Set "winbind use default domain = yes" in smb.conf if you want to
change
ownership of files to ad users using their actual name. If you don't set
it, you should change the ownership using "domain+username" as the
username which linux doesn't like much.
If you want getent passwd/group to work please make sure that you have
the below parameters in smb.conf though it has slight problems while
maintaining large number of users.
winbind enum users = yes
winbind enum groups = yes
This is not required if you are running "getent passwd
<username>".
--Sadique
Michael Fern?ndez M. wrote:> Hi, i want to integrate AD + Samba3 via kerberos, every works great i
> get the users and groups with wbinfo -u and wbinfo -g
> so in linux i cat set the permissions to a share using the AD's users.
> However when i try "getent passwd" I only get the system users
and not
> the AD's users... in my nsswitch.conf i have:
>
> passwd: files winbind
> group: files winbind
> shadow: files
> hosts: files dns winbind
> networks: files
>
>
> In the other hand on Windows when I try to set a permission to a share
> using I cannot set them, because i got Permission denied.
>
> The following is my smb.conf:
>
> [global]
> security = ADS
> netbios name = andromaca
> realm = domain.tld
> encrypt passwords = yes
> password server = x.x.x.x
> workgroup = domain
> idmap uid = 10000-20000
> idmap gid = 10000-20000
> ldap ssl = no
> winbind separator = +
> template homedir = /home/%D/%U
> template shell = /bin/bash
> client use spnego = yes
>
> [ol]
> comment = ol
> browseable = yes
> path = /home/ol
> public = yes
> writable = yes
>
> [lala]
> comment = lala
> browseable = yes
> path = /home/ol/lala
> public = yes
> writable = yes
>
> ------------------------------
>
> when i set the permissions on lala via linux to a specific AD user, and
> then on Windows I map that share with that user so can got it and can
> write, read, delete, etc....
>
> Anyone knows how can i do it in order to set the permissions via
> Windows?
>
> Thanks !!!!
>
> Michael.-
>
>
>