = yes

# renew the kerberos ticket

	winbind refresh tickets = Yes
	dedicated keytab file = /etc/krb5.keytab
	kerberos method = secrets and keytab
	username map = /etc/samba/user.map

# To configure shares using extended access control lists (ACL)
	vfs objects = acl_xattr
	map acl inherit = yes
	acl_xattr:ignore system acls = yes

What am I doing wrong ?

Thanks in advance, all the best,

More information about the samba mailing list