Just adding a bit more info: Running wbinfo -t on the file server results in a successful trust secret check via RPC Running wbinfo -u on the file server returns all my AD users Running wbinfo -g on the file server returns all my AD groups Running wbinfo -p on the file server results in a successful ping to winbindd I have used the basic smb.conf on the wiki page for the file/member server, but no luck trying to set the ACL's on my shares with the command: setfacl -m g:domain_admins:rwx /data/shares/admin, it just results in error. I've tried running the command wbinfo on both the file server and domain controller and I get different results.>From the member/file server:[root at hnpmb01 ~]# wbinfo -i craig failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND Could not get info for user craig>From the domain controller:[root at hnpmb02 ~]# wbinfo -i craig craig:*:3000047:100:Craig Shone:/home/HN/craig:/bin/false It's almost as if setfacl cannot see the list of AD groups and accounts? Do I have to add the UNIX mappings on the DC if wanting to use a separate SAMBA 4 file server? Thanks Craig. From: Craig SHONE [mailto:craig.shone at gmail.com] Sent: 22 June 2015 03:06 PM To: 'samba at lists.samba.org' Subject: SAMBA4 member and file server Hi everyone Needing some advice with regards to setting up a SAMBA 4 file server in a SAMBA 4 AD domain (I come from Windows so bear with me please). I've followed the wiki guidelines and successfully setup a SAMBA4 domain controller in ESXI, created some test user accounts and joined my workstation to the domain, DNS works fine, can log in with no problem, Windows RSAT tools runs fine in creating the test user accounts, etc. DC was provisioned with --use-rfc2307. Now I'm trying to setup a separate SAMBA4 file server, have created the smb.conf as per the wiki, joined the file server to the domain and granted Domain Admins SeDiskOperatorPrivilege. Issue I'm facing is in creating shares and setting ACL's on them for Domain Admins to change the permissions via a Windows machine. Pretty sure I have to set uid and gid using the RSAT tools for the various groups and users I have created as I didn't set Domain Users to 10000 before adding more users and groups and letting SAMBA increment them automatically. Can anyone confirm if my assumption is correct and point me to the right procedure to assign what is needed so that I can set the ACL's on my file server? Thank you Craig.
Daniel Carrasco MarĂn
2015-Jun-23 09:22 UTC
[Samba] SAMBA4 separate member and file server - Update
2015-06-22 22:35 GMT+02:00 Craig SHONE <craig.shone at gmail.com>:> Just adding a bit more info: > > > > Running wbinfo -t on the file server results in a successful trust secret > check via RPC > > Running wbinfo -u on the file server returns all my AD users > > Running wbinfo -g on the file server returns all my AD groups > > Running wbinfo -p on the file server results in a successful ping to > winbindd > > > > I have used the basic smb.conf on the wiki page for the file/member server, > but no luck trying to set the ACL's on my shares with the command: setfacl > -m g:domain_admins:rwx /data/shares/admin, it just results in error. > > > > I've tried running the command wbinfo on both the file server and domain > controller and I get different results. > > > > From the member/file server: > > > > [root at hnpmb01 ~]# wbinfo -i craig > > failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND > > Could not get info for user craig > > > > From the domain controller: > > > > [root at hnpmb02 ~]# wbinfo -i craig > > craig:*:3000047:100:Craig Shone:/home/HN/craig:/bin/false > > > > It's almost as if setfacl cannot see the list of AD groups and accounts? > Do > I have to add the UNIX mappings on the DC if wanting to use a separate > SAMBA > 4 file server? > > > > Thanks > > Craig. > > > > From: Craig SHONE [mailto:craig.shone at gmail.com] > Sent: 22 June 2015 03:06 PM > To: 'samba at lists.samba.org' > Subject: SAMBA4 member and file server > > > > Hi everyone > > > > Needing some advice with regards to setting up a SAMBA 4 file server in a > SAMBA 4 AD domain (I come from Windows so bear with me please). > > > > I've followed the wiki guidelines and successfully setup a SAMBA4 domain > controller in ESXI, created some test user accounts and joined my > workstation to the domain, DNS works fine, can log in with no problem, > Windows RSAT tools runs fine in creating the test user accounts, etc. DC > was provisioned with --use-rfc2307. > > > > Now I'm trying to setup a separate SAMBA4 file server, have created the > smb.conf as per the wiki, joined the file server to the domain and granted > Domain Admins SeDiskOperatorPrivilege. > > > > Issue I'm facing is in creating shares and setting ACL's on them for Domain > Admins to change the permissions via a Windows machine. Pretty sure I > have > to set uid and gid using the RSAT tools for the various groups and users I > have created as I didn't set Domain Users to 10000 before adding more users > and groups and letting SAMBA increment them automatically. > > > > Can anyone confirm if my assumption is correct and point me to the right > procedure to assign what is needed so that I can set the ACL's on my file > server? > > > > Thank you > > Craig. > > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >Hi, - In RSAT: have you set the Unix UID for the users and/or groups in "Unix Atributes" tab? - In File Server: Have you edited the /etc/nsswitch.conf file? Greetings!!