Il 07/02/2016 17:07, Rowland penny ha scritto:> On 07/02/16 15:39, Alessandro Baggi wrote: >>>> >>> >>> Follow the information you will find here: >>> https://wiki.samba.org/index.php/Setup_Samba_as_an_AD_Domain_Member >>> >>> Rowland >>> >> >> Thank you Rowland for your answer. >> I've ridden this doc, correct me if I'm wrong, but It explain how to >> join a domain for workstation/fileserver/other. After configuring and >> joining the domain, winbind in nsswitch.conf permit to see other user >> on the new member machine. So if you need to set permission you can. >> >> >> >> I don't want join a DC from a file-server on separated machine, I want >> serve share-resource located on the same machine where AD DC is >> configured. >> Samba4 can serve as AD DC and file server in the same time? >> >> It is possible? >> >> >> >> > > The page is written for a domain member, but you can use some of the > info on a DC, What you will need to check is if the libnss links are > setup and if 'winbind' is in /etc/nsswitch.conf. > > You may need another file, but we will cross that bridge if and when we > come to it. > > It is not recommended to use the DC as a fileserver, but you will not be > the only one who does :-) > > What OS are you using. > > Rowland > >I'm using Centos7 but with sernet packages. How to check if libnss links are setup? I've already configure nsswitch.conf with winbind but user does not appears using getent.
Il 07/02/2016 17:18, Alessandro Baggi ha scritto:> Il 07/02/2016 17:07, Rowland penny ha scritto: >> On 07/02/16 15:39, Alessandro Baggi wrote: >>>>> >>>> >>>> Follow the information you will find here: >>>> https://wiki.samba.org/index.php/Setup_Samba_as_an_AD_Domain_Member >>>> >>>> Rowland >>>> >>> >>> Thank you Rowland for your answer. >>> I've ridden this doc, correct me if I'm wrong, but It explain how to >>> join a domain for workstation/fileserver/other. After configuring and >>> joining the domain, winbind in nsswitch.conf permit to see other user >>> on the new member machine. So if you need to set permission you can. >>> >>> >>> >>> I don't want join a DC from a file-server on separated machine, I want >>> serve share-resource located on the same machine where AD DC is >>> configured. >>> Samba4 can serve as AD DC and file server in the same time? >>> >>> It is possible? >>> >>> >>> >>> >> >> The page is written for a domain member, but you can use some of the >> info on a DC, What you will need to check is if the libnss links are >> setup and if 'winbind' is in /etc/nsswitch.conf. >> >> You may need another file, but we will cross that bridge if and when we >> come to it. >> >> It is not recommended to use the DC as a fileserver, but you will not be >> the only one who does :-) >> >> What OS are you using. >> >> Rowland >> >> > > I'm using Centos7 but with sernet packages. > > How to check if libnss links are setup? I've already configure > nsswitch.conf with winbind but user does not appears using getent.Problem found. User are seen as local user but not reported on getent passwd. Running getent passwd I get only local user Running id "domuser" I get user info Running chown domuser:somedomgr file give right permission. I don't know where there is the bug (if this is a bug).
On 07/02/16 16:18, Alessandro Baggi wrote:> Il 07/02/2016 17:07, Rowland penny ha scritto: >> On 07/02/16 15:39, Alessandro Baggi wrote: >>>>> >>>> >>>> Follow the information you will find here: >>>> https://wiki.samba.org/index.php/Setup_Samba_as_an_AD_Domain_Member >>>> >>>> Rowland >>>> >>> >>> Thank you Rowland for your answer. >>> I've ridden this doc, correct me if I'm wrong, but It explain how to >>> join a domain for workstation/fileserver/other. After configuring and >>> joining the domain, winbind in nsswitch.conf permit to see other user >>> on the new member machine. So if you need to set permission you can. >>> >>> >>> >>> I don't want join a DC from a file-server on separated machine, I want >>> serve share-resource located on the same machine where AD DC is >>> configured. >>> Samba4 can serve as AD DC and file server in the same time? >>> >>> It is possible? >>> >>> >>> >>> >> >> The page is written for a domain member, but you can use some of the >> info on a DC, What you will need to check is if the libnss links are >> setup and if 'winbind' is in /etc/nsswitch.conf. >> >> You may need another file, but we will cross that bridge if and when we >> come to it. >> >> It is not recommended to use the DC as a fileserver, but you will not be >> the only one who does :-) >> >> What OS are you using. >> >> Rowland >> >> > > I'm using Centos7 but with sernet packages. > > How to check if libnss links are setup? I've already configure > nsswitch.conf with winbind but user does not appears using getent. >The information is on the wiki page I pointed to earlier, but you may have missed the link to this page: https://wiki.samba.org/index.php/Libnss_winbind_links I use debian (well, Devuan really) and you can set up PAM by just adding a file, but my understanding is that Centos doesn't work in the same way, you have to manually set up PAM yourself or by using something called authconfig ?? I suggest you search google (other search providers are available) for how to use it. What you are trying to do is possible, you just need to get the setup correct. Rowland
Hi, authconfig is supposed to do the job of configuring PAM for you on Centos and Redhat like. https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Windows_Integration_Guide/winbind-auth.html Simple way to check if PAM is configured to use winbind: grep winbind /etc/pam.d/* If this command returns nothing or only links, that not configured. If this command returns uncommented lines, that does NOT mean PAM is well configured. Cheers, mathias 2016-02-07 19:09 GMT+01:00 Rowland penny <rpenny at samba.org>:> On 07/02/16 16:18, Alessandro Baggi wrote: > >> Il 07/02/2016 17:07, Rowland penny ha scritto: >> >>> On 07/02/16 15:39, Alessandro Baggi wrote: >>> >>>> >>>>>> >>>>> Follow the information you will find here: >>>>> https://wiki.samba.org/index.php/Setup_Samba_as_an_AD_Domain_Member >>>>> >>>>> Rowland >>>>> >>>>> >>>> Thank you Rowland for your answer. >>>> I've ridden this doc, correct me if I'm wrong, but It explain how to >>>> join a domain for workstation/fileserver/other. After configuring and >>>> joining the domain, winbind in nsswitch.conf permit to see other user >>>> on the new member machine. So if you need to set permission you can. >>>> >>>> >>>> >>>> I don't want join a DC from a file-server on separated machine, I want >>>> serve share-resource located on the same machine where AD DC is >>>> configured. >>>> Samba4 can serve as AD DC and file server in the same time? >>>> >>>> It is possible? >>>> >>>> >>>> >>>> >>>> >>> The page is written for a domain member, but you can use some of the >>> info on a DC, What you will need to check is if the libnss links are >>> setup and if 'winbind' is in /etc/nsswitch.conf. >>> >>> You may need another file, but we will cross that bridge if and when we >>> come to it. >>> >>> It is not recommended to use the DC as a fileserver, but you will not be >>> the only one who does :-) >>> >>> What OS are you using. >>> >>> Rowland >>> >>> >>> >> I'm using Centos7 but with sernet packages. >> >> How to check if libnss links are setup? I've already configure >> nsswitch.conf with winbind but user does not appears using getent. >> >> > The information is on the wiki page I pointed to earlier, but you may have > missed the link to this page: > > https://wiki.samba.org/index.php/Libnss_winbind_links > > I use debian (well, Devuan really) and you can set up PAM by just adding a > file, but my understanding is that Centos doesn't work in the same way, you > have to manually set up PAM yourself or by using something called > authconfig ?? I suggest you search google (other search providers are > available) for how to use it. > > What you are trying to do is possible, you just need to get the setup > correct. > > Rowland > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >