----- Mail original -----
De: "Stefan Fuhrmann" stefan@fuhrmann.homedns.org À: "centos" centos@centos.org Envoyé: Jeudi 7 Avril 2016 16:13:26 Objet: [CentOS] centos samba sssd active directory
Hello all, Im having the latest centos that should be integrated into win 2012 active directory domain. Im having Authentication running, an AD user can login via ssh, getent and id working But Im not able to get the samba shares running with AD
To make samba work with SSSD, I had to make some tuning in smb.conf :
security = ads workgroup = MYDOMAIN realm = MYDOMAIN.TLD encrypt passwords = yes passdb backend = tdbsam kerberos method = secrets and keytab
winbind enum users = yes winbind enum groups = yes winbind nested groups = yes winbind refresh tickets = yes
To use the "valid users" directive, I have to deal with the AD SIDs. You can get it by running : $ wbinfo --name-to-sid ad_user $ wbinfo --name-to-sid ad_group
The RID idmap backend doesn't work as expected. So I use the NSS backend : idmap config MYDOMAIN : backend = nss idmap config MYDOMAIN : range = 10000-99999 idmap config * : backend = tdb idmap config * : range = 100000-999999
And in /etc/nsswitch.conf : passwd: files sss shadow: files sss group: files sss
Hope this helps.
Sylvain.
Pensez ENVIRONNEMENT : n'imprimer que si ncessaire