Jules Houantonon
2016-Apr-05 12:46 UTC
[Samba] chgrp "Domain Admins" on folder return invalid group "Domain Admins"
Dear all, thank you for your previous mails. It realy help me. Denis, Following your mail and thanks to the link i configure my /etc/nsswitch.conf file by adding windbind to user and group line and execute winbindd command. As i install samba4 from sernet package, init script are created for starting AD, smbd, nmbd and winbindd. But i read that smbd, nmd and winbindd should be disable to start samba4 in AD mode. There were even a Warning that were generated if windbindd service were kept started. So I do not touch them, as they are disabled. But after making nsswitch.conf changes, I am able to execute chgrp "domain admins" /home/demo succesfully and ls -l /home display the permission with the suitable group. wbinfo -u also return the users created from AD as wbinfo -g also display AD domaine groups. I supposethat things are OK now. But when i try the getent passwd I do not have domain user display. Only local users account appear. I wonder if it is normal. Thank you for helping again and for your time. Regards chgrp On Tue, Apr 5, 2016 at 11:30 AM, Rowland penny <rpenny at samba.org> wrote:> On 05/04/16 11:06, Jules Houantonon wrote: > >> Hi Denis, >> >> Thank you for your mail. >> >> I assigned the GID 10000 to the domain admins group through ADUC, and >> wbinfo --info-group "domain admins" display the correct output. >> > > You need to ensure that 'getent group Domain\ Admins' displays the > required info, on one of my DCs: > > root at dc1:~# getent group Domain\ Admins > SAMDOM\domain admins:x:10001: > > What I think you are missing, are the libnss links, see here for info: > > > https://wiki.samba.org/index.php/Setup_Samba_as_an_AD_Domain_Member#libnss_winbind > > I know the page refers to a domain member, but it is the same basic setup > on a DC. > > You may also want to consider giving 'Domain Users' a gidNumber > > Rowland > > >> But i am still not able to execute succesfuly #chgrp "Domain Admins" >> /home/demo >> >> And when i go to ADUC and try to open the Unix Attribute of domain admins >> group, i have the error "Unable to execute". But ADUC still display the >> contain of the tab with the correct NIS domain and the GID. >> >> Is it normal ? >> >> Thank you for helping. >> >> Regards >> >> >> > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >-- Jules HOUANTONON *Phone* : (00229) 97578914 *Email *: juleshoueto at gmail.com *Skype* : houantonon *linkedin* : www.linkedin.com/in/jhouantonon/en
Rowland penny
2016-Apr-05 13:03 UTC
[Samba] chgrp "Domain Admins" on folder return invalid group "Domain Admins"
On 05/04/16 13:46, Jules Houantonon wrote:> Dear all, > > thank you for your previous mails. It realy help me. > > Denis, Following your mail and thanks to the link i configure my > /etc/nsswitch.conf file by adding windbind to user and group line and > execute winbindd command. > > As i install samba4 from sernet package, init script are created for > starting AD, smbd, nmbd and winbindd. But i read that smbd, nmd and > winbindd should be disable to start samba4 in AD mode. There were even > a Warning that were generated if windbindd service were kept started. > So I do not touch them, as they are disabled.It has been sometime since I used a Sernet package, but I seem to remember that it came with an init script to start the 'samba' deamon and this will start any other required deamons, try looking in /etc/init.d> > But after making nsswitch.conf changes, I am able to execute chgrp > "domain admins" /home/demo succesfully and ls -l /home display the > permission with the suitable group. > > wbinfo -u also return the users created from AD as wbinfo -g also > display AD domaine groups. >All 'wbinfo' shows is that winbindd is running, you need to get 'getent passwd' to show users and 'getent group' to show groups. Any users & groups that getent does not show, are unknown to the underlying Unix OS.> I supposethat things are OK now. > > But when i try the getent passwd > I do not have domain user display. Only local users account appear. >You normally need to give any users that you need to be visible to Unix, a unique uidNumber attribute, but on a DC you should get an xidNumber in the 3000000 range. Do you have users in /etc/passwd that are in AD ? If so, choose where you want the user to exist and delete the other, they cannot be in both databases. Rowland
Jules Houantonon
2016-Apr-05 13:32 UTC
[Samba] chgrp "Domain Admins" on folder return invalid group "Domain Admins"
Thank you Rowland for your mail. My aim is to create a fileserver with samba4 and with acl supported. Users most logon through their windows that are in domain to access their shares. Samba how to and your explanations open my eyes on the interaction between samba users and group with the Linux OS.>From ADUC, I assign an Unix Attribute to a user accout, and automaticallyit is given 10000 as its UID, getent command still not display it. So in my plan, users should only exist in active directory. Does that mean that getent can still display user or group information that will only exist in AD ? Sorry if i am missing something. Thank you On Tue, Apr 5, 2016 at 2:03 PM, Rowland penny <rpenny at samba.org> wrote:> On 05/04/16 13:46, Jules Houantonon wrote: > >> Dear all, >> >> thank you for your previous mails. It realy help me. >> >> Denis, Following your mail and thanks to the link i configure my >> /etc/nsswitch.conf file by adding windbind to user and group line and >> execute winbindd command. >> >> As i install samba4 from sernet package, init script are created for >> starting AD, smbd, nmbd and winbindd. But i read that smbd, nmd and >> winbindd should be disable to start samba4 in AD mode. There were even a >> Warning that were generated if windbindd service were kept started. So I do >> not touch them, as they are disabled. >> > > It has been sometime since I used a Sernet package, but I seem to remember > that it came with an init script to start the 'samba' deamon and this will > start any other required deamons, try looking in /etc/init.d > > >> But after making nsswitch.conf changes, I am able to execute chgrp >> "domain admins" /home/demo succesfully and ls -l /home display the >> permission with the suitable group. >> >> wbinfo -u also return the users created from AD as wbinfo -g also display >> AD domaine groups. >> >> > All 'wbinfo' shows is that winbindd is running, you need to get 'getent > passwd' to show users and 'getent group' to show groups. Any users & groups > that getent does not show, are unknown to the underlying Unix OS. > > I supposethat things are OK now. >> >> But when i try the getent passwd >> I do not have domain user display. Only local users account appear. >> >> > You normally need to give any users that you need to be visible to Unix, a > unique uidNumber attribute, but on a DC you should get an xidNumber in the > 3000000 range. > > Do you have users in /etc/passwd that are in AD ? > If so, choose where you want the user to exist and delete the other, they > cannot be in both databases. > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >-- Jules HOUANTONON *Phone* : (00229) 97578914 *Email *: juleshoueto at gmail.com *Skype* : houantonon *linkedin* : www.linkedin.com/in/jhouantonon/en
Apparently Analagous Threads
- chgrp "Domain Admins" on folder return invalid group "Domain Admins"
- chgrp "Domain Admins" on folder return invalid group "Domain Admins"
- chgrp "Domain Admins" on folder return invalid group "Domain Admins"
- chgrp "Domain Admins" on folder return invalid group "Domain Admins"
- chgrp "Domain Admins" on folder return invalid group "Domain Admins"