with getfacl userprofiles appear that domain admins has no permission, and I have configured as appear in wiki profiles, but only step that I can't configure is chgrp doamin admins # getfacl /local/var/profilesad/usertest/ getfacl: Removing leading '/' from absolute path names # file: local/var/profilesad/usertest/ # owner: 20087 # group: 513 user::rwx user:20087:rwx user:3000001:rwx group::--- group:513:--- group:3000001:rwx mask::rwx other::--- default:user::rwx default:user:20087:rwx default:user:3000001:rwx default:group::--- default:group:513:--- default:group:3000001:rwx default:mask::rwx default:other::--- getent passwd and getent group in samba 4 ad dc server no result related with users and roup from samba doamin Where is the problem? 2016-07-07 11:29 GMT+02:00 Trenta sis <trenta.sis at gmail.com>:> Hi, > > Tried to add winbind in nsswtich but same result , getent group "domain > admins" without any result > > smb.conf > > # Global parameters > [global] > bind interfaces only = Yes > interfaces = lo eth0 > netbios name = dc > realm = domain.com > server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, > winbin > dd, ntp_signd, kcc, dnsupdate > workgroup = domain > server role = active directory domain controller > idmap_ldb:use rfc2307 = yes > comment > > [profilesad] > path = /local/var/profilesad > read only = No > > > I have used shares with windows acl and also posix acl > > > I have configured cifs profiles and we can create but with getfacl I have > detected that doamin users has no permission, only thing that we need is > add features to domain admins to allow access cifs profiles, with our > actual config only owner can.... > > > Where is the problem? > > Thanks > > > 2016-07-07 9:56 GMT+02:00 Trenta sis <trenta.sis at gmail.com>: > >> Hi, >> >> I have installed samba 4.4.4 and configured and works perfect, now I need >> to configure roaming profiles and reading >> https://wiki.samba.org/index.php/Shares_with_Windows_ACLs >> >> I have detected that I can't configure >> >> chgrp "Domain Admins" /srv/samba/Demo/ >> >> >> I'm creating this share on our dc, but seem that with >> # getent group "Domain Admins" >> >> any samba AD group is recovered >> >> >> >> I have found >> "If you don't get an output showing the queried name and its ID, there >> may be something wrong in your NSS configuration >> <https://wiki.samba.org/index.php?title=Name_service_switch_(NSS)&action=edit&redlink=1> or >> if you are using Winbindd with RFC2307 (idmap_ad) >> <https://wiki.samba.org/index.php/Idmap_config_ad>, you might not have >> an ID assigned (see User and group management >> <https://wiki.samba.org/index.php/User_and_group_management> for how to >> administer Unix Attributes in an AD)" >> >> but I don't know where is the problem with wbinfo we recover user and >> group but with getent not. >> >> We are making thins test on our samba doamin controller with samba 4.4.4 >> and debian jessie >> >> >> Where is the problem? >> >> Thanks >> >> >
Hi tried with: winbind enum users = Yes winbind enum groups = Yes and winbind in nsswitch but same output, no result with getent from users and groups from samba 4 ad 2016-07-07 11:40 GMT+02:00 Trenta sis <trenta.sis at gmail.com>:> with getfacl userprofiles appear that domain admins has no permission, > and I have configured as appear in wiki profiles, but only step that I > can't configure is chgrp doamin admins > > # getfacl /local/var/profilesad/usertest/ > getfacl: Removing leading '/' from absolute path names > # file: local/var/profilesad/usertest/ > # owner: 20087 > # group: 513 > user::rwx > user:20087:rwx > user:3000001:rwx > group::--- > group:513:--- > group:3000001:rwx > mask::rwx > other::--- > default:user::rwx > default:user:20087:rwx > default:user:3000001:rwx > default:group::--- > default:group:513:--- > default:group:3000001:rwx > default:mask::rwx > default:other::--- > > > getent passwd and getent group in samba 4 ad dc server no result related > with users and roup from samba doamin > > > Where is the problem? > > > > 2016-07-07 11:29 GMT+02:00 Trenta sis <trenta.sis at gmail.com>: > >> Hi, >> >> Tried to add winbind in nsswtich but same result , getent group "domain >> admins" without any result >> >> smb.conf >> >> # Global parameters >> [global] >> bind interfaces only = Yes >> interfaces = lo eth0 >> netbios name = dc >> realm = domain.com >> server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, >> winbin >> dd, ntp_signd, kcc, dnsupdate >> workgroup = domain >> server role = active directory domain controller >> idmap_ldb:use rfc2307 = yes >> comment >> >> [profilesad] >> path = /local/var/profilesad >> read only = No >> >> >> I have used shares with windows acl and also posix acl >> >> >> I have configured cifs profiles and we can create but with getfacl I have >> detected that doamin users has no permission, only thing that we need is >> add features to domain admins to allow access cifs profiles, with our >> actual config only owner can.... >> >> >> Where is the problem? >> >> Thanks >> >> >> 2016-07-07 9:56 GMT+02:00 Trenta sis <trenta.sis at gmail.com>: >> >>> Hi, >>> >>> I have installed samba 4.4.4 and configured and works perfect, now I >>> need to configure roaming profiles and reading >>> https://wiki.samba.org/index.php/Shares_with_Windows_ACLs >>> >>> I have detected that I can't configure >>> >>> chgrp "Domain Admins" /srv/samba/Demo/ >>> >>> >>> I'm creating this share on our dc, but seem that with >>> # getent group "Domain Admins" >>> >>> any samba AD group is recovered >>> >>> >>> >>> I have found >>> "If you don't get an output showing the queried name and its ID, there >>> may be something wrong in your NSS configuration >>> <https://wiki.samba.org/index.php?title=Name_service_switch_(NSS)&action=edit&redlink=1> or >>> if you are using Winbindd with RFC2307 (idmap_ad) >>> <https://wiki.samba.org/index.php/Idmap_config_ad>, you might not have >>> an ID assigned (see User and group management >>> <https://wiki.samba.org/index.php/User_and_group_management> for how to >>> administer Unix Attributes in an AD)" >>> >>> but I don't know where is the problem with wbinfo we recover user and >>> group but with getent not. >>> >>> We are making thins test on our samba doamin controller with samba 4.4.4 >>> and debian jessie >>> >>> >>> Where is the problem? >>> >>> Thanks >>> >>> >> >
Hi, compiled from sources with # ./configure # make # sudo make install 2016-07-07 12:34 GMT+02:00 Trenta sis <trenta.sis at gmail.com>:> Hi tried with: > > winbind enum users = Yes > winbind enum groups = Yes > > > and winbind in nsswitch but same output, no result with getent from users and groups from samba 4 ad > > > 2016-07-07 11:40 GMT+02:00 Trenta sis <trenta.sis at gmail.com>: > >> with getfacl userprofiles appear that domain admins has no permission, >> and I have configured as appear in wiki profiles, but only step that I >> can't configure is chgrp doamin admins >> >> # getfacl /local/var/profilesad/usertest/ >> getfacl: Removing leading '/' from absolute path names >> # file: local/var/profilesad/usertest/ >> # owner: 20087 >> # group: 513 >> user::rwx >> user:20087:rwx >> user:3000001:rwx >> group::--- >> group:513:--- >> group:3000001:rwx >> mask::rwx >> other::--- >> default:user::rwx >> default:user:20087:rwx >> default:user:3000001:rwx >> default:group::--- >> default:group:513:--- >> default:group:3000001:rwx >> default:mask::rwx >> default:other::--- >> >> >> getent passwd and getent group in samba 4 ad dc server no result related >> with users and roup from samba doamin >> >> >> Where is the problem? >> >> >> >> 2016-07-07 11:29 GMT+02:00 Trenta sis <trenta.sis at gmail.com>: >> >>> Hi, >>> >>> Tried to add winbind in nsswtich but same result , getent group "domain >>> admins" without any result >>> >>> smb.conf >>> >>> # Global parameters >>> [global] >>> bind interfaces only = Yes >>> interfaces = lo eth0 >>> netbios name = dc >>> realm = domain.com >>> server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, >>> drepl, winbin >>> dd, ntp_signd, kcc, dnsupdate >>> workgroup = domain >>> server role = active directory domain controller >>> idmap_ldb:use rfc2307 = yes >>> comment >>> >>> [profilesad] >>> path = /local/var/profilesad >>> read only = No >>> >>> >>> I have used shares with windows acl and also posix acl >>> >>> >>> I have configured cifs profiles and we can create but with getfacl I >>> have detected that doamin users has no permission, only thing that we need >>> is add features to domain admins to allow access cifs profiles, with our >>> actual config only owner can.... >>> >>> >>> Where is the problem? >>> >>> Thanks >>> >>> >>> 2016-07-07 9:56 GMT+02:00 Trenta sis <trenta.sis at gmail.com>: >>> >>>> Hi, >>>> >>>> I have installed samba 4.4.4 and configured and works perfect, now I >>>> need to configure roaming profiles and reading >>>> https://wiki.samba.org/index.php/Shares_with_Windows_ACLs >>>> >>>> I have detected that I can't configure >>>> >>>> chgrp "Domain Admins" /srv/samba/Demo/ >>>> >>>> >>>> I'm creating this share on our dc, but seem that with >>>> # getent group "Domain Admins" >>>> >>>> any samba AD group is recovered >>>> >>>> >>>> >>>> I have found >>>> "If you don't get an output showing the queried name and its ID, there >>>> may be something wrong in your NSS configuration >>>> <https://wiki.samba.org/index.php?title=Name_service_switch_(NSS)&action=edit&redlink=1> or >>>> if you are using Winbindd with RFC2307 (idmap_ad) >>>> <https://wiki.samba.org/index.php/Idmap_config_ad>, you might not have >>>> an ID assigned (see User and group management >>>> <https://wiki.samba.org/index.php/User_and_group_management> for how >>>> to administer Unix Attributes in an AD)" >>>> >>>> but I don't know where is the problem with wbinfo we recover user and >>>> group but with getent not. >>>> >>>> We are making thins test on our samba doamin controller with samba >>>> 4.4.4 and debian jessie >>>> >>>> >>>> Where is the problem? >>>> >>>> Thanks >>>> >>>> >>> >> >