Hi list,
I'm trying to configure an AD Server with SAMBA4 (sernet version) and
want configure a share in the same configuration.
I follow this steps:
1) Domain provisioning (samba-tool)
2) Share section (editing smb.conf)
3) User creation (samba-tool)
After this step I can join the domain without problem.
The problem is when someone tries to get access on share due to
permission problems.
I think the problem is because on local AD server (where there is the
specified share) I can't see domain users with "getent passwd"
(the same
for groups) and I can't give a valid permission on the share path (if I
set 777 on dir all works but this is not what I want).
How I can get on my AD server user listed in localuser using getent passwd?
this is configuration generated from provisioning:
smb.conf:
[global]
workgroup = DC1
realm = DC1.LAN
netbios name = DC1
server role = active directory domain controller
dns forwarder = x.x.x.x
[netlogon]
path = /var/lib/samba/sysvol/dc1.lan/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
Thanks in advance.
On 07/02/16 14:41, Alessandro Baggi wrote:> Hi list, > I'm trying to configure an AD Server with SAMBA4 (sernet version) and > want configure a share in the same configuration. > > I follow this steps: > 1) Domain provisioning (samba-tool) > 2) Share section (editing smb.conf) > 3) User creation (samba-tool) > > After this step I can join the domain without problem. > The problem is when someone tries to get access on share due to > permission problems. > > I think the problem is because on local AD server (where there is the > specified share) I can't see domain users with "getent passwd" (the > same for groups) and I can't give a valid permission on the share path > (if I set 777 on dir all works but this is not what I want). > > How I can get on my AD server user listed in localuser using getent > passwd? > > this is configuration generated from provisioning: > > smb.conf: > > [global] > workgroup = DC1 > realm = DC1.LAN > netbios name = DC1 > server role = active directory domain controller > dns forwarder = x.x.x.x > > [netlogon] > path = /var/lib/samba/sysvol/dc1.lan/scripts > read only = No > > [sysvol] > path = /var/lib/samba/sysvol > read only = No > > Thanks in advance. >Follow the information you will find here: https://wiki.samba.org/index.php/Setup_Samba_as_an_AD_Domain_Member Rowland
>> > > Follow the information you will find here: > https://wiki.samba.org/index.php/Setup_Samba_as_an_AD_Domain_Member > > Rowland >Thank you Rowland for your answer. I've ridden this doc, correct me if I'm wrong, but It explain how to join a domain for workstation/fileserver/other. After configuring and joining the domain, winbind in nsswitch.conf permit to see other user on the new member machine. So if you need to set permission you can. I don't want join a DC from a file-server on separated machine, I want serve share-resource located on the same machine where AD DC is configured. Samba4 can serve as AD DC and file server in the same time? It is possible?